0001-api-add-new-endpoint-to-remove-a-draft-10038.patch
tests/test_api.py | ||
---|---|---|
844 | 844 |
'publication_date', 'detailed_emails', |
845 | 845 |
'disabled_redirection']) |
846 | 846 |
assert len(resp.json['workflow_schema']['statuses']) == 2 |
847 | ||
848 |
def test_user_remove_draft(pub, local_user): |
|
849 |
FormDef.wipe() |
|
850 |
formdef = FormDef() |
|
851 |
formdef.name = 'test' |
|
852 |
formdef.fields = [] |
|
853 |
formdef.store() |
|
854 | ||
855 |
formdata = formdef.data_class()() |
|
856 |
formdata.status = 'draft' |
|
857 |
formdata.store() |
|
858 | ||
859 |
uri = '/api/user/removedraft?formdef=%s&id=%s' % (formdef.url_name, formdata.id) |
|
860 |
resp = get_app(pub).get(sign_uri(uri), status=403) |
|
861 |
resp = get_app(pub).get(sign_uri(uri, user=local_user), status=403) |
|
862 |
formdata.status = 'wf-new' |
|
863 |
formdata.store() |
|
864 |
resp = get_app(pub).get(sign_uri(uri, user=local_user), status=403) |
|
865 | ||
866 |
formdata.status = 'draft' |
|
867 |
formdata.user_id = local_user.id |
|
868 |
formdata.store() |
|
869 |
resp = get_app(pub).get(sign_uri(uri, user=local_user)) |
|
870 |
assert resp.json['err'] == 0 |
wcs/api.py | ||
---|---|---|
407 | 407 | |
408 | 408 | |
409 | 409 |
class ApiUserDirectory(Directory): |
410 |
_q_exports = ['', 'forms', 'drafts'] |
|
410 |
_q_exports = ['', 'forms', 'drafts', 'removedraft']
|
|
411 | 411 | |
412 | 412 |
def __init__(self, user=None): |
413 | 413 |
self.user = user |
... | ... | |
505 | 505 |
cls=misc.JSONEncoder, |
506 | 506 |
encoding=get_publisher().site_charset) |
507 | 507 | |
508 |
def removedraft(self): |
|
509 |
# query string: ?formdef=<urlname>&id=<id> |
|
510 |
get_response().set_content_type('application/json') |
|
511 |
user = self.user or get_user_from_api_query_string() |
|
512 |
if not user: |
|
513 |
raise AccessForbiddenError('no user specified') |
|
514 |
formdef = FormDef.get_by_urlname(get_request().form.get('formdef')) |
|
515 |
formdata = formdef.data_class().get(get_request().form.get('id')) |
|
516 |
if str(formdata.user_id) != str(user.id): |
|
517 |
raise AccessForbiddenError('not yours') |
|
518 |
if not formdata.is_draft(): |
|
519 |
raise AccessForbiddenError('not a draft') |
|
520 |
formdata.remove_self() |
|
521 |
return json.dumps({'err': 0}, indent=2) |
|
522 | ||
508 | 523 | |
509 | 524 |
class ApiUsersDirectory(Directory): |
510 | 525 |
_q_exports = [''] |
511 |
- |