0001-api-expose-formdata-retrieval-api-under-api-8678.patch
help/fr/api-get.page | ||
---|---|---|
31 | 31 | |
32 | 32 |
<screen> |
33 | 33 |
<output style="prompt">$ </output><input>curl -H "Accept: application/json" \ |
34 |
https://www.example.net/inscriptions/newsletter/16/</input>
|
|
34 |
https://www.example.net/api/forms/newsletter/16/</input>
|
|
35 | 35 |
</screen> |
36 | 36 | |
37 | 37 |
<p> |
tests/test_api.py | ||
---|---|---|
391 | 391 | |
392 | 392 | |
393 | 393 |
def test_formdata(local_user): |
394 |
Role.wipe() |
|
395 |
role = Role(name='test') |
|
396 |
role.store() |
|
394 | 397 |
FormDef.wipe() |
395 | 398 |
formdef = FormDef() |
396 | 399 |
formdef.name = 'test' |
... | ... | |
399 | 402 |
fields.StringField(id='1', label='foobar2'), |
400 | 403 |
fields.DateField(id='2', label='foobar3', varname='date'), |
401 | 404 |
fields.FileField(id='3', label='foobar4', varname='file'),] |
405 |
formdef.workflow_roles = {'_receiver': role.id} |
|
402 | 406 |
formdef.store() |
403 | 407 | |
404 | 408 |
formdata = formdef.data_class()() |
... | ... | |
410 | 414 |
formdata.just_created() |
411 | 415 |
formdata.store() |
412 | 416 | |
413 |
resp = get_app(pub).get(sign_uri('/test/%s/' % formdata.id, user=local_user)) |
|
417 |
resp = get_app(pub).get( |
|
418 |
sign_uri('/api/forms/test/%s/' % formdata.id, user=local_user), |
|
419 |
status=403) |
|
420 | ||
421 |
local_user.roles = [role.id] |
|
422 |
local_user.store() |
|
423 |
resp = get_app(pub).get( |
|
424 |
sign_uri('/api/forms/test/%s/' % formdata.id, user=local_user), |
|
425 |
status=200) |
|
426 | ||
427 |
resp2 = get_app(pub).get(sign_uri('/test/%s/' % formdata.id, user=local_user)) |
|
428 |
assert resp.json == resp2.json |
|
414 | 429 |
assert 'last_update_time' in resp.json |
415 | 430 |
assert len(resp.json['fields']) == 3 # foobar2 has no varname, not in json |
416 | 431 |
assert resp.json['user']['name'] == local_user.name |
wcs/api.py | ||
---|---|---|
35 | 35 |
from wcs.categories import Category |
36 | 36 |
from wcs.formdef import FormDef |
37 | 37 |
from wcs.roles import Role, logged_users_role |
38 |
from wcs.forms.common import FormStatusPage |
|
38 | 39 |
from wcs.forms.root import RootDirectory |
39 | 40 |
import wcs.qommon.storage as st |
40 | 41 | |
... | ... | |
136 | 137 |
from backoffice.management import FormPage as BackofficeFormPage |
137 | 138 | |
138 | 139 | |
140 |
class ApiFormdataPage(FormStatusPage): |
|
141 |
_q_exports = ['', 'download'] |
|
142 | ||
143 |
def _q_index(self): |
|
144 |
return self.json() |
|
145 | ||
146 |
def check_receiver(self): |
|
147 |
api_user = get_user_from_api_query_string() |
|
148 |
if not api_user: |
|
149 |
if get_request().user and get_request().user.is_admin: |
|
150 |
return # grant access to admins, to ease debug |
|
151 |
raise AccessForbiddenError() |
|
152 |
if not self.formdef.is_user_allowed_read_status_and_history(api_user, self.filled): |
|
153 |
raise AccessForbiddenError() |
|
154 | ||
155 | ||
139 | 156 |
class ApiFormPage(BackofficeFormPage): |
140 | 157 |
_q_exports = [('list', 'json')] # same as backoffice but restricted to json export |
141 | 158 | |
... | ... | |
153 | 170 |
if not self.formdef.is_of_concern_for_user(api_user): |
154 | 171 |
raise AccessForbiddenError() |
155 | 172 | |
173 |
def _q_lookup(self, component): |
|
174 |
try: |
|
175 |
formdata = self.formdef.data_class().get(component) |
|
176 |
except KeyError: |
|
177 |
raise TraversalError() |
|
178 |
return ApiFormdataPage(self.formdef, formdata) |
|
179 | ||
156 | 180 | |
157 | 181 |
class ApiFormsDirectory(Directory): |
158 | 182 |
def _q_lookup(self, component): |
159 |
- |