api: don't check category permissions (#54757)
This commit is contained in:
parent
e8926cd070
commit
4255ed1674
|
@ -1046,6 +1046,17 @@ def test_api_ods_formdata(pub, local_user):
|
|||
ods_sheet = ET.parse(zipf.open('content.xml'))
|
||||
assert len(ods_sheet.findall('.//{%s}table-row' % ods.NS['table'])) == 311
|
||||
|
||||
# check it's not subject to category permissions
|
||||
role2 = pub.role_class(name='test2')
|
||||
role2.store()
|
||||
category = Category()
|
||||
category.name = 'Category 1'
|
||||
category.export_roles = [role2]
|
||||
category.store()
|
||||
formdef.category = category
|
||||
formdef.store()
|
||||
get_app(pub).get(sign_uri('/api/forms/test/ods', user=local_user), status=200)
|
||||
|
||||
|
||||
def test_api_global_geojson(pub, local_user):
|
||||
pub.role_class.wipe()
|
||||
|
|
|
@ -2181,7 +2181,11 @@ class FormPage(Directory):
|
|||
|
||||
def csv(self):
|
||||
self.check_access()
|
||||
if self.formdef.category and not self.formdef.category.has_permission('export', get_request().user):
|
||||
if (
|
||||
not get_request().is_api_url()
|
||||
and self.formdef.category
|
||||
and not self.formdef.category.has_permission('export', get_request().user)
|
||||
):
|
||||
raise errors.AccessForbiddenError()
|
||||
fields = self.get_fields_from_query()
|
||||
selected_filter = self.get_filter_from_query()
|
||||
|
@ -2235,7 +2239,11 @@ class FormPage(Directory):
|
|||
if get_request().has_anonymised_data_api_restriction():
|
||||
# api/ will let this pass but we don't want that.
|
||||
raise errors.AccessForbiddenError()
|
||||
if self.formdef.category and not self.formdef.category.has_permission('export', get_request().user):
|
||||
if (
|
||||
not get_request().is_api_url()
|
||||
and self.formdef.category
|
||||
and not self.formdef.category.has_permission('export', get_request().user)
|
||||
):
|
||||
raise errors.AccessForbiddenError()
|
||||
fields = self.get_fields_from_query()
|
||||
selected_filter = self.get_filter_from_query()
|
||||
|
|
Loading…
Reference in New Issue