0001-api-limit-forms-sent-to-admin-when-backoffice-submis.patch

Frédéric Péters, 09 août 2018 22:25

Voir les différences: en ligne côte à côte

Subject: [PATCH] api: limit forms sent to admin when backoffice submission is
 requested (#25626)

 tests/test_api.py | 13 ++++++++++++-
 wcs/api.py        | 13 +++++++------
 2 files changed, 19 insertions(+), 7 deletions(-)

         assert resp1.json['data'][0]['redirection'] == True
         assert 'count' not in resp1.json['data'][0]
     def test_backoffice_submission_formdef_list(pub, local_user):
     def test_backoffice_submission_formdef_list(pub, admin_user, local_user):
         Role.wipe()
         role = Role(name='Foo bar')
         role.id = '14'
-...
         formdef.fields = []
         formdef.store()
         formdef2 = FormDef()
         formdef2.name = 'ignore me'
         formdef2.fields = []
         formdef2.store()
         resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
         assert resp.json['err'] == 0
         assert len(resp.json['data']) == 0
-...
         assert resp.json['err'] == 0
         assert len(resp.json['data']) == 0
         # ... unless user is admin
         resp = get_app(pub).get(sign_uri('/api/formdefs/?backoffice-submission=on&NameID=%s' %
                                          admin_user.name_identifiers[0]))
         assert resp.json['err'] == 0
         assert len(resp.json['data']) == 1
         # ... unless user has correct roles
         local_user.roles = [role.id]
         local_user.store()

                             if not formdef.always_advertise:
                                 continue
                             authentication_required = True
                 elif backoffice_submission and not list_all_forms:
                 elif backoffice_submission:
                     if not formdef.backoffice_submission_roles:
                         continue
                     for role in user.roles or []:
                         if role in formdef.backoffice_submission_roles:
                             break
                     else:
                         continue
                     if list_all_forms:
                         for role in user.roles or []:
                             if role in formdef.backoffice_submission_roles:
                                 break
                         else:
                             continue
                 elif formdef.roles and user is None and list_all_forms:
                     # anonymous API call, mark authentication as required
                     authentication_required = True
+    -

Produits Entr'ouvert » w.c.s.