api: expose formdata retrieval api under /api/ (#8678)
This commit is contained in:
parent
df9bab4c1f
commit
05f8268ae2
|
@ -31,7 +31,7 @@ newsletter.
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
<output style="prompt">$ </output><input>curl -H "Accept: application/json" \
|
<output style="prompt">$ </output><input>curl -H "Accept: application/json" \
|
||||||
https://www.example.net/inscriptions/newsletter/16/</input>
|
https://www.example.net/api/forms/newsletter/16/</input>
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -391,6 +391,9 @@ def test_categories_formdefs():
|
||||||
|
|
||||||
|
|
||||||
def test_formdata(local_user):
|
def test_formdata(local_user):
|
||||||
|
Role.wipe()
|
||||||
|
role = Role(name='test')
|
||||||
|
role.store()
|
||||||
FormDef.wipe()
|
FormDef.wipe()
|
||||||
formdef = FormDef()
|
formdef = FormDef()
|
||||||
formdef.name = 'test'
|
formdef.name = 'test'
|
||||||
|
@ -399,6 +402,7 @@ def test_formdata(local_user):
|
||||||
fields.StringField(id='1', label='foobar2'),
|
fields.StringField(id='1', label='foobar2'),
|
||||||
fields.DateField(id='2', label='foobar3', varname='date'),
|
fields.DateField(id='2', label='foobar3', varname='date'),
|
||||||
fields.FileField(id='3', label='foobar4', varname='file'),]
|
fields.FileField(id='3', label='foobar4', varname='file'),]
|
||||||
|
formdef.workflow_roles = {'_receiver': role.id}
|
||||||
formdef.store()
|
formdef.store()
|
||||||
|
|
||||||
formdata = formdef.data_class()()
|
formdata = formdef.data_class()()
|
||||||
|
@ -410,7 +414,18 @@ def test_formdata(local_user):
|
||||||
formdata.just_created()
|
formdata.just_created()
|
||||||
formdata.store()
|
formdata.store()
|
||||||
|
|
||||||
resp = get_app(pub).get(sign_uri('/test/%s/' % formdata.id, user=local_user))
|
resp = get_app(pub).get(
|
||||||
|
sign_uri('/api/forms/test/%s/' % formdata.id, user=local_user),
|
||||||
|
status=403)
|
||||||
|
|
||||||
|
local_user.roles = [role.id]
|
||||||
|
local_user.store()
|
||||||
|
resp = get_app(pub).get(
|
||||||
|
sign_uri('/api/forms/test/%s/' % formdata.id, user=local_user),
|
||||||
|
status=200)
|
||||||
|
|
||||||
|
resp2 = get_app(pub).get(sign_uri('/test/%s/' % formdata.id, user=local_user))
|
||||||
|
assert resp.json == resp2.json
|
||||||
assert 'last_update_time' in resp.json
|
assert 'last_update_time' in resp.json
|
||||||
assert len(resp.json['fields']) == 3 # foobar2 has no varname, not in json
|
assert len(resp.json['fields']) == 3 # foobar2 has no varname, not in json
|
||||||
assert resp.json['user']['name'] == local_user.name
|
assert resp.json['user']['name'] == local_user.name
|
||||||
|
|
24
wcs/api.py
24
wcs/api.py
|
@ -35,6 +35,7 @@ from qommon.errors import (AccessForbiddenError, QueryError, TraversalError,
|
||||||
from wcs.categories import Category
|
from wcs.categories import Category
|
||||||
from wcs.formdef import FormDef
|
from wcs.formdef import FormDef
|
||||||
from wcs.roles import Role, logged_users_role
|
from wcs.roles import Role, logged_users_role
|
||||||
|
from wcs.forms.common import FormStatusPage
|
||||||
from wcs.forms.root import RootDirectory
|
from wcs.forms.root import RootDirectory
|
||||||
import wcs.qommon.storage as st
|
import wcs.qommon.storage as st
|
||||||
|
|
||||||
|
@ -136,6 +137,22 @@ def sign_string(s, key, algo='sha256', timedelta=30):
|
||||||
from backoffice.management import FormPage as BackofficeFormPage
|
from backoffice.management import FormPage as BackofficeFormPage
|
||||||
|
|
||||||
|
|
||||||
|
class ApiFormdataPage(FormStatusPage):
|
||||||
|
_q_exports = ['', 'download']
|
||||||
|
|
||||||
|
def _q_index(self):
|
||||||
|
return self.json()
|
||||||
|
|
||||||
|
def check_receiver(self):
|
||||||
|
api_user = get_user_from_api_query_string()
|
||||||
|
if not api_user:
|
||||||
|
if get_request().user and get_request().user.is_admin:
|
||||||
|
return # grant access to admins, to ease debug
|
||||||
|
raise AccessForbiddenError()
|
||||||
|
if not self.formdef.is_user_allowed_read_status_and_history(api_user, self.filled):
|
||||||
|
raise AccessForbiddenError()
|
||||||
|
|
||||||
|
|
||||||
class ApiFormPage(BackofficeFormPage):
|
class ApiFormPage(BackofficeFormPage):
|
||||||
_q_exports = [('list', 'json')] # same as backoffice but restricted to json export
|
_q_exports = [('list', 'json')] # same as backoffice but restricted to json export
|
||||||
|
|
||||||
|
@ -153,6 +170,13 @@ class ApiFormPage(BackofficeFormPage):
|
||||||
if not self.formdef.is_of_concern_for_user(api_user):
|
if not self.formdef.is_of_concern_for_user(api_user):
|
||||||
raise AccessForbiddenError()
|
raise AccessForbiddenError()
|
||||||
|
|
||||||
|
def _q_lookup(self, component):
|
||||||
|
try:
|
||||||
|
formdata = self.formdef.data_class().get(component)
|
||||||
|
except KeyError:
|
||||||
|
raise TraversalError()
|
||||||
|
return ApiFormdataPage(self.formdef, formdata)
|
||||||
|
|
||||||
|
|
||||||
class ApiFormsDirectory(Directory):
|
class ApiFormsDirectory(Directory):
|
||||||
def _q_lookup(self, component):
|
def _q_lookup(self, component):
|
||||||
|
|
Loading…
Reference in New Issue