0001-api-fix-formdata-status-with-anonymise-on-56931.patch

Lauréline Guérin, 20 septembre 2021 16:33

Voir les différences: en ligne côte à côte

Subject: [PATCH] api: fix formdata status with anonymise on (#56931)

 tests/api/test_formdata.py | 46 +++++++++++++++++++++++++++++++++++---
 wcs/formdata.py            | 13 +++++------
 2 files changed, 49 insertions(+), 10 deletions(-)

         role = pub.role_class(name='test')
         role.store()
         local_user.roles = [role.id]
         local_user.store()
         Workflow.wipe()
         workflow = Workflow()
         workflow.add_status('Status1', 'st1')
         workflow.add_status('Status2', 'st2')
         workflow.possible_status[-1].visibility = [role.id]
         workflow.store()
         FormDef.wipe()
         formdef = FormDef()
         formdef.name = 'test'
-...
             ),
             fields.FileField(id='2', label='foobar4', varname='file'),
+        ]
         formdef.workflow_id = workflow.id
         formdef.store()
         data_class = formdef.data_class()
-...
             formdata.just_created()
             if i % 3 == 0:
                 formdata.jump_status('new')
                 formdata.jump_status('st1')
             else:
                 evo = Evolution()
                 evo.who = admin_user.id
                 evo.time = time.localtime()
                 evo.status = 'wf-%s' % 'finished'
                 evo.status = 'wf-%s' % 'st2'
                 formdata.evolution.append(evo)
                 formdata.status = evo.status
             formdata.store()
-...
         assert 'email' in resp.json[1]['evolution'][1]['who']
         assert 'NameID' in resp.json[1]['evolution'][1]['who']
         assert 'name' in resp.json[1]['evolution'][1]['who']
         assert resp.json[0]['workflow']['status'] == {'id': 'st2', 'name': 'Status2'}
         assert resp.json[0]['workflow']['real_status'] == {'id': 'st2', 'name': 'Status2'}
         assert resp.json[2]['workflow']['status'] == {'id': 'st1', 'name': 'Status1'}
         assert resp.json[2]['workflow']['real_status'] == {'id': 'st1', 'name': 'Status1'}
         # check access is granted event if there is no user
         resp = get_app(pub).get(sign_uri('/api/forms/test/list?anonymise&full=on'))
-...
         assert 'status' in resp.json[0]['evolution'][0]
         assert 'who' not in resp.json[0]['evolution'][0]
         assert 'time' in resp.json[0]['evolution'][0]
         assert resp.json[0]['workflow']['status'] == {'id': 'st2', 'name': 'Status2'}
         assert resp.json[0]['workflow']['real_status'] == {'id': 'st2', 'name': 'Status2'}
         assert resp.json[2]['workflow']['status'] == {'id': 'st1', 'name': 'Status1'}
         assert resp.json[2]['workflow']['real_status'] == {'id': 'st1', 'name': 'Status1'}
         # check anonymise is enforced on detail view
         resp = get_app(pub).get(sign_uri('/api/forms/test/%s/?anonymise' % resp.json[1]['id']))
         assert 'receipt_time' in resp.json
-...
         local_user.roles = [role.id]
         local_user.store()
         Workflow.wipe()
         workflow = Workflow()
         workflow.add_status('Status1', 'st1')
         workflow.add_status('Status2', 'st2')
         workflow.possible_status[-1].visibility = [role.id]
         workflow.store()
         FormDef.wipe()
         formdef = FormDef()
         formdef.name = 'test'
-...
             fields.StringField(id='1', label='foobar', varname='foobar'),
             fields.StringField(id='2', label='foobar2', varname='foobar2', anonymise=False),
+        ]
         formdef.workflow_id = workflow.id
         formdef.store()
         data_class = formdef.data_class()
         data_class.wipe()
         for _i in range(10):
         for i in range(10):
             formdata = data_class()
             formdata.data = {'1': 'FOO BAR1', '2': 'FOO BAR 2'}
             formdata.user_id = local_user.id
             formdata.just_created()
             if i % 3 == 0:
                 formdata.jump_status('st1')
             else:
                 formdata.jump_status('st2')
             formdata.store()
         # check normal API behaviour: get all data
-...
         assert resp.json[0]['fields']['foobar'] == 'FOO BAR1'
         assert resp.json[0]['fields']['foobar2'] == 'FOO BAR 2'
         assert resp.json[0].get('user')
         assert resp.json[0]['workflow']['status'] == {'id': 'st1', 'name': 'Status1'}
         assert resp.json[0]['workflow']['real_status'] == {'id': 'st1', 'name': 'Status1'}
         assert resp.json[1]['workflow']['status'] == {'id': 'st2', 'name': 'Status2'}
         assert resp.json[1]['workflow']['real_status'] == {'id': 'st2', 'name': 'Status2'}
         # get a single formdata
         resp = get_url('/api/forms/test/%s/' % formdata.id)
-...
         assert 'foobar' not in resp.json[0]['fields']
         assert resp.json[0]['fields']['foobar2'] == 'FOO BAR 2'
         assert not resp.json[0].get('user')
         assert resp.json[0]['workflow']['status'] == {'id': 'st1', 'name': 'Status1'}
         assert resp.json[0]['workflow']['real_status'] == {'id': 'st1', 'name': 'Status1'}
         assert resp.json[1]['workflow']['status'] == {'id': 'st2', 'name': 'Status2'}
         assert resp.json[1]['workflow']['real_status'] == {'id': 'st2', 'name': 'Status2'}
         # get a single formdata
         resp = get_url('/api/forms/test/%s/' % formdata.id)

             data['criticality_level'] = self.criticality_level
             data['url'] = self.get_url()
             if not anonymise:
                 try:
                     user = get_publisher().user_class.get(self.user_id)
                 except KeyError:
                     user = None
                 if user:
                     data['user'] = user.get_json_export_dict()
             try:
                 user = get_publisher().user_class.get(self.user_id)
             except KeyError:
                 user = None
             if not anonymise and user:
                 data['user'] = user.get_json_export_dict()
             data['fields'] = self.get_json_dict(
                 self.formdef.fields, include_files=include_files, anonymise=anonymise
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0001-api-fix-formdata-status-with-anonymise-on-56931.patch