diff options
| author | Étienne Loks <etienne.loks@proxience.com> | 2015-12-14 01:50:19 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@proxience.com> | 2015-12-14 01:50:19 +0100 |
| commit | 48926f80437f1e8f618271c614f57c8e20883865 (patch) | |
| tree | d30aecf5c723319d6b664d8204568dc65363e715 | |
| parent | 97e713ac49ba2bd50e846fb5fecaac2305d6c105 (diff) | |
| download | Ishtar-48926f80437f1e8f618271c614f57c8e20883865.tar.bz2 Ishtar-48926f80437f1e8f618271c614f57c8e20883865.zip | |
Rights management: clear properly session data when a bad item is selected
| -rw-r--r-- | ishtar_common/wizards.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py index 222d2a5db..cc6107928 100644 --- a/ishtar_common/wizards.py +++ b/ishtar_common/wizards.py @@ -119,8 +119,9 @@ class Wizard(NamedUrlWizardView): def dispatch(self, request, *args, **kwargs): self.current_right = kwargs.get('current_right', None) + step = kwargs.get('step', None) # check that the current object is really owned by the current user - if self.current_right and '_own_' in self.current_right: + if step and self.current_right and '_own_' in self.current_right: # reinit default dispatch of a wizard - not clean... self.request = request self.session = request.session @@ -130,9 +131,10 @@ class Wizard(NamedUrlWizardView): self.steps = StepsHelper(self) current_object = self.get_current_object() - if current_object and not current_object.is_own(request.user): - main_form_key = 'selec-' + self.url_name - self.session_reset(request, main_form_key) + # not the fisrt step and current object is not owned + if self.steps and self.steps.first != step and\ + current_object and not current_object.is_own(request.user): + self.session_reset(request, self.url_name) return HttpResponseRedirect('/') return super(Wizard, self).dispatch(request, *args, **kwargs) |