Making a view inaccessible directly

I created a form which uses session data to check whether or not a step in a multi-part form is accessible.
In another form I don't use any session storage although I redirect to a confirmation / success page after the form is sent... My question is related to that exactly, is it possible for a view to accessible only when the user is redirected from a specific URL or page. I don't want them to be able to see the success page unless the form is submitted and I don't want to use session storage.

You could check the came_from param in the request, use a URL param or hidden form field. Or if the URL of the success page is not relevant, don't redirect but render a different template in the same view, like this:

class ContactForm(AutoExtensibleForm, form.Form):
    """A contact form."""

    schema = IContactForm
    ignoreContext = True
    thank_you = False
    template_thank_you = ViewPageTemplateFile('templates/')

    def render(self):
        if self.thank_you:
            return self.template_thank_you()
        return super(ContactForm, self).render()

    def handle_send(self, action):
        data, errors = self.extractData()
        if errors:
            self.status = self.formErrorsMessage
        if self.send_email(data):
            self.thank_you = True
1 Like

Thank you for the example! Also, is there a way to prevent the form from be resubmitted once the success / thank you page is displayed..?

Well, once the thank you page is rendered, there is no form and so are no form fields. So it can not be re-submitted with a reload of the page (a reload will actually show the empty form again).

1 Like

Hmmm, strange... I'm getting the same issue as described here...

Maybe the issue is that I'm not using an AutoExtensibleForm but a BrowserView which returns a template, I then want to redirect the user to the success template after they make a submission.

Any ideas, thanks for the help!

Plone Foundation Code of Conduct