160 |
160 |
|
161 |
161 |
2- Access using tracking code :
|
162 |
162 |
|
163 |
|
All access is granted,
|
|
163 |
| sumitter / accesser | anonymous | user1 | user2 | agent1 | agent2 | admin1 |
|
|
164 |
+---------------------+-----------+-------+-------+--------+--------+--------+
|
|
165 |
| anonymous | allow | allow | allow | allow | allow | allow |
|
|
166 |
| agent1 (submiter)) | allow | allow | allow | allow | allow | allow |
|
|
167 |
| user1 | login | allow | allow | allow | allow | allow |
|
|
168 |
|
164 |
169 |
On restoring draft, the logged user become the new draft owner,
|
165 |
170 |
this affect the computed and prefill fields.
|
166 |
171 |
"""
|
... | ... | |
261 |
266 |
else:
|
262 |
267 |
assert expected in ('login', 'forbidden', 'frontoffice', 'backoffice')
|
263 |
268 |
|
264 |
|
def check_tracking_code_access(user, owner=None, new_owner=None):
|
|
269 |
def check_tracking_code_access(user, owner=None, new_owner=None,
|
|
270 |
expected='allow'):
|
265 |
271 |
"""load the formdata using the tracking code"""
|
266 |
272 |
pub.session_manager.session_class.wipe()
|
267 |
273 |
app = get_app(pub)
|
... | ... | |
272 |
278 |
resp = resp.forms[0].submit()
|
273 |
279 |
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
274 |
280 |
resp = resp.follow()
|
|
281 |
if expected == 'login':
|
|
282 |
assert resp.location == (
|
|
283 |
'http://example.net/login/?ReturnUrl='
|
|
284 |
+ 'http://example.net/test/%s') % formdata_id
|
|
285 |
return
|
275 |
286 |
assert resp.location == 'http://example.net/test/%s' % formdata_id
|
276 |
287 |
resp = resp.follow()
|
277 |
288 |
if is_draft:
|
... | ... | |
340 |
351 |
check_direct_access(users[i], expected[i])
|
341 |
352 |
|
342 |
353 |
# access to formdata using the tracking code
|
|
354 |
expected = ('login', 'allow', 'allow', 'allow', 'allow', 'allow')
|
343 |
355 |
is_draft = False # demands
|
344 |
|
for user in users:
|
|
356 |
for i in range(len(users)):
|
345 |
357 |
with submission(anonymous, is_frontoffice=True) as (tracking_code, formdata_id):
|
346 |
|
check_tracking_code_access(user, owner=anonymous)
|
|
358 |
check_tracking_code_access(users[i], owner=anonymous)
|
347 |
359 |
with submission(agent1, is_frontoffice=False) as (tracking_code, formdata_id):
|
348 |
|
check_tracking_code_access(user, owner=anonymous)
|
|
360 |
check_tracking_code_access(users[i], owner=anonymous)
|
349 |
361 |
with submission(user1, is_frontoffice=True) as (tracking_code, formdata_id):
|
350 |
|
check_tracking_code_access(user, owner=user1)
|
|
362 |
check_tracking_code_access(users[i], owner=user1, expected=expected[i])
|
351 |
363 |
|
352 |
364 |
is_draft = True # drafts
|
353 |
|
for user in users:
|
|
365 |
for i in range(len(users)):
|
|
366 |
user = users[i]
|
354 |
367 |
with submission(anonymous, is_frontoffice=True) as (tracking_code, formdata_id):
|
355 |
368 |
check_tracking_code_access(user, owner=anonymous, new_owner=user)
|
356 |
369 |
with submission(agent1, is_frontoffice=False) as (tracking_code, formdata_id):
|
357 |
370 |
check_tracking_code_access(user, owner=anonymous, new_owner=user)
|
358 |
371 |
with submission(user1, is_frontoffice=True) as (tracking_code, formdata_id):
|
359 |
|
check_tracking_code_access(user, owner=user1, new_owner=user)
|
|
372 |
check_tracking_code_access(user, owner=user1, new_owner=user, expected=expected[i])
|