0001-forms-keep-access-to-roles-that-are-mentioned-in-for.patch
tests/test_backoffice_pages.py | ||
---|---|---|
784 | 784 |
resp.form['f3'] = 'C' |
785 | 785 |
resp = resp.form.submit('submit') # to validation screen |
786 | 786 |
resp = resp.form.submit('submit') # final submit |
787 |
# should go the submission screen |
|
787 |
# should go to the formdata because the formdef is defined as is |
|
788 |
assert resp.location.startswith('http://example.net/backoffice/management/form-title/') |
|
789 | ||
790 |
# remove function from formdef |
|
791 |
formdef.workflow_roles = {} |
|
792 |
formdef.store() |
|
793 | ||
794 |
resp = app.get('/backoffice/submission/') |
|
795 | ||
796 |
resp = resp.click(formdef.name) |
|
797 |
resp.form['f1'] = 'test submission' |
|
798 |
resp.form['f2'] = 'baz' |
|
799 |
resp.form['f3'] = 'C' |
|
800 |
resp = resp.form.submit('submit') # to validation screen |
|
801 |
resp = resp.form.submit('submit') # final submit |
|
802 |
# should NOT go to the formdata |
|
788 | 803 |
assert resp.location == 'http://example.net/backoffice/submission/' |
789 |
resp = resp.follow() |
|
804 | ||
805 |
# if there's no function but the dispatch sets the right function, should |
|
806 |
# go to the formdata screen |
|
807 |
dispatch.role_id = '1' |
|
808 |
wf.store() |
|
809 | ||
810 |
resp = app.get('/backoffice/submission/') |
|
811 | ||
812 |
resp = resp.click(formdef.name) |
|
813 |
resp.form['f1'] = 'test submission' |
|
814 |
resp.form['f2'] = 'baz' |
|
815 |
resp.form['f3'] = 'C' |
|
816 |
resp = resp.form.submit('submit') # to validation screen |
|
817 |
resp = resp.form.submit('submit') # final submit |
|
818 |
# should go to the formdata because the formdata was dispatched to the |
|
819 |
# right role |
|
820 |
assert resp.location.startswith('http://example.net/backoffice/management/form-title/') |
|
790 | 821 | |
791 | 822 |
def test_backoffice_submission_tracking_code(pub): |
792 | 823 |
user = create_user(pub) |
wcs/formdef.py | ||
---|---|---|
935 | 935 |
def is_of_concern_for_user(self, user, formdata=None): |
936 | 936 |
if not self.workflow_roles: |
937 | 937 |
self.workflow_roles = {} |
938 |
workflow_roles = self.workflow_roles.copy() |
|
939 |
if formdata and formdata.workflow_roles:
|
|
940 |
workflow_roles.update(formdata.workflow_roles)
|
|
941 |
for role_id in workflow_roles.values(): |
|
938 | ||
939 |
# if the formdef itself has some function attributed to the user, grant
|
|
940 |
# access.
|
|
941 |
for role_id in self.workflow_roles.values():
|
|
942 | 942 |
if role_id in (user.roles or []): |
943 | 943 |
return True |
944 | ||
945 |
# if there was some redispatching of function, values will be different |
|
946 |
# in formdata, check them. |
|
947 |
if formdata and formdata.workflow_roles: |
|
948 |
for role_id in formdata.workflow_roles.values(): |
|
949 |
if role_id in (user.roles or []): |
|
950 |
return True |
|
951 | ||
952 |
# if no formdata was given, lookup if there are some existing formdata |
|
953 |
# where the user has access. |
|
944 | 954 |
if not formdata: |
945 | 955 |
data_class = self.data_class() |
946 | 956 |
for role_id in user.roles or []: |
947 | 957 |
if data_class.get_ids_with_indexed_value('workflow_roles', role_id): |
948 | 958 |
return True |
959 | ||
949 | 960 |
return False |
950 | 961 | |
951 | 962 |
def is_user_allowed_read(self, user, formdata=None): |
952 |
- |