0001-api-expose-formdata-retrieval-api-under-api-8678.patch
| help/fr/api-get.page | ||
|---|---|---|
| 31 | 31 | |
| 32 | 32 |
<screen> |
| 33 | 33 |
<output style="prompt">$ </output><input>curl -H "Accept: application/json" \ |
| 34 |
https://www.example.net/inscriptions/newsletter/16/</input>
|
|
| 34 |
https://www.example.net/api/forms/newsletter/16/</input>
|
|
| 35 | 35 |
</screen> |
| 36 | 36 | |
| 37 | 37 |
<p> |
| tests/test_api.py | ||
|---|---|---|
| 391 | 391 | |
| 392 | 392 | |
| 393 | 393 |
def test_formdata(local_user): |
| 394 |
Role.wipe() |
|
| 395 |
role = Role(name='test') |
|
| 396 |
role.store() |
|
| 394 | 397 |
FormDef.wipe() |
| 395 | 398 |
formdef = FormDef() |
| 396 | 399 |
formdef.name = 'test' |
| ... | ... | |
| 399 | 402 |
fields.StringField(id='1', label='foobar2'), |
| 400 | 403 |
fields.DateField(id='2', label='foobar3', varname='date'), |
| 401 | 404 |
fields.FileField(id='3', label='foobar4', varname='file'),] |
| 405 |
formdef.workflow_roles = {'_receiver': role.id}
|
|
| 402 | 406 |
formdef.store() |
| 403 | 407 | |
| 404 | 408 |
formdata = formdef.data_class()() |
| ... | ... | |
| 410 | 414 |
formdata.just_created() |
| 411 | 415 |
formdata.store() |
| 412 | 416 | |
| 413 |
resp = get_app(pub).get(sign_uri('/test/%s/' % formdata.id, user=local_user))
|
|
| 417 |
resp = get_app(pub).get( |
|
| 418 |
sign_uri('/api/forms/test/%s/' % formdata.id, user=local_user),
|
|
| 419 |
status=403) |
|
| 420 | ||
| 421 |
local_user.roles = [role.id] |
|
| 422 |
local_user.store() |
|
| 423 |
resp = get_app(pub).get( |
|
| 424 |
sign_uri('/api/forms/test/%s/' % formdata.id, user=local_user),
|
|
| 425 |
status=200) |
|
| 426 | ||
| 427 |
resp2 = get_app(pub).get(sign_uri('/test/%s/' % formdata.id, user=local_user))
|
|
| 428 |
assert resp.json == resp2.json |
|
| 414 | 429 |
assert 'last_update_time' in resp.json |
| 415 | 430 |
assert len(resp.json['fields']) == 3 # foobar2 has no varname, not in json |
| 416 | 431 |
assert resp.json['user']['name'] == local_user.name |
| wcs/api.py | ||
|---|---|---|
| 35 | 35 |
from wcs.categories import Category |
| 36 | 36 |
from wcs.formdef import FormDef |
| 37 | 37 |
from wcs.roles import Role, logged_users_role |
| 38 |
from wcs.forms.common import FormStatusPage |
|
| 38 | 39 |
from wcs.forms.root import RootDirectory |
| 39 | 40 |
import wcs.qommon.storage as st |
| 40 | 41 | |
| ... | ... | |
| 136 | 137 |
from backoffice.management import FormPage as BackofficeFormPage |
| 137 | 138 | |
| 138 | 139 | |
| 140 |
class ApiFormdataPage(FormStatusPage): |
|
| 141 |
_q_exports = ['', 'download'] |
|
| 142 | ||
| 143 |
def _q_index(self): |
|
| 144 |
return self.json() |
|
| 145 | ||
| 146 |
def check_receiver(self): |
|
| 147 |
api_user = get_user_from_api_query_string() |
|
| 148 |
if not api_user: |
|
| 149 |
if get_request().user and get_request().user.is_admin: |
|
| 150 |
return # grant access to admins, to ease debug |
|
| 151 |
raise AccessForbiddenError() |
|
| 152 |
if not self.formdef.is_user_allowed_read_status_and_history(api_user, self.filled): |
|
| 153 |
raise AccessForbiddenError() |
|
| 154 | ||
| 155 | ||
| 139 | 156 |
class ApiFormPage(BackofficeFormPage): |
| 140 | 157 |
_q_exports = [('list', 'json')] # same as backoffice but restricted to json export
|
| 141 | 158 | |
| ... | ... | |
| 153 | 170 |
if not self.formdef.is_of_concern_for_user(api_user): |
| 154 | 171 |
raise AccessForbiddenError() |
| 155 | 172 | |
| 173 |
def _q_lookup(self, component): |
|
| 174 |
try: |
|
| 175 |
formdata = self.formdef.data_class().get(component) |
|
| 176 |
except KeyError: |
|
| 177 |
raise TraversalError() |
|
| 178 |
return ApiFormdataPage(self.formdef, formdata) |
|
| 179 | ||
| 156 | 180 | |
| 157 | 181 |
class ApiFormsDirectory(Directory): |
| 158 | 182 |
def _q_lookup(self, component): |
| 159 |
- |
|