62 |
62 |
user.store()
|
63 |
63 |
return user
|
64 |
64 |
|
|
65 |
|
|
66 |
@pytest.fixture
|
|
67 |
def admin_user():
|
|
68 |
get_publisher().user_class.wipe()
|
|
69 |
user = get_publisher().user_class()
|
|
70 |
user.name = 'John Doe Admin'
|
|
71 |
user.email = 'john.doe@example.com'
|
|
72 |
user.name_identifiers = ['0123456789']
|
|
73 |
user.is_admin = True
|
|
74 |
user.store()
|
|
75 |
return user
|
|
76 |
|
|
77 |
|
65 |
78 |
def sign_uri(uri, user=None):
|
66 |
79 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
67 |
80 |
scheme, netloc, path, params, query, fragment = urlparse.urlparse(uri)
|
... | ... | |
1097 |
1110 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=all', user=local_user))
|
1098 |
1111 |
assert len(resp.json) == 30
|
1099 |
1112 |
|
1100 |
|
def test_api_anonymized_formdata(pub, local_user):
|
|
1113 |
def test_api_anonymized_formdata(pub, local_user, admin_user):
|
1101 |
1114 |
Role.wipe()
|
1102 |
1115 |
role = Role(name='test')
|
1103 |
1116 |
role.store()
|
... | ... | |
1138 |
1151 |
if i%3 == 0:
|
1139 |
1152 |
formdata.jump_status('new')
|
1140 |
1153 |
else:
|
1141 |
|
formdata.jump_status('finished')
|
|
1154 |
evo = Evolution()
|
|
1155 |
evo.who = admin_user.id
|
|
1156 |
evo.time = time.localtime()
|
|
1157 |
evo.status = 'wf-%s' % 'finished'
|
|
1158 |
formdata.evolution.append(evo)
|
|
1159 |
formdata.status = evo.status
|
1142 |
1160 |
formdata.store()
|
1143 |
1161 |
|
1144 |
1162 |
# check access is granted even if the user has not the appropriate role
|
... | ... | |
1155 |
1173 |
assert 'status' in resp.json[0]['evolution'][0]
|
1156 |
1174 |
assert not 'who' in resp.json[0]['evolution'][0]
|
1157 |
1175 |
assert 'time' in resp.json[0]['evolution'][0]
|
|
1176 |
# check evolution made by other than _submitter are exported
|
|
1177 |
assert 'who' in resp.json[1]['evolution'][1]
|
|
1178 |
assert 'id' in resp.json[1]['evolution'][1]['who']
|
|
1179 |
assert 'email' in resp.json[1]['evolution'][1]['who']
|
|
1180 |
assert 'NameID' in resp.json[1]['evolution'][1]['who']
|
|
1181 |
assert 'name' in resp.json[1]['evolution'][1]['who']
|
1158 |
1182 |
|
1159 |
1183 |
# check access is granted event if there is no user
|
1160 |
1184 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?anonymise&full=on'))
|
... | ... | |
1171 |
1195 |
assert not 'who' in resp.json[0]['evolution'][0]
|
1172 |
1196 |
assert 'time' in resp.json[0]['evolution'][0]
|
1173 |
1197 |
# check anonymise is enforced on detail view
|
1174 |
|
resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[0]['id']))
|
|
1198 |
resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[1]['id']))
|
1175 |
1199 |
assert 'receipt_time' in resp.json
|
1176 |
1200 |
assert 'fields' in resp.json
|
1177 |
1201 |
assert 'user' not in resp.json
|
... | ... | |
1183 |
1207 |
assert 'status' in resp.json['evolution'][0]
|
1184 |
1208 |
assert not 'who' in resp.json['evolution'][0]
|
1185 |
1209 |
assert 'time' in resp.json['evolution'][0]
|
|
1210 |
# check evolution made by other than _submitter are exported
|
|
1211 |
assert 'who' in resp.json['evolution'][1]
|
|
1212 |
assert 'id' in resp.json['evolution'][1]['who']
|
|
1213 |
assert 'email' in resp.json['evolution'][1]['who']
|
|
1214 |
assert 'NameID' in resp.json['evolution'][1]['who']
|
|
1215 |
assert 'name' in resp.json['evolution'][1]['who']
|
1186 |
1216 |
|
1187 |
1217 |
def test_roles(pub, local_user):
|
1188 |
1218 |
Role.wipe()
|