From c21edb827d172d95a1697b9b27e47c9058d4cf2f Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 20 Jun 2016 11:54:18 +0200
Subject: [PATCH] do not anonymise agents in evolutions (fixes #11432)

It allows making statistics on agents.
---
 tests/test_api.py | 36 +++++++++++++++++++++++++++++++++---
 wcs/formdata.py   | 14 +++++++-------
 2 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/tests/test_api.py b/tests/test_api.py
index 0f28c64..0ae8b15 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -62,6 +62,19 @@ def local_user():
     user.store()
     return user
 
+
+@pytest.fixture
+def admin_user():
+    get_publisher().user_class.wipe()
+    user = get_publisher().user_class()
+    user.name = 'John Doe Admin'
+    user.email = 'john.doe@example.com'
+    user.name_identifiers = ['0123456789']
+    user.is_admin = True
+    user.store()
+    return user
+
+
 def sign_uri(uri, user=None):
     timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
     scheme, netloc, path, params, query, fragment = urlparse.urlparse(uri)
@@ -1097,7 +1110,7 @@ def test_api_list_formdata(pub, local_user):
     resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=all', user=local_user))
     assert len(resp.json) == 30
 
-def test_api_anonymized_formdata(pub, local_user):
+def test_api_anonymized_formdata(pub, local_user, admin_user):
     Role.wipe()
     role = Role(name='test')
     role.store()
@@ -1138,7 +1151,12 @@ def test_api_anonymized_formdata(pub, local_user):
         if i%3 == 0:
             formdata.jump_status('new')
         else:
-            formdata.jump_status('finished')
+            evo = Evolution()
+            evo.who = admin_user.id
+            evo.time = time.localtime()
+            evo.status = 'wf-%s' % 'finished'
+            formdata.evolution.append(evo)
+            formdata.status = evo.status
         formdata.store()
 
     # check access is granted even if the user has not the appropriate role
@@ -1155,6 +1173,12 @@ def test_api_anonymized_formdata(pub, local_user):
     assert 'status' in resp.json[0]['evolution'][0]
     assert not 'who' in resp.json[0]['evolution'][0]
     assert 'time' in resp.json[0]['evolution'][0]
+    # check evolution made by other than _submitter are exported
+    assert 'who' in resp.json[1]['evolution'][1]
+    assert 'id' in resp.json[1]['evolution'][1]['who']
+    assert 'email' in resp.json[1]['evolution'][1]['who']
+    assert 'NameID' in resp.json[1]['evolution'][1]['who']
+    assert 'name' in resp.json[1]['evolution'][1]['who']
 
     # check access is granted event if there is no user
     resp = get_app(pub).get(sign_uri('/api/forms/test/list?anonymise&full=on'))
@@ -1171,7 +1195,7 @@ def test_api_anonymized_formdata(pub, local_user):
     assert not 'who' in resp.json[0]['evolution'][0]
     assert 'time' in resp.json[0]['evolution'][0]
     # check anonymise is enforced on detail view
-    resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[0]['id']))
+    resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[1]['id']))
     assert 'receipt_time' in resp.json
     assert 'fields' in resp.json
     assert 'user' not in resp.json
@@ -1183,6 +1207,12 @@ def test_api_anonymized_formdata(pub, local_user):
     assert 'status' in resp.json['evolution'][0]
     assert not 'who' in resp.json['evolution'][0]
     assert 'time' in resp.json['evolution'][0]
+    # check evolution made by other than _submitter are exported
+    assert 'who' in resp.json['evolution'][1]
+    assert 'id' in resp.json['evolution'][1]['who']
+    assert 'email' in resp.json['evolution'][1]['who']
+    assert 'NameID' in resp.json['evolution'][1]['who']
+    assert 'name' in resp.json['evolution'][1]['who']
 
 def test_roles(pub, local_user):
     Role.wipe()
diff --git a/wcs/formdata.py b/wcs/formdata.py
index 7b8d099..9ea8dfa 100644
--- a/wcs/formdata.py
+++ b/wcs/formdata.py
@@ -158,17 +158,17 @@ class Evolution(object):
         }
         if self.status:
             data['status'] = self.status[3:]
-        if not anonymise:
+        if self.who != '_submitter':
             try:
-                if self.who != '_submitter':
-                    user = get_publisher().user_class.get(self.who)
+                user = get_publisher().user_class.get(self.who)
             except KeyError:
                 pass
             else:
-                if user:
-                    data['who'] = user.get_json_export_dict()
-            if self.comment:
-                data['comment'] = self.comment
+                data['who'] = user.get_json_export_dict()
+        elif not anonymise and user:
+            data['who'] = user.get_json_export_dict()
+        if self.comment and not anonymise:
+            data['comment'] = self.comment
         parts = []
         for part in self.parts or []:
             if hasattr(part, 'get_json_export_dict'):
-- 
2.1.4