diff --git a/src/euphorie/client/browser/module.py b/src/euphorie/client/browser/module.py
index 6aef20e56..2bf99c9cd 100644
--- a/src/euphorie/client/browser/module.py
+++ b/src/euphorie/client/browser/module.py
@@ -156,7 +156,7 @@ def save_and_continue(self, module):
# In Safari browser we get a list
if isinstance(_next, list):
_next = _next.pop()
- if module.optional:
+ if module.optional and self.webhelpers.can_edit_session:
if "skip_children" in reply:
context.skip_children = reply.get("skip_children")
context.postponed = False
@@ -172,23 +172,22 @@ def save_and_continue(self, module):
return
self.request.response.redirect(self.previous_question_url)
return
- else:
- if ICustomRisksModule.providedBy(module):
- if _next == "add_custom_risk":
- self.add_custom_risk()
- notify(CustomRisksModifiedEvent(self.context))
- risk_id = self.context.children().count()
- url = "{parent_url}/{risk_id}/@@identification".format(
- parent_url=self.context.absolute_url(),
- risk_id=risk_id,
- )
- return self.request.response.redirect(url)
- else:
- # We ran out of questions, proceed to the action plan
- return self.request.response.redirect(self.next_phase_url)
- if self.next_question is None:
- # We ran out of questions, proceed to the action plan
- return self.request.response.redirect(self.next_phase_url)
+
+ if ICustomRisksModule.providedBy(module):
+ if _next == "add_custom_risk" and self.webhelpers.can_edit_session:
+ self.add_custom_risk()
+ notify(CustomRisksModifiedEvent(self.context))
+ risk_id = self.context.children().count()
+ url = "{parent_url}/{risk_id}/@@identification".format(
+ parent_url=self.context.absolute_url(),
+ risk_id=risk_id,
+ )
+ return self.request.response.redirect(url)
+ # We ran out of questions, proceed to the action plan
+ return self.request.response.redirect(self.next_phase_url)
+ if self.next_question is None:
+ # We ran out of questions, proceed to the action plan
+ return self.request.response.redirect(self.next_phase_url)
self.request.response.redirect(self.next_question_url)
diff --git a/src/euphorie/client/browser/risk.py b/src/euphorie/client/browser/risk.py
index 9d31365cd..14a00cf29 100644
--- a/src/euphorie/client/browser/risk.py
+++ b/src/euphorie/client/browser/risk.py
@@ -523,6 +523,8 @@ def __call__(self):
if self.request.method == "POST":
reply = self.request.form
+ if not self.webhelpers.can_edit_session:
+ return self.proceed_to_next(reply)
_next = self._get_next(reply)
# Don't persist anything if the user skipped the question
if _next == "skip":
diff --git a/src/euphorie/client/browser/templates/risk_identification.pt b/src/euphorie/client/browser/templates/risk_identification.pt
index 909c4df24..df7062eed 100644
--- a/src/euphorie/client/browser/templates/risk_identification.pt
+++ b/src/euphorie/client/browser/templates/risk_identification.pt
@@ -120,12 +120,14 @@
name="next"
type="submit"
value="next"
+ tal:condition="webhelpers/can_edit_session"
i18n:translate="label_save_and_continue"
>Save and continue