0001-backoffice-add-tracking-code-form-for-agents-8755.patch

Frédéric Péters, 23 octobre 2015 13:32

Voir les différences: en ligne côte à côte

Subject: [PATCH] backoffice: add tracking code form for agents (#8755)

 tests/test_backoffice_pages.py      | 48 +++++++++++++++++++++++++++++++++
 wcs/api.py                          |  4 +++
 wcs/backoffice/management.py        | 53 ++++++++++++++++++++++++++++++++++---
 wcs/qommon/static/css/dc2/admin.css |  5 ++++
 4 files changed, 107 insertions(+), 3 deletions(-)

         assert resp.body.count('<tr') == 20
         assert 'http://example.net/backoffice/management/other-form/' in resp.body
         assert not 'http://example.net/backoffice/management/form-title/' in resp.body
     def test_tracking_code_access(pub):
         create_user(pub)
         create_environment(pub, set_receiver=False)
         formdef = FormDef.get_by_urlname('form-title')
         formdef.enable_tracking_codes = True
         formdef.store()
         formdata, formdata2 = formdef.data_class().select()[:2]
         code = pub.tracking_code_class()
         code.formdata = formdata
         app = login(get_app(pub))
         resp = app.get('/backoffice/management/')
         assert 'id="tracking-code"' in resp.body
         resp.forms[0]['code'] = formdata.tracking_code
         resp = resp.forms[0].submit()
         assert resp.location == 'http://example.net/backoffice/management/form-title/%s/' % formdata.id
         resp = resp.follow()
         assert 'The form has been recorded' in resp.body
         assert 'This form has been accessed via its tracking code' in resp.body
         # check there's no access to other formdata
         app.get('http://example.net/backoffice/management/form-title/%s/' % formdata2.id, status=403)
         resp = app.get('/backoffice/management/')
         resp.forms[0]['code'] = 'AAAAAAAA'
         resp = resp.forms[0].submit()
         assert resp.location == 'http://example.net/backoffice/management/'
         resp = resp.follow()
         assert 'No such code' in resp.body
         if pub.is_using_postgresql():
             # try it from the global listing
             resp = app.get('/backoffice/management/listing')
             assert 'id="tracking-code"' in resp.body
             resp.forms[0]['code'] = formdata.tracking_code
             resp = resp.forms[0].submit()
             assert resp.location == 'http://example.net/backoffice/management/form-title/%s/' % formdata.id
             resp = resp.follow()
             assert 'The form has been recorded' in resp.body
             resp = app.get('/backoffice/management/listing')
             resp.forms[0]['code'] = 'AAAAAAAA'
             resp = resp.forms[0].submit()
             assert resp.location == 'http://example.net/backoffice/management/listing'
             resp = resp.follow()
             assert 'No such code' in resp.body

                 self.formdef = FormDef.get_by_urlname(component)
             except KeyError:
                 raise TraversalError()
             # check access for all paths, to block access to formdata that would
             # otherwise be accessible if the user is the submitter.
             self.check_access()
         def check_access(self):
             api_user = get_user_from_api_query_string()
             if not api_user:
                 if get_request().user and get_request().user.is_admin:

     class ManagementDirectory(Directory):
         _q_exports = ['', 'listing', 'statistics']
         _q_exports = ['', 'listing', 'statistics', 'code']
         def is_accessible(self, user):
             return user.can_go_in_backoffice()
-...
             html_top('management', _('Management'))
             get_response().filter['sidebar'] = self.get_sidebar()
             r = TemplateIO(html=True)
             r += get_session().display_message()
             user = get_request().user
-...
                 r += htmltext('<li><a href="listing">%s</a></li>') % _('Global View')
             r += htmltext('</ul>')
             r += htmltext('</div>')
             r += self.get_tracking_code_sidebox()
             return r.getvalue()
         def code(self):
             code = get_request().form.get('code')
             try:
                 tracking_code = get_publisher().tracking_code_class.get(code)
             except KeyError:
                 get_session().message = ('error', _('No such code'))
                 return redirect(get_request().form.get('back') or '.')
             formdata = tracking_code.formdata
             get_session().mark_anonymous_formdata(formdata)
             return redirect(formdata.get_url(backoffice=True))
         def get_tracking_code_sidebox(self, back_place=''):
             r = TemplateIO(html=True)
             if any((x for x in FormDef.select() if x.enable_tracking_codes)):
                 r += htmltext('<div id="tracking-code">')
                 r += htmltext('<h3>%s</h3>' % _('Tracking Code'))
                 r += htmltext('<form action="code">')
                 r += htmltext('<input type="hidden" name="back" value="%s"/>') % back_place
                 r += htmltext('<input size="12" name="code" pattern="[A-Za-z]{8}" placeholder="%s"/>'
                         ) % _('ex: RPQDFVCD')
                 r += htmltext('<button>%s</button>') % _('Load')
                 r += htmltext('</form>')
                 r += htmltext('</div>')
             return r.getvalue()
         def get_global_listing_sidebar(self, limit=None, offset=None):
-...
             form.add_submit('submit', _('Submit'))
             r = TemplateIO(html=True)
             r += self.get_tracking_code_sidebox('listing')
             r += htmltext('<div>')
             r += htmltext('<h3>%s</h3>') % _('Filters')
             r += form.render()
-...
             get_response().filter['sidebar'] = self.get_global_listing_sidebar()
             rt = TemplateIO(html=True)
             rt += htmltext('<h2>%s</h2>') % _('Global View')
             rt += get_session().display_message()
             rt += r.getvalue()
             r = rt
             return rt.getvalue()
-...
                 self.formdef = FormDef.get_by_urlname(component)
             except KeyError:
                 raise errors.TraversalError()
             get_response().breadcrumb.append( (component + '/', self.formdef.name) )
         def check_access(self):
             session = get_session()
             user = get_request().user
             if user is None and get_publisher().user_class.count() == 0:
-...
                     raise errors.AccessForbiddenError()
                 else:
                     raise errors.AccessUnauthorizedError()
             get_response().breadcrumb.append( (component + '/', self.formdef.name) )
         def get_formdata_sidebar(self, qs=''):
             r = TemplateIO(html=True)
-...
             return criterias
         def _q_index(self):
             self.check_access()
             get_logger().info('backoffice - form %s - listing' % self.formdef.name)
             fields = self.get_fields_from_query()
-...
             return r.getvalue()
         def pending(self):
             self.check_access()
             get_logger().info('backoffice - form %s - pending' % self.formdef.name)
             get_response().breadcrumb.append( ('pending', _('Pending Forms')) )
             html_top('management', '%s - %s' % (_('Pending Forms'), self.formdef.name))
-...
             return elements
         def csv(self):
             self.check_access()
             fields = self.get_fields_from_query()
             selected_filter = self.get_filter_from_query()
             user = get_request().user
-...
                 return exporter.output.getvalue()
         def export(self):
             self.check_access()
             if get_request().form.get('download'):
                 return self.export_download()
-...
             return job.file_content
         def xls(self):
             self.check_access()
             if xlwt is None:
                 raise errors.TraversalError()
-...
                 return exporter.output.getvalue()
         def ods(self):
             self.check_access()
             fields = self.get_fields_from_query()
             selected_filter = self.get_filter_from_query()
             user = get_request().user
-...
                 return exporter.output.getvalue()
         def json(self):
             self.check_access()
             get_response().set_content_type('application/json')
             from wcs.api import get_user_from_api_query_string
             user = get_user_from_api_query_string() or get_request().user
-...
             return r.getvalue()
         def stats(self):
             self.check_access()
             get_logger().info('backoffice - form %s - stats' % self.formdef.name)
             html_top('management', '%s - %s' % (_('Form'), self.formdef.name))
             r = TemplateIO(html=True)
-...
             get_response().filter['sidebar'] = self.get_sidebar()
             return self.status()
         def receipt(self, *args, **kwargs):
             r = TemplateIO(html=True)
             if get_session() and get_session().is_anonymous_submitter(self.filled):
                 r += htmltext('<div class="infonotice">')
                 r += _('This form has been accessed via its tracking code, it is '
                        'therefore displayed like you were its owner.')
                 r += htmltext('</div>')
             r += super(FormBackOfficeStatusPage, self).receipt(*args, **kwargs)
             return r.getvalue()
         def get_sidebar(self):
             return self.get_extra_context_bar()

     	transform: rotate(2deg);
+    }
     div#tracking-code button {
     	position: relative;
     	top: -2px;
+    }
     @media print {
     	div#sidebar {
     		display: none;
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0001-backoffice-add-tracking-code-form-for-agents-8755.patch