diff options
| author | Étienne Loks <etienne.loks@proxience.com> | 2015-12-14 01:50:19 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@proxience.com> | 2015-12-14 01:50:19 +0100 |
| commit | 5f26fc4dca4e150df7977aa843968191a036c8ed (patch) | |
| tree | d30aecf5c723319d6b664d8204568dc65363e715 /ishtar_common/wizards.py | |
| parent | 0ca7f35ff249516d3062962b925ef096df0d8365 (diff) | |
| download | Ishtar-5f26fc4dca4e150df7977aa843968191a036c8ed.tar.bz2 Ishtar-5f26fc4dca4e150df7977aa843968191a036c8ed.zip | |
Rights management: clear properly session data when a bad item is selected
Diffstat (limited to 'ishtar_common/wizards.py')
| -rw-r--r-- | ishtar_common/wizards.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py index 222d2a5db..cc6107928 100644 --- a/ishtar_common/wizards.py +++ b/ishtar_common/wizards.py @@ -119,8 +119,9 @@ class Wizard(NamedUrlWizardView): def dispatch(self, request, *args, **kwargs): self.current_right = kwargs.get('current_right', None) + step = kwargs.get('step', None) # check that the current object is really owned by the current user - if self.current_right and '_own_' in self.current_right: + if step and self.current_right and '_own_' in self.current_right: # reinit default dispatch of a wizard - not clean... self.request = request self.session = request.session @@ -130,9 +131,10 @@ class Wizard(NamedUrlWizardView): self.steps = StepsHelper(self) current_object = self.get_current_object() - if current_object and not current_object.is_own(request.user): - main_form_key = 'selec-' + self.url_name - self.session_reset(request, main_form_key) + # not the fisrt step and current object is not owned + if self.steps and self.steps.first != step and\ + current_object and not current_object.is_own(request.user): + self.session_reset(request, self.url_name) return HttpResponseRedirect('/') return super(Wizard, self).dispatch(request, *args, **kwargs) |