From c40a58713a9fdf1888d8f06a11cc26d78b2d0e4d Mon Sep 17 00:00:00 2001
From: magicfelix <felix@felix-zauberer.de>
Date: Tue, 14 Mar 2023 20:57:34 +0100
Subject: [PATCH] Redirect back to timetable after substitution entering

---
 .../chronos/templates/chronos/partials/lesson.html    |  2 +-
 aleksis/apps/chronos/views.py                         | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/aleksis/apps/chronos/templates/chronos/partials/lesson.html b/aleksis/apps/chronos/templates/chronos/partials/lesson.html
index 12d541ec..3c25fa5e 100644
--- a/aleksis/apps/chronos/templates/chronos/partials/lesson.html
+++ b/aleksis/apps/chronos/templates/chronos/partials/lesson.html
@@ -104,7 +104,7 @@
     {% has_perm "chronos.edit_substitution_rule" user as can_edit_substitution %}
     {% if can_edit_substitution %}
       <br>
-      <span><a href="{% url "edit_substitution" lesson_period.pk lesson_period.week.week %}">{% trans "Manage substitution" %}</a></span>
+      <span><a href="{% url "edit_substitution" lesson_period.pk lesson_period.week.week %}?back={{ request.path }}">{% trans "Manage substitution" %}</a></span>
     {% endif %}
   </p>
 </div>
diff --git a/aleksis/apps/chronos/views.py b/aleksis/apps/chronos/views.py
index f73c0791..ce272a71 100644
--- a/aleksis/apps/chronos/views.py
+++ b/aleksis/apps/chronos/views.py
@@ -7,6 +7,7 @@ from django.http import HttpRequest, HttpResponse, HttpResponseNotFound
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
 from django.utils import timezone
+from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.translation import gettext as _
 from django.views.decorators.cache import never_cache
 
@@ -301,6 +302,16 @@ def edit_substitution(request: HttpRequest, id_: int, week: int) -> HttpResponse
 
                 messages.success(request, _("The substitution has been saved."))
 
+            back_url = request.GET.get("back", "")
+            back_url_is_safe = url_has_allowed_host_and_scheme(
+                url=back_url,
+                allowed_hosts={request.get_host()},
+                require_https=request.is_secure(),
+            )
+
+            if back_url_is_safe:
+                return redirect(back_url)
+
             return redirect("lessons_day_by_date", year=day.year, month=day.month, day=day.day)
 
     context["edit_substitution_form"] = edit_substitution_form
-- 
GitLab