Skip to content

Prepub checklist broken in path mode #4376

Description

@joemull

Problem

The function that processes tick marks on the prepublication checklist needs journal to be in the request, to pass security checks:

janeway/src/journal/views.py

Lines 1266 to 1281 in 14ec665

@require_POST
@editor_user_required
def publish_article_check(request, article_id):
"""
A POST only view that updates checklist items on the prepublication page.
:param request: HttpRequest object
:param article_id: Artcle object PK
:return: HttpResponse object
"""
article = get_object_or_404(
submission_models.Article,
Q(stage=submission_models.STAGE_READY_FOR_PUBLICATION) |
Q(stage=submission_models.STAGE_PUBLISHED),
pk=article_id,
journal=request.journal,
)

But the JavaScript that creates the URL only considers domain mode journals and hard-codes the POST url:

"url": "/publish/article/" + {{ article.pk }} + "/check/",

As a result, the middleware does not know what the journal is, and adds no journal onto the request object. So when the user clicks a tick mark, nothing happens, and permission denied is logged unseen on the server.

Proposed solution

Use Django url to form the URL in the JS so it works for both path and domain mode.

Metadata

Metadata

Assignees

Labels

bugSomething's not working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions