From 6d690a9d3a873d98bb0da72a2b7e860b4dc3bbd3 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Tue, 4 Feb 2025 16:19:19 +0100 Subject: 🐛 prevent bulk update when no permission is set (refs #6098) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ishtar_common/views.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'ishtar_common/views.py') diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 1f7ffede7..8d0b70b2f 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -3010,6 +3010,17 @@ class SearchQueryEdit(SearchQueryMixin, LoginRequiredMixin, FormView): return reverse("success", args=["bookmark"]) +class SuccessView(TemplateView): + template_name = "ishtar/forms/success.html" + + def get_context_data(self, **kwargs): + data = super().get_context_data(**kwargs) + msg = self.request.GET.get("message") + if msg: + data["message"] = urllib.parse.unquote(msg) + return data + + class BookmarkList( SearchQueryMixin, JSONResponseMixin, LoginRequiredMixin, TemplateView ): @@ -3251,8 +3262,11 @@ class QAItemEditForm(QAItemForm): return self.form_save(form) def form_save(self, form): - form.save(self.items, self.request.user) - return HttpResponseRedirect(reverse("success")) + message = form.save(self.items, self.request.user) + extra_args = "" + if message: + extra_args = "?message=" + urllib.parse.quote(message) + return HttpResponseRedirect(reverse("success") + extra_args) class QABaseLockView(QAItemForm): -- cgit v1.2.3