forms: allow access to global actions to anonymous users (#55199)

(accessing the formdata using its tracking code)
2021-06-26 15:56:26 +02:00 · 2021-06-26 15:56:26 +02:00 · e581d08c0a
parent 0c3549872f
commit e581d08c0a
2 changed files with 46 additions and 2 deletions
--- a/tests/form_pages/test_all.py
+++ b/tests/form_pages/test_all.py
@ -6570,6 +6570,50 @@ def test_user_global_action_same_status_store(pub):
    assert formdef.data_class().get(formdata.id).data['bo1'] == '123'


+def test_anonymous_user_global_action(pub):
+    workflow = Workflow.get_default_workflow()
+    workflow.id = '2'
+    action = workflow.add_global_action('FOOBAR')
+    register_comment = action.append_item('register-comment')
+    register_comment.comment = 'HELLO WORLD GLOBAL ACTION'
+    jump = action.append_item('jump')
+    jump.status = 'finished'
+    trigger = action.triggers[0]
+    trigger.roles = ['_submitter']
+
+    workflow.store()
+
+    formdef = FormDef()
+    formdef.name = 'test global action'
+    formdef.fields = []
+    formdef.enable_tracking_codes = True
+    formdef.workflow_id = workflow.id
+    formdef.workflow_roles = {}
+    formdef.store()
+
+    formdef.data_class().wipe()
+
+    app = get_app(pub)
+    resp = app.get(formdef.get_url())
+    resp = resp.form.submit('submit')
+    resp = resp.form.submit('submit')
+    assert formdef.data_class().count() == 1
+    formdata = formdef.data_class().select()[0]
+
+    app.cookiejar.clear()
+
+    resp = app.get('/')
+    resp.forms[0]['code'] = formdata.tracking_code
+    resp = resp.forms[0].submit().follow().follow()
+
+    assert 'button-action-1' in resp.form.fields
+    resp = resp.form.submit('button-action-1')
+
+    resp = app.get(formdata.get_url())
+    assert 'HELLO WORLD GLOBAL ACTION' in resp.text
+    assert formdef.data_class().get(formdata.id).status == 'wf-finished'
+
+
 def test_condition_on_action(pub, emails):
    create_user(pub)

--- a/wcs/workflows.py
+++ b/wcs/workflows.py
@ -557,8 +557,6 @@ class Workflow(StorableObject):
        return actions

    def get_global_actions_for_user(self, formdata, user):
-        if not user:
-            return []
        actions = []
        for action in self.global_actions or []:
            for trigger in action.triggers or []:
@ -566,6 +564,8 @@ class Workflow(StorableObject):
                    if '_submitter' in (trigger.roles or []) and formdata.is_submitter(user):
                        actions.append(action)
                        break
+                    if not user:
+                        continue
                    roles = set()
                    for role_id in trigger.roles or []:
                        if role_id == '_submitter':