0001-api-check-status-visibility-against-authenticated-AP.patch
tests/test_api.py | ||
---|---|---|
1480 | 1480 |
formdata.just_created() |
1481 | 1481 |
if i%3 == 0: |
1482 | 1482 |
formdata.jump_status('new') |
1483 |
elif i%3 == 1: |
|
1484 |
formdata.jump_status('just_submitted') |
|
1483 | 1485 |
else: |
1484 | 1486 |
formdata.jump_status('finished') |
1485 | 1487 |
if i%7 == 0: |
... | ... | |
1514 | 1516 |
assert 'time' in resp.json[0]['evolution'][0] |
1515 | 1517 |
assert resp.json[0]['evolution'][0]['who']['id'] == local_user.id |
1516 | 1518 | |
1519 |
assert all('status' in x['workflow'] for x in resp.json) |
|
1517 | 1520 |
assert [x for x in resp.json if x['fields']['foobar'] == 'FOO BAR 0'][0]['submission']['backoffice'] is True |
1518 | 1521 |
assert [x for x in resp.json if x['fields']['foobar'] == 'FOO BAR 0'][0]['submission']['channel'] == 'mail' |
1519 | 1522 |
assert [x for x in resp.json if x['fields']['foobar'] == 'FOO BAR 1'][0]['submission']['backoffice'] is False |
... | ... | |
1529 | 1532 | |
1530 | 1533 |
# check filter on status |
1531 | 1534 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=pending', user=local_user)) |
1532 |
assert len(resp.json) == 10 |
|
1533 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=done', user=local_user)) |
|
1534 | 1535 |
assert len(resp.json) == 20 |
1536 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=done', user=local_user)) |
|
1537 |
assert len(resp.json) == 10 |
|
1535 | 1538 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=all', user=local_user)) |
1536 | 1539 |
assert len(resp.json) == 30 |
1537 | 1540 |
wcs/api.py | ||
---|---|---|
102 | 102 | |
103 | 103 |
d.update(formdata.get_static_substitution_variables(minimal=True)) |
104 | 104 |
if get_request().form.get('full') == 'on': |
105 |
d.update(formdata.get_json_export_dict(include_files=False)) |
|
105 |
d.update(formdata.get_json_export_dict(include_files=False, user=user))
|
|
106 | 106 |
return d |
107 | 107 | |
108 | 108 |
wcs/backoffice/management.py | ||
---|---|---|
1627 | 1627 |
if get_publisher().is_using_postgresql(): |
1628 | 1628 |
self.formdef.data_class().load_all_evolutions(items) |
1629 | 1629 |
if get_request().form.get('full') == 'on': |
1630 |
output = [filled.get_json_export_dict(include_files=False, anonymise=anonymise) |
|
1630 |
output = [filled.get_json_export_dict(include_files=False, anonymise=anonymise, user=user)
|
|
1631 | 1631 |
for filled in items] |
1632 | 1632 |
else: |
1633 | 1633 |
output = [{'id': filled.id, |
wcs/formdata.py | ||
---|---|---|
230 | 230 |
status = self.get_status() |
231 | 231 |
return status.name if status else _('Unknown') |
232 | 232 | |
233 |
def is_hidden(self): |
|
233 |
def is_hidden(self, user=None):
|
|
234 | 234 |
status = self.get_status() |
235 | 235 |
if status: |
236 |
return not status.is_visible(self.formdata, get_request().user) |
|
236 |
return not status.is_visible(self.formdata, user or get_request().user)
|
|
237 | 237 |
return True |
238 | 238 | |
239 | 239 | |
... | ... | |
509 | 509 |
return wf_status |
510 | 510 |
return None |
511 | 511 | |
512 |
def get_visible_evolution_parts(self): |
|
512 |
def get_visible_evolution_parts(self, user=None):
|
|
513 | 513 |
last_seen_status = None |
514 | 514 |
last_seen_author = None |
515 | 515 |
for evolution_part in self.evolution or []: |
516 |
if evolution_part.is_hidden(): |
|
516 |
if evolution_part.is_hidden(user=user):
|
|
517 | 517 |
continue |
518 | 518 |
if (evolution_part.status is None or last_seen_status == evolution_part.status) and ( |
519 | 519 |
evolution_part.who is None or last_seen_author == evolution_part.who): |
... | ... | |
944 | 944 |
'name': self.formdef.name, |
945 | 945 |
'id': self.get_display_id()} |
946 | 946 | |
947 |
def get_json_export_dict(self, include_files=True, anonymise=False): |
|
947 |
def get_json_export_dict(self, include_files=True, anonymise=False, user=None):
|
|
948 | 948 |
data = {} |
949 | 949 |
data['id'] = str(self.id) |
950 | 950 |
data['display_id'] = self.get_display_id() |
... | ... | |
966 | 966 |
include_files=include_files, anonymise=anonymise) |
967 | 967 | |
968 | 968 |
data['workflow'] = {} |
969 |
wf_status = self.get_visible_status() |
|
969 |
wf_status = self.get_visible_status(user)
|
|
970 | 970 |
if wf_status: |
971 | 971 |
data['workflow']['status'] = {'id': wf_status.id, 'name': wf_status.name} |
972 | 972 |
# Workflow data have unknown purpose, do not store them in anonymised export |
973 |
- |