do not allow access to anonymised forms from frontoffice (#4665)
This commit is contained in:
parent
fae6c97f22
commit
8273aecd64
|
@ -1154,6 +1154,11 @@ class RootDirectory(AccessControlled, Directory):
|
|||
class PublicFormStatusPage(FormStatusPage):
|
||||
_q_exports = ['', 'download', 'status', 'wfedit']
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
FormStatusPage.__init__(self, *args, **kwargs)
|
||||
if self.filled.anonymised:
|
||||
raise errors.TraversalError()
|
||||
|
||||
def status(self):
|
||||
return redirect('%sbackoffice/%s/%s/' % (
|
||||
get_publisher().get_root_url(),
|
||||
|
|
Loading…
Reference in New Issue