forms: add a "preview" mode for disabled forms (#22)

tests/test_admin_pages.py

@@ -186,7 +186,7 @@ def test_forms_edit():
 
     # try changing title
     resp = app.get('/backoffice/forms/1/')
-    resp = resp.click(href='title')
+    resp = resp.click('change title')
     assert resp.forms[0]['name'].value == 'form title'
     resp.forms[0]['name'] = 'new title'
     resp = resp.forms[0].submit()

tests/test_form_pages.py

@@ -675,3 +675,28 @@ def test_form_count_dispatching(pub):
 
     assert len(formdef.data_class().select(clause=lambda x: x.status == 'wf-st2')) == 1
     assert len(formdef.data_class().select(clause=lambda x: x.status == 'wf-st1')) == 1
+
+def test_preview_form(pub):
+    user = create_user(pub)
+
+    formdef = create_formdef()
+    formdef.data_class().wipe()
+    formdef.fields = []
+    formdef.disabled = True
+    formdef.store()
+
+    # check the preview page is not accessible to regular users
+    get_app(pub).get('/preview/test/', status=403)
+
+    # check it's accessible to admins
+    user.is_admin = True
+    user.store()
+    page = login(get_app(pub), username='foo', password='foo').get('/preview/test/')
+
+    # check no formdata gets stored
+    next_page = page.forms[0].submit('submit')
+    assert 'Check values then click submit.' in next_page.body
+    next_page = next_page.forms[0].submit('submit')
+    assert next_page.status_int == 302
+    assert next_page.location == 'http://example.net/preview/test/'
+    assert formdef.data_class().count() == 0

wcs/admin/forms.py

@@ -382,7 +382,10 @@ class FormDefPage(Directory):
         r += htmltext('</ul>')
 
         r += htmltext('<ul>')
-        if not self.formdef.is_disabled():
+        if self.formdef.is_disabled():
+            r += htmltext('<li><a href="%s">%s</a></li>') % (
+                    self.formdef.get_url(preview=True), _('Preview Online'))
+        else:
             r += htmltext('<li><a href="%s">%s</a></li>') % (
                     self.formdef.get_url(), _('Display Online'))
         r += htmltext('<li><a href="public-url" rel="popup">%s</a></li>') % _('Display public URL')

wcs/formdef.py

@@ -329,9 +329,11 @@ class FormDef(StorableObject):
         return cls.get_on_index(url_name, 'url_name', ignore_migration=ignore_migration)
     get_by_urlname = classmethod(get_by_urlname)
 
-    def get_url(self, backoffice = False):
+    def get_url(self, backoffice=False, preview=False):
         if backoffice:
             base_url = get_publisher().get_backoffice_url() + '/management'
+        elif preview:
+            base_url = get_publisher().get_frontoffice_url() + '/preview'
         else:
             base_url = get_publisher().get_frontoffice_url()
         return '%s/%s/' % (base_url, self.url_name)

wcs/forms/preview.py

@@ -0,0 +1,43 @@
+# w.c.s. - web application for online forms
+# Copyright (C) 2005-2015  Entr'ouvert
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+from quixote import get_publisher, redirect
+from quixote.directory import Directory, AccessControlled
+from qommon import errors
+
+from .root import FormPage
+
+
+class PreviewFormPage(FormPage):
+    _q_exports = ['']
+
+    def check_role(self):
+        pass
+
+    def check_disabled(self):
+        return False
+
+    def submitted(self, *args, **kwargs):
+        return redirect('.')
+
+
+class PreviewDirectory(AccessControlled, Directory):
+    def _q_access(self):
+        if not get_publisher().get_backoffice_root().is_accessible('forms'):
+            raise errors.AccessForbiddenError()
+
+    def _q_lookup(self, component):
+        return PreviewFormPage(component)

wcs/forms/root.py

@@ -437,15 +437,19 @@ class FormPage(Directory):
         formdata.status = str('')
         get_publisher().substitutions.feed(formdata)
 
-    def _q_index(self, log_detail = None, editing = None):
-        self.check_role()
+    def check_disabled(self):
         if self.formdef.is_disabled():
             if self.formdef.disabled_redirection:
-                url = misc.get_variadic_url(self.formdef.disabled_redirection,
+                return misc.get_variadic_url(self.formdef.disabled_redirection,
                         get_publisher().substitutions.get_context_variables())
-                return redirect(url)
             else:
                 raise errors.AccessForbiddenError()
+        return False
+
+    def _q_index(self, log_detail = None, editing = None):
+        self.check_role()
+        if self.check_disabled():
+            return redirect(self.check_disabled())
 
         session = get_session()
 

wcs/root.py

@@ -51,6 +51,7 @@ from anonylink import AnonymityLink
 from roles import Role
 from wcs.api import get_user_from_api_query_string, ApiDirectory
 from myspace import MyspaceDirectory
+from forms.preview import PreviewDirectory
 
 
 class CompatibilityDirectory(Directory):
@@ -194,7 +195,7 @@ class RootDirectory(Directory):
     _q_exports = ['admin', 'backoffice', 'forms', 'login', 'logout', 'token', 'saml',
             'ident', 'register', 'afterjobs', 'themes', 'myspace', 'user', 'roles',
             'pages', ('tmp-upload', 'tmp_upload'), 'api', '__version__',
-            'tryauth', 'auth']
+            'tryauth', 'auth', 'preview']
 
     api = ApiDirectory()
     themes = template.ThemesDirectory()
@@ -380,3 +381,4 @@ class RootDirectory(Directory):
     register = RegisterDirectory()
     ident = IdentDirectory()
     afterjobs = AfterJobStatusDirectory()
+    preview = PreviewDirectory()