0001-forms-keep-access-to-roles-that-are-mentioned-in-for.patch
| tests/test_backoffice_pages.py | ||
|---|---|---|
| 784 | 784 |
resp.form['f3'] = 'C' |
| 785 | 785 |
resp = resp.form.submit('submit') # to validation screen
|
| 786 | 786 |
resp = resp.form.submit('submit') # final submit
|
| 787 |
# should go the submission screen |
|
| 787 |
# should go to the formdata because the formdef is defined as is |
|
| 788 |
assert resp.location.startswith('http://example.net/backoffice/management/form-title/')
|
|
| 789 | ||
| 790 |
# remove function from formdef |
|
| 791 |
formdef.workflow_roles = {}
|
|
| 792 |
formdef.store() |
|
| 793 | ||
| 794 |
resp = app.get('/backoffice/submission/')
|
|
| 795 | ||
| 796 |
resp = resp.click(formdef.name) |
|
| 797 |
resp.form['f1'] = 'test submission' |
|
| 798 |
resp.form['f2'] = 'baz' |
|
| 799 |
resp.form['f3'] = 'C' |
|
| 800 |
resp = resp.form.submit('submit') # to validation screen
|
|
| 801 |
resp = resp.form.submit('submit') # final submit
|
|
| 802 |
# should NOT go to the formdata |
|
| 788 | 803 |
assert resp.location == 'http://example.net/backoffice/submission/' |
| 789 |
resp = resp.follow() |
|
| 804 | ||
| 805 |
# if there's no function but the dispatch sets the right function, should |
|
| 806 |
# go to the formdata screen |
|
| 807 |
dispatch.role_id = '1' |
|
| 808 |
wf.store() |
|
| 809 | ||
| 810 |
resp = app.get('/backoffice/submission/')
|
|
| 811 | ||
| 812 |
resp = resp.click(formdef.name) |
|
| 813 |
resp.form['f1'] = 'test submission' |
|
| 814 |
resp.form['f2'] = 'baz' |
|
| 815 |
resp.form['f3'] = 'C' |
|
| 816 |
resp = resp.form.submit('submit') # to validation screen
|
|
| 817 |
resp = resp.form.submit('submit') # final submit
|
|
| 818 |
# should go to the formdata because the formdata was dispatched to the |
|
| 819 |
# right role |
|
| 820 |
assert resp.location.startswith('http://example.net/backoffice/management/form-title/')
|
|
| 790 | 821 | |
| 791 | 822 |
def test_backoffice_submission_tracking_code(pub): |
| 792 | 823 |
user = create_user(pub) |
| wcs/formdef.py | ||
|---|---|---|
| 935 | 935 |
def is_of_concern_for_user(self, user, formdata=None): |
| 936 | 936 |
if not self.workflow_roles: |
| 937 | 937 |
self.workflow_roles = {}
|
| 938 |
workflow_roles = self.workflow_roles.copy() |
|
| 939 |
if formdata and formdata.workflow_roles:
|
|
| 940 |
workflow_roles.update(formdata.workflow_roles)
|
|
| 941 |
for role_id in workflow_roles.values(): |
|
| 938 | ||
| 939 |
# if the formdef itself has some function attributed to the user, grant
|
|
| 940 |
# access.
|
|
| 941 |
for role_id in self.workflow_roles.values():
|
|
| 942 | 942 |
if role_id in (user.roles or []): |
| 943 | 943 |
return True |
| 944 | ||
| 945 |
# if there was some redispatching of function, values will be different |
|
| 946 |
# in formdata, check them. |
|
| 947 |
if formdata and formdata.workflow_roles: |
|
| 948 |
for role_id in formdata.workflow_roles.values(): |
|
| 949 |
if role_id in (user.roles or []): |
|
| 950 |
return True |
|
| 951 | ||
| 952 |
# if no formdata was given, lookup if there are some existing formdata |
|
| 953 |
# where the user has access. |
|
| 944 | 954 |
if not formdata: |
| 945 | 955 |
data_class = self.data_class() |
| 946 | 956 |
for role_id in user.roles or []: |
| 947 | 957 |
if data_class.get_ids_with_indexed_value('workflow_roles', role_id):
|
| 948 | 958 |
return True |
| 959 | ||
| 949 | 960 |
return False |
| 950 | 961 | |
| 951 | 962 |
def is_user_allowed_read(self, user, formdata=None): |
| 952 |
- |
|