1633 |
1633 |
resp = resp.follow()
|
1634 |
1634 |
assert resp.location == 'http://example.net/test/%s/' % formdata_id
|
1635 |
1635 |
resp = resp.follow()
|
1636 |
1636 |
assert 'form_comment' in resp.text # makes sure user is treated as submitter
|
1637 |
1637 |
resp.forms[0]['comment'] = 'hello world'
|
1638 |
1638 |
resp = resp.forms[0].submit()
|
1639 |
1639 |
assert formdef.data_class().get(formdata_id).evolution[-1].comment == 'hello world'
|
1640 |
1640 |
|
1641 |
|
# and check we can also get back to it as anonymous
|
|
1641 |
# check we can't get back to it as anonymous
|
1642 |
1642 |
app = get_app(pub)
|
1643 |
1643 |
resp = app.get('/')
|
1644 |
1644 |
resp.forms[0]['code'] = tracking_code
|
1645 |
1645 |
resp = resp.forms[0].submit()
|
1646 |
1646 |
assert resp.location == 'http://example.net/code/%s/load' % tracking_code
|
1647 |
1647 |
resp = resp.follow()
|
1648 |
|
assert resp.location == 'http://example.net/test/%s/' % formdata_id
|
1649 |
|
resp = resp.follow()
|
1650 |
|
assert 'form_comment' in resp.text # makes sure user is treated as submitter
|
|
1648 |
assert resp.location == 'http://example.net/login/?ReturnUrl=http://example.net/test/%s' % formdata_id
|
1651 |
1649 |
|
1652 |
1650 |
# and check a bot is not allowed to get it
|
1653 |
1651 |
app = get_app(pub)
|
1654 |
1652 |
resp = app.get('/code/%s/load' % tracking_code,
|
1655 |
1653 |
headers={'User-agent': 'Googlebot'}, status=403)
|
1656 |
1654 |
|
1657 |
1655 |
|
1658 |
1656 |
def test_form_empty_tracking_code(pub, nocache):
|
... | ... | |
6321 |
6319 |
resp = resp.follow()
|
6322 |
6320 |
assert 'The form has been recorded' in resp.text
|
6323 |
6321 |
|
6324 |
6322 |
# agent access to an unauthorized formdata
|
6325 |
6323 |
formdef.workflow_roles = {'_receiver': None}
|
6326 |
6324 |
formdef.store()
|
6327 |
6325 |
resp = app.get(formdata.get_url(), status=403)
|
6328 |
6326 |
|
6329 |
|
# agent access via a tracking code (stays in frontoffice)
|
|
6327 |
# agent access via a tracking code (redirected to login and next backoffice)
|
6330 |
6328 |
formdef.workflow_roles = {'_receiver': role.id}
|
6331 |
6329 |
formdef.enable_tracking_codes = True
|
6332 |
6330 |
formdef.store()
|
6333 |
6331 |
|
6334 |
6332 |
code = pub.tracking_code_class()
|
6335 |
6333 |
code.formdata = formdata
|
6336 |
6334 |
code.store()
|
6337 |
6335 |
|
6338 |
6336 |
resp = app.get('/code/%s/load' % code.id)
|
6339 |
|
resp = resp.follow() # -> /test/1/
|
|
6337 |
resp = resp.follow() # -> /login/?ReturnUrl=.../test/1
|
|
6338 |
assert '<title>wcs - Login</title>' in resp.text
|
|
6339 |
resp.form['username'] = 'admin'
|
|
6340 |
resp.form['password'] = 'admin'
|
|
6341 |
resp = resp.form.submit()
|
|
6342 |
assert resp.status_int == 302
|
|
6343 |
resp = resp.follow() # -> /test/1
|
6340 |
6344 |
assert 'backoffice' not in resp.request.path
|
|
6345 |
resp = resp.follow() # -> /test/1/
|
|
6346 |
assert 'backoffice' in resp.location
|
|
6347 |
resp = resp.follow() # -> /backoffice/management/test/1/
|
6341 |
6348 |
assert 'The form has been recorded' in resp.text
|
6342 |
6349 |
|
6343 |
6350 |
# authorized access but not backoffice access
|
6344 |
6351 |
app = login(get_app(pub), username='admin', password='admin') # reset session
|
6345 |
6352 |
resp = app.get(formdata.get_url())
|
6346 |
6353 |
assert resp.location == formdata.get_url(backoffice=True) # check tracking code is no longer effective
|
6347 |
6354 |
role.allows_backoffice_access = False
|
6348 |
6355 |
role.store()
|