api: add support for overwriting formdata owner with extra fields (#...)

2017-06-30 16:29:27 +02:00 · 2017-06-30 16:29:27 +02:00 · 9b70f59a8c
parent 6374822ff8
commit 9b70f59a8c
2 changed files with 36 additions and 1 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -723,6 +723,36 @@ def test_formdef_submit_from_wscall(pub, local_user):
    new_formdata = formdef.data_class().get(resp.json['data']['id'])
    assert str(new_formdata.user_id) == str(local_user.id)

+    # keep user but cancel it with a fake name id in extra
+    payload = json.loads(
+                json.dumps(formdata.get_json_export_dict(),
+                    cls=qommon.misc.JSONEncoder,
+                    encoding=get_publisher().site_charset))
+    payload['extra'] = {'user_name_id': 'plop'}
+    signed_url = sign_url('http://example.net/api/formdefs/test/submit?orig=coucou', '1234')
+    url = signed_url[len('http://example.net'):]
+
+    resp = get_app(pub).post_json(url, payload)
+    assert resp.json['err'] == 0
+    new_formdata = formdef.data_class().get(resp.json['data']['id'])
+    assert str(new_formdata.user_id) != str(local_user.id)
+    assert new_formdata.user_id is None
+
+    # keep user but cancel it with a fake email in extra
+    payload = json.loads(
+                json.dumps(formdata.get_json_export_dict(),
+                    cls=qommon.misc.JSONEncoder,
+                    encoding=get_publisher().site_charset))
+    payload['extra'] = {'user_email': 'plop'}
+    signed_url = sign_url('http://example.net/api/formdefs/test/submit?orig=coucou', '1234')
+    url = signed_url[len('http://example.net'):]
+
+    resp = get_app(pub).post_json(url, payload)
+    assert resp.json['err'] == 0
+    new_formdata = formdef.data_class().get(resp.json['data']['id'])
+    assert str(new_formdata.user_id) != str(local_user.id)
+    assert new_formdata.user_id is None
+
    # test missing map data
    del formdata.data['5']

--- a/wcs/api.py
+++ b/wcs/api.py
@ -266,6 +266,11 @@ class ApiFormdefDirectory(Directory):
                # handle workflow fields, put them all in the same data dictionary.
                data.update(json_input['workflow']['fields'])
            if 'extra' in json_input:
+                # map user_name_id and user_email to expected user location
+                if 'user_name_id' in json_input['extra']:
+                    json_input['user'] = {'NameID': [json_input['extra'].pop('user_name_id')]}
+                elif 'user_email' in json_input['extra']:
+                    json_input['user'] = {'email': json_input['extra'].pop('user_email')}
                data.update(json_input['extra'])
        else:
            data = {}
@ -283,7 +288,7 @@ class ApiFormdefDirectory(Directory):
            formdata.backoffice_submission = True
        elif 'user' in json_input:
            formdata_user = None
-            for name_id in json_input['user'].get('NameID'):
+            for name_id in json_input['user'].get('NameID') or []:
                formdata_user = get_publisher().user_class.get_users_with_name_identifier(name_id)
                if formdata_user:
                    break