entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 35 Releases Activity

do not anonymise agents in evolutions (#11432) 

It allows making statistics on agents.
This commit is contained in:
Benjamin Dauvergne 2016-06-20 11:54:18 +02:00
parent 5f1c14ce9c
commit b2c0150d1c
2 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
tests/test_api.py
View File

@ -62,6 +62,19 @@ def local_user():
user.store()
return user
@pytest.fixture
def admin_user():
get_publisher().user_class.wipe()
user = get_publisher().user_class()
user.name = 'John Doe Admin'
user.email = 'john.doe@example.com'
user.name_identifiers = ['0123456789']
user.is_admin = True
user.store()
return user
def sign_uri(uri, user=None):
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
scheme, netloc, path, params, query, fragment = urlparse.urlparse(uri)
@ -1125,7 +1138,7 @@ def test_api_list_formdata(pub, local_user):
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=all', user=local_user))
assert len(resp.json) == 30
def test_api_anonymized_formdata(pub, local_user):
def test_api_anonymized_formdata(pub, local_user, admin_user):
Role.wipe()
role = Role(name='test')
role.store()
@ -1166,7 +1179,12 @@ def test_api_anonymized_formdata(pub, local_user):
if i%3 == 0:
formdata.jump_status('new')
else:
formdata.jump_status('finished')
evo = Evolution()
evo.who = admin_user.id
evo.time = time.localtime()
evo.status = 'wf-%s' % 'finished'
formdata.evolution.append(evo)
formdata.status = evo.status
formdata.store()
# check access is granted even if the user has not the appropriate role
@ -1183,6 +1201,12 @@ def test_api_anonymized_formdata(pub, local_user):
assert 'status' in resp.json[0]['evolution'][0]
assert not 'who' in resp.json[0]['evolution'][0]
assert 'time' in resp.json[0]['evolution'][0]
# check evolution made by other than _submitter are exported
assert 'who' in resp.json[1]['evolution'][1]
assert 'id' in resp.json[1]['evolution'][1]['who']
assert 'email' in resp.json[1]['evolution'][1]['who']
assert 'NameID' in resp.json[1]['evolution'][1]['who']
assert 'name' in resp.json[1]['evolution'][1]['who']
# check access is granted event if there is no user
resp = get_app(pub).get(sign_uri('/api/forms/test/list?anonymise&full=on'))
@ -1199,7 +1223,7 @@ def test_api_anonymized_formdata(pub, local_user):
assert not 'who' in resp.json[0]['evolution'][0]
assert 'time' in resp.json[0]['evolution'][0]
# check anonymise is enforced on detail view
resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[0]['id']))
resp = get_app(pub).get(sign_uri('/api/forms/%s/?anonymise&full=on' % resp.json[1]['id']))
assert 'receipt_time' in resp.json
assert 'fields' in resp.json
assert 'user' not in resp.json
@ -1211,6 +1235,12 @@ def test_api_anonymized_formdata(pub, local_user):
assert 'status' in resp.json['evolution'][0]
assert not 'who' in resp.json['evolution'][0]
assert 'time' in resp.json['evolution'][0]
# check evolution made by other than _submitter are exported
assert 'who' in resp.json['evolution'][1]
assert 'id' in resp.json['evolution'][1]['who']
assert 'email' in resp.json['evolution'][1]['who']
assert 'NameID' in resp.json['evolution'][1]['who']
assert 'name' in resp.json['evolution'][1]['who']
def test_roles(pub, local_user):
Role.wipe()

14
wcs/formdata.py
View File

@ -158,17 +158,17 @@ class Evolution(object):
}
if self.status:
data['status'] = self.status[3:]
if not anonymise:
if self.who != '_submitter':
try:
if self.who != '_submitter':
user = get_publisher().user_class.get(self.who)
user = get_publisher().user_class.get(self.who)
except KeyError:
pass
else:
if user:
data['who'] = user.get_json_export_dict()
if self.comment:
data['comment'] = self.comment
data['who'] = user.get_json_export_dict()
elif not anonymise and user:
data['who'] = user.get_json_export_dict()
if self.comment and not anonymise:
data['comment'] = self.comment
parts = []
for part in self.parts or []:
if hasattr(part, 'get_json_export_dict'):