From daa18a849d027de5a615dccf4c90d9342cd1b5e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Thu, 22 Oct 2015 11:39:22 +0200 Subject: [PATCH] backoffice: add tracking code form for agents (#8755) --- tests/test_backoffice_pages.py | 48 +++++++++++++++++++++++++++++++++ wcs/api.py | 4 +++ wcs/backoffice/management.py | 53 ++++++++++++++++++++++++++++++++++--- wcs/qommon/static/css/dc2/admin.css | 5 ++++ 4 files changed, 107 insertions(+), 3 deletions(-) diff --git a/tests/test_backoffice_pages.py b/tests/test_backoffice_pages.py index b01d612..26394d1 100644 --- a/tests/test_backoffice_pages.py +++ b/tests/test_backoffice_pages.py @@ -787,3 +787,51 @@ def test_global_listing(pub): assert resp.body.count('%s') % _('Global View') r += htmltext('') r += htmltext('') + r += self.get_tracking_code_sidebox() + return r.getvalue() + + def code(self): + code = get_request().form.get('code') + try: + tracking_code = get_publisher().tracking_code_class.get(code) + except KeyError: + get_session().message = ('error', _('No such code')) + return redirect(get_request().form.get('back') or '.') + formdata = tracking_code.formdata + get_session().mark_anonymous_formdata(formdata) + return redirect(formdata.get_url(backoffice=True)) + + def get_tracking_code_sidebox(self, back_place=''): + r = TemplateIO(html=True) + if any((x for x in FormDef.select() if x.enable_tracking_codes)): + r += htmltext('
') + r += htmltext('

%s

' % _('Tracking Code')) + r += htmltext('
') + r += htmltext('') % back_place + r += htmltext('' + ) % _('ex: RPQDFVCD') + r += htmltext('') % _('Load') + r += htmltext('
') + r += htmltext('
') return r.getvalue() def get_global_listing_sidebar(self, limit=None, offset=None): @@ -142,6 +169,7 @@ class ManagementDirectory(Directory): form.add_submit('submit', _('Submit')) r = TemplateIO(html=True) + r += self.get_tracking_code_sidebox('listing') r += htmltext('
') r += htmltext('

%s

') % _('Filters') r += form.render() @@ -362,6 +390,7 @@ class ManagementDirectory(Directory): get_response().filter['sidebar'] = self.get_global_listing_sidebar() rt = TemplateIO(html=True) rt += htmltext('

%s

') % _('Global View') + rt += get_session().display_message() rt += r.getvalue() r = rt return rt.getvalue() @@ -379,7 +408,9 @@ class FormPage(Directory): self.formdef = FormDef.get_by_urlname(component) except KeyError: raise errors.TraversalError() + get_response().breadcrumb.append( (component + '/', self.formdef.name) ) + def check_access(self): session = get_session() user = get_request().user if user is None and get_publisher().user_class.count() == 0: @@ -392,7 +423,6 @@ class FormPage(Directory): raise errors.AccessForbiddenError() else: raise errors.AccessUnauthorizedError() - get_response().breadcrumb.append( (component + '/', self.formdef.name) ) def get_formdata_sidebar(self, qs=''): r = TemplateIO(html=True) @@ -645,8 +675,8 @@ class FormPage(Directory): return criterias - def _q_index(self): + self.check_access() get_logger().info('backoffice - form %s - listing' % self.formdef.name) fields = self.get_fields_from_query() @@ -689,6 +719,7 @@ class FormPage(Directory): return r.getvalue() def pending(self): + self.check_access() get_logger().info('backoffice - form %s - pending' % self.formdef.name) get_response().breadcrumb.append( ('pending', _('Pending Forms')) ) html_top('management', '%s - %s' % (_('Pending Forms'), self.formdef.name)) @@ -759,6 +790,7 @@ class FormPage(Directory): return elements def csv(self): + self.check_access() fields = self.get_fields_from_query() selected_filter = self.get_filter_from_query() user = get_request().user @@ -808,6 +840,7 @@ class FormPage(Directory): return exporter.output.getvalue() def export(self): + self.check_access() if get_request().form.get('download'): return self.export_download() @@ -852,6 +885,7 @@ class FormPage(Directory): return job.file_content def xls(self): + self.check_access() if xlwt is None: raise errors.TraversalError() @@ -913,6 +947,7 @@ class FormPage(Directory): return exporter.output.getvalue() def ods(self): + self.check_access() fields = self.get_fields_from_query() selected_filter = self.get_filter_from_query() user = get_request().user @@ -971,6 +1006,7 @@ class FormPage(Directory): return exporter.output.getvalue() def json(self): + self.check_access() get_response().set_content_type('application/json') from wcs.api import get_user_from_api_query_string user = get_user_from_api_query_string() or get_request().user @@ -1005,6 +1041,7 @@ class FormPage(Directory): return r.getvalue() def stats(self): + self.check_access() get_logger().info('backoffice - form %s - stats' % self.formdef.name) html_top('management', '%s - %s' % (_('Form'), self.formdef.name)) r = TemplateIO(html=True) @@ -1199,6 +1236,16 @@ class FormBackOfficeStatusPage(FormStatusPage): get_response().filter['sidebar'] = self.get_sidebar() return self.status() + def receipt(self, *args, **kwargs): + r = TemplateIO(html=True) + if get_session() and get_session().is_anonymous_submitter(self.filled): + r += htmltext('
') + r += _('This form has been accessed via its tracking code, it is ' + 'therefore displayed like you were its owner.') + r += htmltext('
') + r += super(FormBackOfficeStatusPage, self).receipt(*args, **kwargs) + return r.getvalue() + def get_sidebar(self): return self.get_extra_context_bar() diff --git a/wcs/qommon/static/css/dc2/admin.css b/wcs/qommon/static/css/dc2/admin.css index d848af5..869335e 100644 --- a/wcs/qommon/static/css/dc2/admin.css +++ b/wcs/qommon/static/css/dc2/admin.css @@ -1092,6 +1092,11 @@ div.extra-context p.thumbnail img { transform: rotate(2deg); } +div#tracking-code button { + position: relative; + top: -2px; +} + @media print { div#sidebar { display: none; -- 2.6.1