[FIX] survery: access rights for invitations
When building a new suvery, and sending invitation trough private emails, it wasn't possible to fill the survey from the link sent if you were not logged as the user who sent the invitation, or as a survey manager opw-644210 Fixes #7486
This commit is contained in:
parent
5fcad55000
commit
812318dcba
|
@ -105,11 +105,11 @@ class WebsiteSurvey(http.Controller):
|
|||
user_input = user_input_obj.browse(cr, uid, [user_input_id], context=context)[0]
|
||||
else:
|
||||
try:
|
||||
user_input_id = user_input_obj.search(cr, uid, [('token', '=', token)], context=context)[0]
|
||||
user_input_id = user_input_obj.search(cr, SUPERUSER_ID, [('token', '=', token)], context=context)[0]
|
||||
except IndexError: # Invalid token
|
||||
return request.website.render("website.403")
|
||||
else:
|
||||
user_input = user_input_obj.browse(cr, uid, [user_input_id], context=context)[0]
|
||||
user_input = user_input_obj.browse(cr, SUPERUSER_ID, [user_input_id], context=context)[0]
|
||||
|
||||
# Do not open expired survey
|
||||
errpage = self._check_deadline(cr, uid, user_input, context=context)
|
||||
|
@ -140,11 +140,11 @@ class WebsiteSurvey(http.Controller):
|
|||
|
||||
# Load the user_input
|
||||
try:
|
||||
user_input_id = user_input_obj.search(cr, uid, [('token', '=', token)])[0]
|
||||
user_input_id = user_input_obj.search(cr, SUPERUSER_ID, [('token', '=', token)])[0]
|
||||
except IndexError: # Invalid token
|
||||
return request.website.render("website.403")
|
||||
else:
|
||||
user_input = user_input_obj.browse(cr, uid, [user_input_id], context=context)[0]
|
||||
user_input = user_input_obj.browse(cr, SUPERUSER_ID, [user_input_id], context=context)[0]
|
||||
|
||||
# Do not display expired survey (even if some pages have already been
|
||||
# displayed -- There's a time for everything!)
|
||||
|
@ -189,9 +189,9 @@ class WebsiteSurvey(http.Controller):
|
|||
|
||||
# Fetch previous answers
|
||||
if page:
|
||||
ids = user_input_line_obj.search(cr, uid, [('user_input_id.token', '=', token), ('page_id', '=', page.id)], context=context)
|
||||
ids = user_input_line_obj.search(cr, SUPERUSER_ID, [('user_input_id.token', '=', token), ('page_id', '=', page.id)], context=context)
|
||||
else:
|
||||
ids = user_input_line_obj.search(cr, uid, [('user_input_id.token', '=', token)], context=context)
|
||||
ids = user_input_line_obj.search(cr, SUPERUSER_ID, [('user_input_id.token', '=', token)], context=context)
|
||||
previous_answers = user_input_line_obj.browse(cr, uid, ids, context=context)
|
||||
|
||||
# Return non empty answers in a JSON compatible format
|
||||
|
@ -231,7 +231,7 @@ class WebsiteSurvey(http.Controller):
|
|||
ret = {}
|
||||
|
||||
# Fetch answers
|
||||
ids = user_input_line_obj.search(cr, uid, [('user_input_id.token', '=', token)], context=context)
|
||||
ids = user_input_line_obj.search(cr, SUPERUSER_ID, [('user_input_id.token', '=', token)], context=context)
|
||||
previous_answers = user_input_line_obj.browse(cr, uid, ids, context=context)
|
||||
|
||||
# Compute score for each question
|
||||
|
@ -268,14 +268,15 @@ class WebsiteSurvey(http.Controller):
|
|||
|
||||
user_input_line_obj = request.registry['survey.user_input_line']
|
||||
try:
|
||||
user_input_id = user_input_obj.search(cr, uid, [('token', '=', post['token'])], context=context)[0]
|
||||
user_input_id = user_input_obj.search(cr, SUPERUSER_ID, [('token', '=', post['token'])], context=context)[0]
|
||||
except KeyError: # Invalid token
|
||||
return request.website.render("website.403")
|
||||
user_input = user_input_obj.browse(cr, SUPERUSER_ID, user_input_id, context=context)
|
||||
user_id = uid if user_input.type != 'link' else SUPERUSER_ID
|
||||
for question in questions:
|
||||
answer_tag = "%s_%s_%s" % (survey.id, page_id, question.id)
|
||||
user_input_line_obj.save_lines(cr, uid, user_input_id, question, post, answer_tag, context=context)
|
||||
user_input_line_obj.save_lines(cr, user_id, user_input_id, question, post, answer_tag, context=context)
|
||||
|
||||
user_input = user_input_obj.browse(cr, uid, user_input_id, context=context)
|
||||
go_back = post['button_submit'] == 'previous'
|
||||
next_page, _, last = survey_obj.next_page(cr, uid, user_input, page_id, go_back=go_back, context=context)
|
||||
vals = {'last_displayed_page_id': page_id}
|
||||
|
@ -283,7 +284,7 @@ class WebsiteSurvey(http.Controller):
|
|||
vals.update({'state': 'done'})
|
||||
else:
|
||||
vals.update({'state': 'skip'})
|
||||
user_input_obj.write(cr, uid, user_input_id, vals, context=context)
|
||||
user_input_obj.write(cr, user_id, user_input_id, vals, context=context)
|
||||
ret['redirect'] = '/survey/fill/%s/%s' % (survey.id, post['token'])
|
||||
if go_back:
|
||||
ret['redirect'] += '/prev'
|
||||
|
|
Loading…
Reference in New Issue