Tags app: Add explicit post action redirect for the tag attach and tag remove actions when working on a single document.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>

HISTORY.rst

@@ -1,8 +1,10 @@
 3.0.3 (2018-08-17)
 ==================
-- Add explicit casting of escaped tag labels to prevent exploit
+- Tags app: Add explicit casting of escaped tag labels to prevent exploit
   of cross site scripting. Thanks to Lokesh (@lokesh1095) for
   the report and proposed solutions. Closes GitLab issue #496.
+- Tags app: Add explicit post action redirect for the tag attach and 
+  tag remove actions when working on a single document.
 
 3.0.2 (2018-08-16)
 ==================

docs/releases/3.0.3.rst

@@ -0,0 +1,79 @@
+===============================
+Mayan EDMS v3.0.3 release notes
+===============================
+
+Released: August 17, 2018
+
+What's new
+==========
+
+Program code
+------------
+- Tags app: Add explicit post action redirect for the tag attach and
+  tag remove actions when working on a single document.
+
+Security
+--------
+- Tags app: Add explicit casting of escaped tag labels to prevent exploit
+  of cross site scripting. Thanks to Lokesh (@lokesh1095) for
+  the report and proposed solutions. Closes GitLab issue #496.
+
+Removals
+--------
+- None
+
+Upgrading from a previous version
+---------------------------------
+
+
+Using PIP
+~~~~~~~~~
+
+Type in the console::
+
+    $ pip install mayan-edms==3.0.3
+
+the requirements will also be updated automatically.
+
+
+Using Git
+~~~~~~~~~
+
+If you installed Mayan EDMS by cloning the Git repository issue the commands::
+
+    $ git reset --hard HEAD
+    $ git pull
+
+otherwise download the compressed archived and uncompress it overriding the
+existing installation.
+
+Next upgrade/add the new requirements::
+
+    $ pip install --upgrade -r requirements.txt
+
+
+Common steps
+~~~~~~~~~~~~
+
+Migrate existing database schema with::
+
+    $ mayan-edms.py performupgrade
+
+Add new static media::
+
+    $ mayan-edms.py collectstatic --noinput
+
+The upgrade procedure is now complete.
+
+
+Backward incompatible changes
+=============================
+
+* None
+
+Bugs fixed or issues closed
+===========================
+
+* `GitLab issue #496 <https://gitlab.com/mayan-edms/mayan-edms/issues/496>`_ Persistent Cross Site Scripting
+
+.. _PyPI: https://pypi.python.org/pypi/mayan-edms/

docs/releases/index.rst

@@ -22,6 +22,7 @@ versions of the documentation contain the release notes for any later releases.
 .. toctree::
    :maxdepth: 1
 
+   3.0.3
    3.0.2
    3.0.1
    3.0

mayan/apps/tags/views.py

@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
 import logging
 
 from django.contrib import messages
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, reverse
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext_lazy as _, ungettext
 
@@ -77,6 +77,13 @@ class TagAttachActionView(MultipleObjectFormActionView):
 
         return result
 
+    def get_post_action_redirect(self):
+        queryset = self.get_queryset()
+        if queryset.count() == 1:
+            return reverse('tags:document_tags', args=(queryset.first().pk,))
+        else:
+            return super(TagAttachActionView, self).get_post_action_redirect()
+
     def object_action(self, form, instance):
         attached_tags = instance.attached_tags()
 
@@ -291,6 +298,13 @@ class TagRemoveActionView(MultipleObjectFormActionView):
 
         return result
 
+    def get_post_action_redirect(self):
+        queryset = self.get_queryset()
+        if queryset.count() == 1:
+            return reverse('tags:document_tags', args=(queryset.first().pk,))
+        else:
+            return super(TagRemoveActionView, self).get_post_action_redirect()
+
     def object_action(self, form, instance):
         attached_tags = instance.attached_tags()