0001-api-mark-restricted-formdefs-as-requiring-authentica.patch
| tests/test_api.py | ||
|---|---|---|
| 349 | 349 |
resp = get_app(pub).get('/api/formdefs/')
|
| 350 | 350 |
assert resp.json['err'] == 0 |
| 351 | 351 |
assert len(resp.json['data']) == 1 |
| 352 |
assert resp.json['data'][0]['authentication_required'] is False |
|
| 352 | 353 |
# not present in backoffice-submission formdefs |
| 353 | 354 |
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
| 354 | 355 |
assert resp.json['err'] == 0 |
| ... | ... | |
| 379 | 380 |
local_user.roles = [] |
| 380 | 381 |
local_user.store() |
| 381 | 382 | |
| 383 |
# check it's also included in anonymous/signed calls, but marked for |
|
| 384 |
# authentication |
|
| 385 |
resp = get_app(pub).get(sign_uri('/api/formdefs/'))
|
|
| 386 |
assert resp.json['data'][0] |
|
| 387 |
assert resp.json['data'][0]['authentication_required'] is True |
|
| 388 | ||
| 382 | 389 |
# check it's advertised |
| 383 | 390 |
formdef.always_advertise = True |
| 384 | 391 |
formdef.store() |
| wcs/api.py | ||
|---|---|---|
| 390 | 390 |
break |
| 391 | 391 |
else: |
| 392 | 392 |
continue |
| 393 |
elif formdef.roles and user is None and list_all_forms: |
|
| 394 |
# anonymous API call, mark authentication as required |
|
| 395 |
authentication_required = True |
|
| 393 | 396 | |
| 394 | 397 |
formdict = {'title': unicode(formdef.name, charset),
|
| 395 | 398 |
'slug': formdef.url_name, |
| 396 |
- |
|