12 |
12 |
from quixote import get_publisher
|
13 |
13 |
|
14 |
14 |
from wcs import fields, qommon
|
|
15 |
from wcs.api_access import ApiAccess
|
15 |
16 |
from wcs.api_utils import sign_url
|
16 |
17 |
from wcs.categories import Category
|
17 |
18 |
from wcs.data_sources import NamedDataSource
|
... | ... | |
187 |
188 |
assert len(resp.json['data']) == 2
|
188 |
189 |
|
189 |
190 |
|
190 |
|
def test_limited_formdef_list(pub, local_user):
|
|
191 |
@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
|
|
192 |
def test_limited_formdef_list(pub, local_user, auth):
|
191 |
193 |
pub.role_class.wipe()
|
192 |
194 |
role = pub.role_class(name='Foo bar')
|
193 |
195 |
role.id = '14'
|
... | ... | |
201 |
203 |
formdef.fields = []
|
202 |
204 |
formdef.store()
|
203 |
205 |
|
|
206 |
ApiAccess.wipe()
|
|
207 |
access = ApiAccess()
|
|
208 |
access.name = 'test'
|
|
209 |
access.access_identifier = 'test'
|
|
210 |
access.access_key = '12345'
|
|
211 |
access.store()
|
|
212 |
|
|
213 |
app = get_app(pub)
|
|
214 |
|
|
215 |
if auth == 'http-basic':
|
|
216 |
|
|
217 |
def get_url(url, **kwargs):
|
|
218 |
app.set_authorization(('Basic', ('test', '12345')))
|
|
219 |
return app.get(url, **kwargs)
|
|
220 |
|
|
221 |
else:
|
|
222 |
|
|
223 |
def get_url(url, **kwargs):
|
|
224 |
return app.get(
|
|
225 |
sign_uri(url, user=local_user, orig=access.access_identifier, key=access.access_key), **kwargs
|
|
226 |
)
|
|
227 |
|
204 |
228 |
resp = get_app(pub).get(sign_uri('/api/formdefs/'))
|
205 |
229 |
assert resp.json['err'] == 0
|
206 |
230 |
assert len(resp.json['data']) == 1
|
... | ... | |
216 |
240 |
resp = get_app(pub).get(sign_uri('/api/formdefs/'))
|
217 |
241 |
resp2 = get_app(pub).get(sign_uri('/api/formdefs/?NameID='))
|
218 |
242 |
resp3 = get_app(pub).get(sign_uri('/api/formdefs/?NameID=XXX'))
|
219 |
|
resp4 = get_app(pub).get(sign_uri('/api/formdefs/?NameID=%s' % local_user.name_identifiers[0]))
|
|
243 |
resp4 = get_url('/api/formdefs/')
|
220 |
244 |
assert resp.json['err'] == 0
|
221 |
245 |
assert len(resp.json['data']) == 1 # advertised in naked calls (as done from combo)
|
222 |
246 |
assert len(resp2.json['data']) == 0 # not advertised otherwise
|
... | ... | |
229 |
253 |
# unless user has correct roles
|
230 |
254 |
local_user.roles = [role.id]
|
231 |
255 |
local_user.store()
|
232 |
|
resp = get_app(pub).get(sign_uri('/api/formdefs/?NameID=%s' % local_user.name_identifiers[0]))
|
|
256 |
if auth == 'http-basic':
|
|
257 |
access.roles = [role]
|
|
258 |
access.store()
|
|
259 |
resp = get_url('/api/formdefs/')
|
233 |
260 |
assert resp.json['err'] == 0
|
234 |
261 |
assert len(resp.json['data']) == 1
|
235 |
262 |
|
236 |
263 |
local_user.roles = []
|
237 |
264 |
local_user.store()
|
|
265 |
if auth == 'http-basic':
|
|
266 |
access.roles = []
|
|
267 |
access.store()
|
238 |
268 |
|
239 |
269 |
# check it's also included in anonymous/signed calls, but marked for
|
240 |
270 |
# authentication
|
... | ... | |
248 |
278 |
resp = get_app(pub).get(sign_uri('/api/formdefs/'))
|
249 |
279 |
resp2 = get_app(pub).get(sign_uri('/api/formdefs/?NameID='))
|
250 |
280 |
resp3 = get_app(pub).get(sign_uri('/api/formdefs/?NameID=XXX'))
|
251 |
|
resp4 = get_app(pub).get(sign_uri('/api/formdefs/?NameID=%s' % local_user.name_identifiers[0]))
|
|
281 |
resp4 = get_url('/api/formdefs/')
|
252 |
282 |
assert resp.json['err'] == 0
|
253 |
283 |
assert len(resp.json['data']) == 1
|
254 |
284 |
assert resp.json['data'][0]['authentication_required']
|
... | ... | |
277 |
307 |
assert 'count' not in resp1.json['data'][0]
|
278 |
308 |
|
279 |
309 |
|
280 |
|
def test_backoffice_submission_formdef_list(pub, local_user):
|
|
310 |
@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
|
|
311 |
def test_backoffice_submission_formdef_list(pub, local_user, auth):
|
281 |
312 |
pub.role_class.wipe()
|
282 |
313 |
role = pub.role_class(name='Foo bar')
|
283 |
314 |
role.id = '14'
|
... | ... | |
296 |
327 |
formdef2.fields = []
|
297 |
328 |
formdef2.store()
|
298 |
329 |
|
|
330 |
ApiAccess.wipe()
|
|
331 |
access = ApiAccess()
|
|
332 |
access.name = 'test'
|
|
333 |
access.access_identifier = 'test'
|
|
334 |
access.access_key = '12345'
|
|
335 |
access.store()
|
|
336 |
|
|
337 |
app = get_app(pub)
|
|
338 |
|
|
339 |
if auth == 'http-basic':
|
|
340 |
|
|
341 |
def get_url(url, **kwargs):
|
|
342 |
app.set_authorization(('Basic', ('test', '12345')))
|
|
343 |
return app.get(url, **kwargs)
|
|
344 |
|
|
345 |
else:
|
|
346 |
|
|
347 |
def get_url(url, **kwargs):
|
|
348 |
return app.get(
|
|
349 |
sign_uri(url, user=local_user, orig=access.access_identifier, key=access.access_key), **kwargs
|
|
350 |
)
|
|
351 |
|
299 |
352 |
resp = get_app(pub).get(sign_uri('/api/formdefs/?backoffice-submission=on'))
|
300 |
353 |
assert resp.json['err'] == 0
|
301 |
354 |
assert len(resp.json['data']) == 0
|
... | ... | |
328 |
381 |
# ... unless user has correct roles
|
329 |
382 |
local_user.roles = [role.id]
|
330 |
383 |
local_user.store()
|
331 |
|
resp = get_app(pub).get(
|
332 |
|
sign_uri('/api/formdefs/?backoffice-submission=on&NameID=%s' % local_user.name_identifiers[0])
|
333 |
|
)
|
|
384 |
if auth == 'http-basic':
|
|
385 |
access.roles = [role]
|
|
386 |
access.store()
|
|
387 |
resp = get_url('/api/formdefs/?backoffice-submission=on')
|
334 |
388 |
assert resp.json['err'] == 0
|
335 |
389 |
assert len(resp.json['data']) == 1
|
336 |
390 |
assert 'backoffice_submission_url' in resp.json['data'][0]
|