Skip to content
Snippets Groups Projects
Verified Commit c40a5871 authored by magicfelix's avatar magicfelix
Browse files

Redirect back to timetable after substitution entering

parent 6c609176
No related tags found
No related merge requests found
Pipeline #117507 passed with warnings
......@@ -104,7 +104,7 @@
{% has_perm "chronos.edit_substitution_rule" user as can_edit_substitution %}
{% if can_edit_substitution %}
<br>
<span><a href="{% url "edit_substitution" lesson_period.pk lesson_period.week.week %}">{% trans "Manage substitution" %}</a></span>
<span><a href="{% url "edit_substitution" lesson_period.pk lesson_period.week.week %}?back={{ request.path }}">{% trans "Manage substitution" %}</a></span>
{% endif %}
</p>
</div>
......@@ -7,6 +7,7 @@ from django.http import HttpRequest, HttpResponse, HttpResponseNotFound
from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse
from django.utils import timezone
from django.utils.http import url_has_allowed_host_and_scheme
from django.utils.translation import gettext as _
from django.views.decorators.cache import never_cache
......@@ -301,6 +302,16 @@ def edit_substitution(request: HttpRequest, id_: int, week: int) -> HttpResponse
messages.success(request, _("The substitution has been saved."))
back_url = request.GET.get("back", "")
back_url_is_safe = url_has_allowed_host_and_scheme(
url=back_url,
allowed_hosts={request.get_host()},
require_https=request.is_secure(),
)
if back_url_is_safe:
return redirect(back_url)
return redirect("lessons_day_by_date", year=day.year, month=day.month, day=day.day)
context["edit_substitution_form"] = edit_substitution_form
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment