0001-api-mark-restricted-formdefs-as-requiring-authentica.patch
tests/test_api.py | ||
---|---|---|
349 | 349 |
resp = get_app(pub).get('/api/formdefs/') |
350 | 350 |
assert resp.json['err'] == 0 |
351 | 351 |
assert len(resp.json['data']) == 1 |
352 |
assert resp.json['data'][0]['authentication_required'] is False |
|
352 | 353 |
# not present in backoffice-submission formdefs |
353 | 354 |
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on') |
354 | 355 |
assert resp.json['err'] == 0 |
... | ... | |
379 | 380 |
local_user.roles = [] |
380 | 381 |
local_user.store() |
381 | 382 | |
383 |
# check it's also included in anonymous/signed calls, but marked for |
|
384 |
# authentication |
|
385 |
resp = get_app(pub).get(sign_uri('/api/formdefs/')) |
|
386 |
assert resp.json['data'][0] |
|
387 |
assert resp.json['data'][0]['authentication_required'] is True |
|
388 | ||
382 | 389 |
# check it's advertised |
383 | 390 |
formdef.always_advertise = True |
384 | 391 |
formdef.store() |
wcs/api.py | ||
---|---|---|
390 | 390 |
break |
391 | 391 |
else: |
392 | 392 |
continue |
393 |
elif formdef.roles and user is None and list_all_forms: |
|
394 |
# anonymous API call, mark authentication as required |
|
395 |
authentication_required = True |
|
393 | 396 | |
394 | 397 |
formdict = {'title': unicode(formdef.name, charset), |
395 | 398 |
'slug': formdef.url_name, |
396 |
- |