183 |
183 |
| agent1 (submiter) | login | deny | deny | deny | back | back |
|
184 |
184 |
| user1 | login | allow | deny | deny | back | back |
|
185 |
185 |
|
186 |
|
2- New user on prefill fields when accessing using tracking code :
|
|
186 |
2- Access using tracking code :
|
|
187 |
|
|
188 |
| sumitter / accesser | anonymous | user1 | user2 | agent1 | agent2 | admin1 |
|
|
189 |
+---------------------+-----------+-------+-------+--------+--------+--------+
|
|
190 |
| anonymous | allow | allow | allow | allow | allow | allow |
|
|
191 |
| agent1 (submiter)) | allow | allow | allow | allow | allow | allow |
|
|
192 |
| user1 | login | allow | allow | allow | allow | allow |
|
|
193 |
|
|
194 |
3- New user on prefill fields when accessing using tracking code :
|
187 |
195 |
a- Drafts
|
188 |
196 |
|
189 |
197 |
| sumitter / accesser | anonymous | user1 | user2 | agent1 | agent2 | admin1 |
|
190 |
198 |
+---------------------+-----------+-------+-------+--------+--------+--------+
|
191 |
199 |
| anonymous | anonymous | user1 | user2 | agent1 | agent2 | admin |
|
192 |
200 |
| agent1 (submiter) | anonymous | user1 | user2 | agent1 | agent2 | admin |
|
193 |
|
| user1 | anonymous | user1 | user2 | agent1 | agent2 | admin |
|
|
201 |
| user1 | | user1 | user2 | agent1 | agent2 | admin |
|
194 |
202 |
|
195 |
203 |
b- Demands (evolving into Workflows forms)
|
196 |
204 |
|
... | ... | |
198 |
206 |
+---------------------+-----------+-------+-------+--------+--------+--------+
|
199 |
207 |
| anonymous | anonymous | user1 | user2 | agent1 | agent2 | admin |
|
200 |
208 |
| agent1 (submiter) | anonymous | user1 | user2 | agent1 | agent2 | admin |
|
201 |
|
| user1 | anonymous | user1 | user2 | agent1 | agent2 | admin |
|
|
209 |
| user1 | | user1 | user2 | agent1 | agent2 | admin |
|
202 |
210 |
"""
|
203 |
211 |
(anonymous, user1, user2, agent1, agent2, admin1) = users
|
204 |
212 |
tracking_code = None
|
... | ... | |
338 |
346 |
else:
|
339 |
347 |
assert expected in ('login', 'deny', 'front', 'back')
|
340 |
348 |
|
341 |
|
def check_tracking_code_access(user, owner=None, new_owner=None):
|
|
349 |
def check_tracking_code_access(user, owner=None, new_owner=None, expected='allow'):
|
342 |
350 |
"""
|
343 |
351 |
load the formdata using the tracking code and prefill user name fields.
|
344 |
352 |
new_owner is used to show that user fields change on drafts.
|
... | ... | |
353 |
361 |
resp.forms[0]['code'] = tracking_code
|
354 |
362 |
resp = resp.forms[0].submit()
|
355 |
363 |
resp = resp.follow()
|
|
364 |
if expected == 'login':
|
|
365 |
assert resp.location == (
|
|
366 |
'http://example.net/login/?ReturnUrl='
|
|
367 |
+ 'http://example.net/test/%s') % formdata_id
|
|
368 |
return
|
356 |
369 |
resp = resp.follow()
|
357 |
370 |
resp = resp.follow()
|
358 |
371 |
assert '<title>Forms - test</title>' in resp.text
|
... | ... | |
434 |
447 |
check_direct_access(users[i], expected[i])
|
435 |
448 |
|
436 |
449 |
# access to formdata using the tracking code
|
|
450 |
expected = ('login', 'allow', 'allow', 'allow', 'allow', 'allow')
|
437 |
451 |
is_draft = True # drafts
|
|
452 |
i = 0
|
438 |
453 |
for user in users:
|
439 |
454 |
with submit(anonymous, is_front=True) as (tracking_code, formdata_id):
|
440 |
455 |
check_tracking_code_access(user, owner=anonymous, new_owner=user)
|
441 |
456 |
with submit(agent1, is_front=False) as (tracking_code, formdata_id):
|
442 |
457 |
check_tracking_code_access(user, owner=anonymous, new_owner=user)
|
443 |
458 |
with submit(user1, is_front=True) as (tracking_code, formdata_id):
|
444 |
|
check_tracking_code_access(user, owner=user1, new_owner=user)
|
|
459 |
check_tracking_code_access(user, owner=user1, new_owner=user, expected=expected[i])
|
|
460 |
i += 1
|
445 |
461 |
|
446 |
462 |
is_draft = False # demands
|
|
463 |
i = 0
|
447 |
464 |
for user in users:
|
448 |
465 |
with submit(anonymous, is_front=True) as (tracking_code, formdata_id):
|
449 |
466 |
check_tracking_code_access(user, owner=anonymous, new_owner=user)
|
450 |
467 |
with submit(agent1, is_front=False) as (tracking_code, formdata_id):
|
451 |
468 |
check_tracking_code_access(user, owner=anonymous, new_owner=user)
|
452 |
469 |
with submit(user1, is_front=True) as (tracking_code, formdata_id):
|
453 |
|
check_tracking_code_access(user, owner=user1, new_owner=user)
|
|
470 |
check_tracking_code_access(user, owner=user1, new_owner=user, expected=expected[i])
|
|
471 |
i += 1
|