Produits Entr'ouvert » w.c.s.

        formdata.user_id = local_user.id

    assert 'user' in resp.json[0]

def test_api_anonymized_formdata(pub, local_user):

    Role.wipe()

    role = Role(name='test')

    role.store()

    FormDef.wipe()

    formdef = FormDef()

    formdef.name = 'test'

    formdef.workflow_roles = {'_receiver': role.id}

    formdef.fields = [

        fields.StringField(id='0', label='foobar', varname='foobar'),

        fields.ItemField(id='1', label='foobar3', varname='foobar3', type='item',

            items=['foo', 'bar', 'baz']),

        fields.FileField(id='2', label='foobar4', varname='file'),

        ]

    formdef.store()

    data_class = formdef.data_class()

    data_class.wipe()

    for i in range(30):

        formdata = data_class()

        date = time.strptime('2014-01-20', '%Y-%m-%d')

        upload = PicklableUpload('test.txt', 'text/plain', 'ascii')

        upload.receive(['base64me'])

        formdata.data = {'0': 'FOO BAR %d' % i, '2': upload}

        formdata.user_id = local_user.id

        if i%4 == 0:

            formdata.data['1'] = 'foo'

            formdata.data['1_display'] = 'foo'

        elif i%4 == 1:

            formdata.data['1'] = 'bar'

            formdata.data['1_display'] = 'bar'

        else:

            formdata.data['1'] = 'baz'

            formdata.data['1_display'] = 'baz'

        formdata.just_created()

        if i%3 == 0:

            formdata.jump_status('new')

        else:

            formdata.jump_status('finished')

        formdata.store()

    # check access is granted even if the user has not the appropriate role

    resp = get_app(pub).get(sign_uri('/api/forms/test/anonymized', user=local_user))

    assert len(resp.json) == 30

    assert 'receipt_time' in resp.json[0]

    assert 'fields' in resp.json[0]

    assert 'user' not in resp.json[0]

    assert 'file' not in resp.json[0]['fields'] # no file export in full lists

    assert 'foobar3' in resp.json[0]['fields']

    assert 'foobar' not in resp.json[0]['fields']

    # check access is granted event if there is no user

    resp = get_app(pub).get(sign_uri('/api/forms/test/anonymized'))

    assert len(resp.json) == 30

    assert 'receipt_time' in resp.json[0]

    assert 'fields' in resp.json[0]

    assert 'user' not in resp.json[0]

    assert 'file' not in resp.json[0]['fields'] # no file export in full lists

    assert 'foobar3' in resp.json[0]['fields']

    assert 'foobar' not in resp.json[0]['fields']

    _q_exports = [('list', 'json'), # same as backoffice but restricted to json export

                  ('anonymized', 'anonymised'),

    ]

    def anonymised(self):

        get_response().set_content_type('application/json')

        if (not (get_request().user and get_request().user.is_admin) and

            not is_url_signed()):

            raise AccessForbiddenError('user not authenticated')

        output = [filled.get_json_export_dict(include_files=False, anonymise=True) for filled in

                  self.formdef.data_class().select()]

        return json.dumps(output,

                cls=misc.JSONEncoder,

                encoding=get_publisher().site_charset)

        if not is_url_signed():