api: mark restricted formdefs as requiring authentication (#24522)
This commit is contained in:
parent
7ea96855b3
commit
055d6a29f3
|
@ -349,6 +349,7 @@ def test_limited_formdef_list(pub, local_user):
|
|||
resp = get_app(pub).get('/api/formdefs/')
|
||||
assert resp.json['err'] == 0
|
||||
assert len(resp.json['data']) == 1
|
||||
assert resp.json['data'][0]['authentication_required'] is False
|
||||
# not present in backoffice-submission formdefs
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert resp.json['err'] == 0
|
||||
|
@ -379,6 +380,12 @@ def test_limited_formdef_list(pub, local_user):
|
|||
local_user.roles = []
|
||||
local_user.store()
|
||||
|
||||
# check it's also included in anonymous/signed calls, but marked for
|
||||
# authentication
|
||||
resp = get_app(pub).get(sign_uri('/api/formdefs/'))
|
||||
assert resp.json['data'][0]
|
||||
assert resp.json['data'][0]['authentication_required'] is True
|
||||
|
||||
# check it's advertised
|
||||
formdef.always_advertise = True
|
||||
formdef.store()
|
||||
|
|
|
@ -388,6 +388,9 @@ class ApiFormdefsDirectory(Directory):
|
|||
break
|
||||
else:
|
||||
continue
|
||||
elif formdef.roles and user is None and list_all_forms:
|
||||
# anonymous API call, mark authentication as required
|
||||
authentication_required = True
|
||||
|
||||
formdict = {'title': unicode(formdef.name, charset),
|
||||
'slug': formdef.url_name,
|
||||
|
|
Loading…
Reference in New Issue