Projet

Général

Profil

0002-api-check-status-visibility-with-get_user_from_api_q.patch

Benjamin Dauvergne, 09 janvier 2019 15:41

Télécharger (3,64 ko)

Voir les différences: 

Subject: [PATCH 2/2] api: check status visibility with
 get_user_from_api_query_string() (fixes #29588)


 wcs/api.py                   |  2 +-
 wcs/backoffice/management.py |  2 +-
 wcs/formdata.py              | 12 ++++++------
 3 files changed, 8 insertions(+), 8 deletions(-)
wcs/api.py
102 102 

  		




  103
  103
  
    
    d.update(formdata.get_static_substitution_variables(minimal=True))

  		




  104
  104
  
    
    if get_request().form.get('full') == 'on':

  		




  105
  
  
    
        d.update(formdata.get_json_export_dict(include_files=False))

  		




  
  105
  
    
        d.update(formdata.get_json_export_dict(include_files=False, user=user))

  		




  106
  106
  
    
    return d

  		




  107
  107
  
    

  		




  108
  108
  
    

  		












  

    
      wcs/backoffice/management.py
    
  





  1626
  1626
  
    
        if get_publisher().is_using_postgresql():

  		




  1627
  1627
  
    
            self.formdef.data_class().load_all_evolutions(items)

  		




  1628
  1628
  
    
        if get_request().form.get('full') == 'on':

  		




  1629
  
  
    
            output = [filled.get_json_export_dict(include_files=False, anonymise=anonymise)

  		




  
  1629
  
    
            output = [filled.get_json_export_dict(include_files=False, anonymise=anonymise, user=user)

  		




  1630
  1630
  
    
                      for filled in items]

  		




  1631
  1631
  
    
        else:

  		




  1632
  1632
  
    
            output = [{'id': filled.id,

  		












  

    
      wcs/formdata.py
    
  





  230
  230
  
    
        status = self.get_status()

  		




  231
  231
  
    
        return status.name if status else _('Unknown')

  		




  232
  232
  
    

  		




  233
  
  
    
    def is_hidden(self):

  		




  
  233
  
    
    def is_hidden(self, user=None):

  		




  234
  234
  
    
        status = self.get_status()

  		




  235
  235
  
    
        if status:

  		




  236
  
  
    
            return not status.is_visible(self.formdata, get_request().user)

  		




  
  236
  
    
            return not status.is_visible(self.formdata, user or get_request().user)

  		




  237
  237
  
    
        return True

  		




  238
  238
  
    

  		




  239
  239
  
    

  		




  ......




  509
  509
  
    
            return wf_status

  		




  510
  510
  
    
        return None

  		




  511
  511
  
    

  		




  512
  
  
    
    def get_visible_evolution_parts(self):

  		




  
  512
  
    
    def get_visible_evolution_parts(self, user=None):

  		




  513
  513
  
    
        last_seen_status = None

  		




  514
  514
  
    
        last_seen_author = None

  		




  515
  515
  
    
        for evolution_part in self.evolution or []:

  		




  516
  
  
    
            if evolution_part.is_hidden():

  		




  
  516
  
    
            if evolution_part.is_hidden(user=user):

  		




  517
  517
  
    
                continue

  		




  518
  518
  
    
            if (evolution_part.status is None or last_seen_status == evolution_part.status) and (

  		




  519
  519
  
    
                    evolution_part.who is None or last_seen_author == evolution_part.who):

  		




  ......




  942
  942
  
    
                'name': self.formdef.name,

  		




  943
  943
  
    
                'id': self.get_display_id()}

  		




  944
  944
  
    

  		




  945
  
  
    
    def get_json_export_dict(self, include_files=True, anonymise=False):

  		




  
  945
  
    
    def get_json_export_dict(self, include_files=True, anonymise=False, user=None):

  		




  946
  946
  
    
        data = {}

  		




  947
  947
  
    
        data['id'] = '%s/%s' % (self.formdef.url_name, self.id)

  		




  948
  948
  
    
        data['display_id'] = self.get_display_id()

  		




  ......




  964
  964
  
    
                include_files=include_files, anonymise=anonymise)

  		




  965
  965
  
    

  		




  966
  966
  
    
        data['workflow'] = {}

  		




  967
  
  
    
        wf_status = self.get_visible_status()

  		




  
  967
  
    
        wf_status = self.get_visible_status(user)

  		




  968
  968
  
    
        if wf_status:

  		




  969
  969
  
    
            data['workflow']['status'] = {'id': wf_status.id, 'name': wf_status.name}

  		




  970
  970
  
    
        # Workflow data have unknown purpose, do not store them in anonymised export

  		




  971
  
  
    
-