|
1 | 1 | <script type="text/javascript" nonce="<%=scriptNonce%>"> |
2 | 2 | (function($, LABKEY) { |
3 | 3 | $(function(){ |
4 | | - if (!LABKEY.Security.currentUser.isAdmin) { |
5 | | - var ctx = LABKEY.getModuleContext('mgap') || {}; |
6 | | - var folder = ctx['MGAPContainer']; |
7 | | - if (folder) { |
8 | | - var el = $('#returnUrl'); |
9 | | - el.attr('value', LABKEY.ActionURL.buildURL('project', 'start', folder)); |
| 4 | + // The intent of this block is to test whether the returnUrl is pointing to the same folder as the main mGAP project |
| 5 | + // If true, always respect that. |
| 6 | + // If the user is an admin, allow returnUrls to a different folder |
| 7 | + // Otherwise, always point the user to the home page of the mGAP folder |
| 8 | + var ctx = LABKEY.getModuleContext('mgap') || {}; |
| 9 | + var mgapFolder = ctx['MGAPContainer']; |
| 10 | + if (mgapFolder) { |
| 11 | + var returnUrl = LABKEY.ActionURL.getParameter('returnUrl') |
| 12 | + if (returnUrl) { |
| 13 | + returnUrl = decodeURIComponent(returnUrl) |
| 14 | + |
| 15 | + var containerPath = LABKEY.ActionURL.getContainerName(returnUrl).toLowerCase() |
| 16 | + mgapFolder = mgapFolder.replaceAll('/', '').toLowerCase() |
| 17 | + if (LABKEY.Security.currentUser.isAdmin || containerPath === mgapFolder) { |
| 18 | + $('#returnUrl').attr('value', returnUrl); |
| 19 | + } else { |
| 20 | + $('#returnUrl').attr('value', LABKEY.ActionURL.buildURL('project', 'start', mgapFolder)); |
| 21 | + } |
10 | 22 | } |
11 | 23 | } |
| 24 | + else { |
| 25 | + // Ignore the returnUrl in this case, since we cant tell whether it's from the expected project: |
| 26 | + $('#returnUrl').attr('value', LABKEY.ActionURL.buildURL('project', 'start', 'home')); |
| 27 | + } |
12 | 28 | }); |
13 | 29 | }(jQuery, LABKEY)); |
14 | 30 |
|
|
0 commit comments