wcs-trackingcode-acl.diff
wcs/formdata.py | ||
---|---|---|
19 | 19 |
import random |
20 | 20 |
import binascii |
21 | 21 | |
22 |
from quixote import get_request, get_publisher |
|
22 |
from quixote import get_request, get_publisher, get_session
|
|
23 | 23 | |
24 | 24 |
from qommon.storage import StorableObject |
25 | 25 |
import qommon.misc |
... | ... | |
320 | 320 |
return variables |
321 | 321 |
get_substitution_variables_list = classmethod(get_substitution_variables_list) |
322 | 322 | |
323 |
def is_submitter(self, user): |
|
324 |
if self.user_id and self.user_id == user.id: |
|
323 |
def tracking_code_is_present(self): |
|
324 |
session = get_session() |
|
325 |
if session and session.has_tracking_code(self.tracking_code): |
|
325 | 326 |
return True |
326 |
if self.user_hash and self.user_hash == user.hash: |
|
327 |
return False |
|
328 | ||
329 |
def is_submitter(self, user): |
|
330 |
if user: |
|
331 |
if self.user_id and self.user_id == user.id: |
|
332 |
return True |
|
333 |
if self.user_hash and self.user_hash == user.hash: |
|
334 |
return True |
|
335 |
if self.tracking_code_is_present(): |
|
327 | 336 |
return True |
328 | 337 |
return False |
329 | 338 |
wcs/formdef.py | ||
---|---|---|
624 | 624 |
def is_user_allowed_read(self, user, formdata=None): |
625 | 625 |
if self.acl_read == 'all': |
626 | 626 |
return True |
627 |
if (self.acl_read == 'owner') and formdata and formdata.tracking_code_is_present(): |
|
628 |
return True # access by tracking code |
|
627 | 629 |
if not user: |
628 | 630 |
return False |
629 | 631 |
if user.is_admin: |
wcs/forms/common.ptl | ||
---|---|---|
58 | 58 |
session = get_session() |
59 | 59 |
mine = False |
60 | 60 |
user = get_request().user |
61 |
if user: |
|
62 |
if user.anonymous: |
|
63 |
anonylink = AnonymityLink.select( |
|
64 |
lambda x: x.name_identifier == session.name_identifier and |
|
65 |
x.formdata_type == 'form' and |
|
66 |
x.formdata_def_id == self.formdef.id) |
|
67 |
if len(anonylink) == 1: |
|
68 |
mine = True |
|
69 |
elif self.filled.is_submitter(user): |
|
61 |
if self.filled.is_submitter(user): |
|
62 |
mine = True |
|
63 |
if user and user.anonymous: |
|
64 |
anonylink = AnonymityLink.select( |
|
65 |
lambda x: x.name_identifier == session.name_identifier and |
|
66 |
x.formdata_type == 'form' and |
|
67 |
x.formdata_def_id == self.formdef.id) |
|
68 |
if len(anonylink) == 1: |
|
70 | 69 |
mine = True |
71 | 70 | |
72 | 71 |
if not self.filled.formdef.is_user_allowed_read(user, self.filled): |
wcs/workflows.py | ||
---|---|---|
243 | 243 | |
244 | 244 |
evo = Evolution() |
245 | 245 |
evo.time = time.localtime() |
246 |
if user: |
|
247 |
if filled.is_submitter(user): |
|
248 |
evo.who = '_submitter' |
|
249 |
else: |
|
250 |
evo.who = user.id |
|
246 |
if filled.is_submitter(user): |
|
247 |
evo.who = '_submitter' |
|
248 |
elif user: |
|
249 |
evo.who = user.id |
|
251 | 250 |
if not filled.evolution: |
252 | 251 |
filled.evolution = [] |
253 | 252 | |
... | ... | |
261 | 260 |
break |
262 | 261 |
else: |
263 | 262 |
continue |
263 |
if not user: # (for example tracking code situation) |
|
264 |
continue |
|
264 | 265 |
role = get_role_translation(filled.formdef, role) |
265 | 266 |
if role in (user.roles or []): |
266 | 267 |
break |
... | ... | |
353 | 354 |
for role in self.by or []: |
354 | 355 |
if user and role == logged_users_role().id: |
355 | 356 |
return True |
357 |
if role == '_submitter' and formdata.tracking_code_is_present(): |
|
358 |
return True |
|
356 | 359 |
if not user: |
357 | 360 |
continue |
358 | 361 |
if role == '_submitter': |