api: add backoffice-submission parameters to formdefs endpoints (#17689)
This commit is contained in:
parent
5b24487029
commit
e7fe4fba8b
|
@ -69,6 +69,12 @@ URL <code>/json</code> autrement.
|
|||
</p>
|
||||
</note>
|
||||
|
||||
<p>
|
||||
La liste des formulaires accessibles à un utilisateur dans le but de faire une
|
||||
saisie backoffice est disponible, sous le même format, via l'URL
|
||||
<code>/api/formdefs/?backoffice-submission=on</code>.
|
||||
</p>
|
||||
|
||||
|
||||
</section>
|
||||
|
||||
|
@ -114,6 +120,11 @@ Les formulaires d'une catégorie précise sont disponibles à l'URL
|
|||
https://www.example.net/api/categories/inscriptions/formdefs/</input>
|
||||
</screen>
|
||||
|
||||
<p>
|
||||
Comme pour la liste des formulaires en général, on peut ajouter l'argument
|
||||
<code>?backoffice-submission=on</code> à cette URL, pour n'obtenir que les
|
||||
formulaires de la catégorie accessibles en saisie backoffice.
|
||||
</p>
|
||||
|
||||
|
||||
</section>
|
||||
|
|
|
@ -327,6 +327,10 @@ def test_formdef_list(pub):
|
|||
assert resp1.json[0]['functions']['_receiver']['role']['slug'] == role.slug
|
||||
assert resp1.json[0]['functions']['_receiver']['role']['name'] == role.name
|
||||
|
||||
# backoffice_submission formdef : none
|
||||
resp1 = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp1.json) == 0
|
||||
|
||||
def test_limited_formdef_list(pub, local_user):
|
||||
Role.wipe()
|
||||
role = Role(name='Foo bar')
|
||||
|
@ -343,6 +347,9 @@ def test_limited_formdef_list(pub, local_user):
|
|||
|
||||
resp = get_app(pub).get('/api/formdefs/')
|
||||
assert len(resp.json) == 1
|
||||
# not present in backoffice-submission formdefs
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
# check it's not advertised
|
||||
formdef.roles = [role.id]
|
||||
|
@ -353,6 +360,9 @@ def test_limited_formdef_list(pub, local_user):
|
|||
resp4 = get_app(pub).get(sign_uri('/api/formdefs/?NameID=%s' % local_user.name_identifiers[0]))
|
||||
assert len(resp.json) == 0
|
||||
assert resp.json == resp2.json == resp3.json == resp4.json
|
||||
# still not present in backoffice-submission formdefs
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
# unless user has correct roles
|
||||
local_user.roles = [role.id]
|
||||
|
@ -394,6 +404,48 @@ def test_formdef_list_redirection(pub):
|
|||
assert resp1.json[0]['count'] == 0
|
||||
assert resp1.json[0]['redirection'] == True
|
||||
|
||||
def test_backoffice_submission_formdef_list(pub, local_user):
|
||||
Role.wipe()
|
||||
role = Role(name='Foo bar')
|
||||
role.id = '14'
|
||||
role.store()
|
||||
|
||||
FormDef.wipe()
|
||||
formdef = FormDef()
|
||||
formdef.name = 'test'
|
||||
formdef.description = 'plop'
|
||||
formdef.workflow_roles = {'_receiver': str(role.id)}
|
||||
formdef.fields = []
|
||||
formdef.store()
|
||||
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
# check it's not advertised ...
|
||||
formdef.backoffice_submission_roles = [role.id]
|
||||
formdef.store()
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
# even if it's advertised on frontoffice
|
||||
formdef.always_advertise = True
|
||||
formdef.store()
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
# ... unless user has correct roles
|
||||
local_user.roles = [role.id]
|
||||
local_user.store()
|
||||
resp = get_app(pub).get(sign_uri('/api/formdefs/?backoffice-submission=on&NameID=%s' %
|
||||
local_user.name_identifiers[0]))
|
||||
assert len(resp.json) == 1
|
||||
|
||||
# but not advertised if it's a redirection
|
||||
formdef.disabled = True
|
||||
formdef.disabled_redirection = 'http://example.net'
|
||||
formdef.store()
|
||||
resp = get_app(pub).get('/api/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
def test_formdef_schema(pub):
|
||||
Workflow.wipe()
|
||||
|
@ -828,8 +880,29 @@ def test_categories_private(pub, local_user):
|
|||
resp = get_app(pub).get(sign_uri('http://example.net/api/categories/', local_user))
|
||||
assert len(resp.json['data']) == 1
|
||||
|
||||
def test_categories_formdefs(pub):
|
||||
test_categories(pub)
|
||||
def test_categories_formdefs(pub, local_user):
|
||||
FormDef.wipe()
|
||||
Category.wipe()
|
||||
category = Category()
|
||||
category.name = 'Category'
|
||||
category.description = 'hello world'
|
||||
category.store()
|
||||
|
||||
formdef = FormDef()
|
||||
formdef.name = 'test'
|
||||
formdef.category_id = category.id
|
||||
formdef.fields = []
|
||||
formdef.keywords = 'mobile, test'
|
||||
formdef.store()
|
||||
formdef.data_class().wipe()
|
||||
|
||||
formdef = FormDef()
|
||||
formdef.name = 'test 2'
|
||||
formdef.category_id = category.id
|
||||
formdef.fields = []
|
||||
formdef.keywords = 'foobar'
|
||||
formdef.store()
|
||||
formdef.data_class().wipe()
|
||||
|
||||
formdef2 = FormDef()
|
||||
formdef2.name = 'other test'
|
||||
|
@ -851,6 +924,31 @@ def test_categories_formdefs(pub):
|
|||
|
||||
get_app(pub).get('/api/categories/XXX/formdefs/', status=404)
|
||||
|
||||
resp = get_app(pub).get('/api/categories/category/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
|
||||
Role.wipe()
|
||||
role = Role(name='test')
|
||||
role.store()
|
||||
local_user.roles = []
|
||||
local_user.store()
|
||||
# check it's not advertised ...
|
||||
formdef.backoffice_submission_roles = [role.id]
|
||||
formdef.store()
|
||||
resp = get_app(pub).get('/api/categories/category/formdefs/?backoffice-submission=on')
|
||||
assert len(resp.json) == 0
|
||||
resp = get_app(pub).get(sign_uri(
|
||||
'/api/categories/category/formdefs/?backoffice-submission=on&NameID=%s' %
|
||||
local_user.name_identifiers[0]))
|
||||
assert len(resp.json) == 0
|
||||
# ... unless user has correct roles
|
||||
local_user.roles = [role.id]
|
||||
local_user.store()
|
||||
resp = get_app(pub).get(sign_uri(
|
||||
'/api/categories/category/formdefs/?backoffice-submission=on&NameID=%s' %
|
||||
local_user.name_identifiers[0]))
|
||||
assert len(resp.json) == 1
|
||||
|
||||
def test_categories_full(pub):
|
||||
test_categories(pub)
|
||||
resp = get_app(pub).get('/api/categories/?full=on')
|
||||
|
|
30
wcs/api.py
30
wcs/api.py
|
@ -342,12 +342,20 @@ class ApiFormdefsDirectory(Directory):
|
|||
def __init__(self, category=None):
|
||||
self.category = category
|
||||
|
||||
def get_list_forms(self, user, list_all_forms=False, formdefs=None):
|
||||
def get_list_forms(self, user, list_all_forms=False, formdefs=None,
|
||||
backoffice_submission=False):
|
||||
list_forms = []
|
||||
|
||||
if not user and backoffice_submission:
|
||||
return list_forms
|
||||
|
||||
if formdefs is None:
|
||||
formdefs = FormDef.select(order_by='name', ignore_errors=True)
|
||||
|
||||
formdefs = [x for x in formdefs if not x.is_disabled() or x.disabled_redirection]
|
||||
if backoffice_submission:
|
||||
formdefs = [x for x in formdefs if not x.is_disabled()]
|
||||
else:
|
||||
formdefs = [x for x in formdefs if not x.is_disabled() or x.disabled_redirection]
|
||||
|
||||
if self.category:
|
||||
formdefs = [x for x in formdefs if str(x.category_id) == str(self.category.id)]
|
||||
|
@ -356,7 +364,7 @@ class ApiFormdefsDirectory(Directory):
|
|||
|
||||
for formdef in formdefs:
|
||||
authentication_required = False
|
||||
if formdef.roles and not list_all_forms:
|
||||
if formdef.roles and not list_all_forms and not backoffice_submission:
|
||||
if not user:
|
||||
if not formdef.always_advertise:
|
||||
continue
|
||||
|
@ -369,6 +377,14 @@ class ApiFormdefsDirectory(Directory):
|
|||
if not formdef.always_advertise:
|
||||
continue
|
||||
authentication_required = True
|
||||
elif backoffice_submission and not list_all_forms:
|
||||
if not formdef.backoffice_submission_roles:
|
||||
continue
|
||||
for role in user.roles or []:
|
||||
if role in formdef.backoffice_submission_roles:
|
||||
break
|
||||
else:
|
||||
continue
|
||||
|
||||
formdict = {'title': unicode(formdef.name, charset),
|
||||
'slug': formdef.url_name,
|
||||
|
@ -421,8 +437,10 @@ class ApiFormdefsDirectory(Directory):
|
|||
# webservice call.
|
||||
user = False
|
||||
list_all_forms = (user and user.is_admin) or (is_url_signed() and user is None)
|
||||
backoffice_submission = get_request().form.get('backoffice-submission') == 'on'
|
||||
|
||||
list_forms = self.get_list_forms(user, list_all_forms)
|
||||
list_forms = self.get_list_forms(user, list_all_forms,
|
||||
backoffice_submission=backoffice_submission)
|
||||
|
||||
list_forms.sort(lambda x, y: cmp(x['category_position'], y['category_position']))
|
||||
for formdict in list_forms:
|
||||
|
@ -461,6 +479,7 @@ class ApiCategoriesDirectory(Directory):
|
|||
# users.
|
||||
user = None
|
||||
list_all_forms = (user and user.is_admin) or (is_url_signed() and user is None)
|
||||
backoffice_submission = get_request().form.get('backoffice-submission') == 'on'
|
||||
list_categories = []
|
||||
charset = get_publisher().site_charset
|
||||
categories = Category.select()
|
||||
|
@ -474,7 +493,8 @@ class ApiCategoriesDirectory(Directory):
|
|||
if category.description:
|
||||
d['description'] = unicode(str(category.get_description_html_text(editable=False)), charset)
|
||||
formdefs = ApiFormdefsDirectory(category).get_list_forms(user,
|
||||
formdefs=all_formdefs, list_all_forms=list_all_forms)
|
||||
formdefs=all_formdefs, list_all_forms=list_all_forms,
|
||||
backoffice_submission=backoffice_submission)
|
||||
if not formdefs:
|
||||
# don't advertise empty categories
|
||||
continue
|
||||
|
|
Loading…
Reference in New Issue