fix: ensure that pages render if accessed via secret link

carlinmack · carlinmack · commit c05c5c26bdd3 · 2025-12-04T17:55:26.000+01:00
diff --git a/invenio_app_rdm/records_ui/views/records.py b/invenio_app_rdm/records_ui/views/records.py
@@ -113,6 +113,9 @@ def get_record_requests(record, identity):
     if not can_review:
         return {}
 
+    if identity.id == None:
+        return {}  # secret link users do not have permissions to search requests
+
     record_requests = current_requests_service.search(
         identity,
         extra_filter=dsl.Q(
diff --git a/invenio_app_rdm/requests_ui/templates/semantic-ui/invenio_requests/community-submission/index.html b/invenio_app_rdm/requests_ui/templates/semantic-ui/invenio_requests/community-submission/index.html
@@ -19,8 +19,15 @@
 {%- block request_header %}
   {% if is_user_dashboard %}
     {% set back_button_url = url_for("invenio_app_rdm_users.requests") %}
-  {% else %}
+  {% elif community %}
     {% set back_button_url = url_for("invenio_communities.communities_requests", pid_value=community.id) %}
+  {% else %}
+    {#
+        if you access from a secret link there is no dashboard or community
+            /access/requests/<id>?token=<token>
+        back button is not rendered if there is no URL
+    #}
+    {% set back_button_url = "" %}
   {% endif %}
   {% from "invenio_requests/macros/request_header.html" import inclusion_request_header %}
   {{ inclusion_request_header(
