620 |
620 |
|
621 |
621 |
assert [x.get('id') for x in resp.json['roles']['_receiver']] == [str(role.id)]
|
622 |
622 |
assert [x.get('id') for x in resp.json['roles']['_foobar']] == [str(another_role.id)]
|
623 |
|
assert [x.get('id') for x in resp.json['roles']['concerned']] == [str(role.id), str(another_role.id)]
|
|
623 |
assert (set([x.get('id') for x in resp.json['roles']['concerned']])
|
|
624 |
== set([str(role.id), str(another_role.id)]))
|
624 |
625 |
assert [x.get('id') for x in resp.json['roles']['actions']] == [str(role.id)]
|
625 |
626 |
|
626 |
627 |
# check the ?format=json endpoint returns 403
|
... | ... | |
732 |
733 |
upload = PicklableUpload('test.txt', 'text/plain', 'ascii')
|
733 |
734 |
upload.receive(['base64me'])
|
734 |
735 |
formdata.data = {'0': 'FOO BAR %d' % i, '2': upload}
|
|
736 |
formdata.user_id = local_user.id
|
735 |
737 |
if i%4 == 0:
|
736 |
738 |
formdata.data['1'] = 'foo'
|
737 |
739 |
formdata.data['1_display'] = 'foo'
|
... | ... | |
772 |
774 |
assert 'receipt_time' in resp.json[0]
|
773 |
775 |
assert 'fields' in resp.json[0]
|
774 |
776 |
assert 'file' not in resp.json[0]['fields'] # no file export in full lists
|
|
777 |
assert 'user' in resp.json[0]
|
775 |
778 |
|
776 |
779 |
assert [x for x in resp.json if x['fields']['foobar'] == 'FOO BAR 0'][0]['submission']['backoffice'] is True
|
777 |
780 |
assert [x for x in resp.json if x['fields']['foobar'] == 'FOO BAR 0'][0]['submission']['channel'] == 'Mail'
|
... | ... | |
794 |
797 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=all', user=local_user))
|
795 |
798 |
assert len(resp.json) == 30
|
796 |
799 |
|
|
800 |
def test_api_anonymized_formdata(pub, local_user):
|
|
801 |
Role.wipe()
|
|
802 |
role = Role(name='test')
|
|
803 |
role.store()
|
|
804 |
|
|
805 |
FormDef.wipe()
|
|
806 |
formdef = FormDef()
|
|
807 |
formdef.name = 'test'
|
|
808 |
formdef.workflow_roles = {'_receiver': role.id}
|
|
809 |
formdef.fields = [
|
|
810 |
fields.StringField(id='0', label='foobar', varname='foobar'),
|
|
811 |
fields.ItemField(id='1', label='foobar3', varname='foobar3', type='item',
|
|
812 |
items=['foo', 'bar', 'baz']),
|
|
813 |
fields.FileField(id='2', label='foobar4', varname='file'),
|
|
814 |
]
|
|
815 |
formdef.store()
|
|
816 |
|
|
817 |
data_class = formdef.data_class()
|
|
818 |
data_class.wipe()
|
|
819 |
|
|
820 |
for i in range(30):
|
|
821 |
formdata = data_class()
|
|
822 |
date = time.strptime('2014-01-20', '%Y-%m-%d')
|
|
823 |
upload = PicklableUpload('test.txt', 'text/plain', 'ascii')
|
|
824 |
upload.receive(['base64me'])
|
|
825 |
formdata.data = {'0': 'FOO BAR %d' % i, '2': upload}
|
|
826 |
formdata.user_id = local_user.id
|
|
827 |
if i%4 == 0:
|
|
828 |
formdata.data['1'] = 'foo'
|
|
829 |
formdata.data['1_display'] = 'foo'
|
|
830 |
elif i%4 == 1:
|
|
831 |
formdata.data['1'] = 'bar'
|
|
832 |
formdata.data['1_display'] = 'bar'
|
|
833 |
else:
|
|
834 |
formdata.data['1'] = 'baz'
|
|
835 |
formdata.data['1_display'] = 'baz'
|
|
836 |
|
|
837 |
formdata.just_created()
|
|
838 |
if i%3 == 0:
|
|
839 |
formdata.jump_status('new')
|
|
840 |
else:
|
|
841 |
formdata.jump_status('finished')
|
|
842 |
formdata.store()
|
|
843 |
|
|
844 |
# check access is granted even if the user has not the appropriate role
|
|
845 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?anonymise&full=on', user=local_user))
|
|
846 |
assert len(resp.json) == 30
|
|
847 |
assert 'receipt_time' in resp.json[0]
|
|
848 |
assert 'fields' in resp.json[0]
|
|
849 |
assert 'user' not in resp.json[0]
|
|
850 |
assert 'file' not in resp.json[0]['fields'] # no file export in full lists
|
|
851 |
assert 'foobar3' in resp.json[0]['fields']
|
|
852 |
assert 'foobar' not in resp.json[0]['fields']
|
|
853 |
|
|
854 |
# check access is granted event if there is no user
|
|
855 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?anonymise&full=on'))
|
|
856 |
assert len(resp.json) == 30
|
|
857 |
assert 'receipt_time' in resp.json[0]
|
|
858 |
assert 'fields' in resp.json[0]
|
|
859 |
assert 'user' not in resp.json[0]
|
|
860 |
assert 'file' not in resp.json[0]['fields'] # no file export in full lists
|
|
861 |
assert 'foobar3' in resp.json[0]['fields']
|
|
862 |
assert 'foobar' not in resp.json[0]['fields']
|
|
863 |
# check anonymise is enforced on detail view
|
|
864 |
resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[0]['id']))
|
|
865 |
assert 'receipt_time' in resp.json
|
|
866 |
assert 'fields' in resp.json
|
|
867 |
assert 'user' not in resp.json
|
|
868 |
assert 'file' not in resp.json['fields'] # no file export in detail
|
|
869 |
assert 'foobar3' in resp.json['fields']
|
|
870 |
assert 'foobar' not in resp.json['fields']
|
|
871 |
|
797 |
872 |
def test_roles(pub, local_user):
|
798 |
873 |
Role.wipe()
|
799 |
874 |
role = Role(name='Hello World')
|