2023-11-10 08:58:56 +01:00 · 2023-11-07 10:17:13 +01:00 · 2023-11-08 19:34:48 +01:00
4 changed files with 25 additions and 6 deletions
--- a/tests/api/test_all.py
+++ b/tests/api/test_all.py
@ -11,7 +11,7 @@ from wcs.formdef import FormDef
 from wcs.qommon.afterjobs import AfterJob
 from wcs.qommon.http_request import HTTPRequest

-from ..utilities import clean_temporary_pub, create_temporary_pub, get_app
+from ..utilities import clean_temporary_pub, create_temporary_pub, get_app, login


@pytest.fixture
@ -40,7 +40,7 @@ def teardown_module(module):


@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
-def test_tracking_code(pub, auth):
+def test_tracking_code(pub, auth, admin_user):
    FormDef.wipe()

    app = get_app(pub)
@ -60,7 +60,11 @@ def test_tracking_code(pub, auth):
    else:

        def get_url(url, **kwargs):
-            return app.get(sign_url(url + '?orig=coucou', '1234'), **kwargs)
+            if '?' in url:
+                url += '&orig=coucou'
+            else:
+                url += '?orig=coucou'
+            return app.get(sign_url(url, '1234'), **kwargs)

    formdef = FormDef()
    formdef.name = 'test'
@ -102,6 +106,15 @@ def test_tracking_code(pub, auth):
    assert resp.json['url'] == 'http://example.net/test/%s/' % formdata.id
    assert get_app(pub).get(resp.json['load_url']).location == formdata.get_url()

+    resp = get_url('/api/code/%s?backoffice=true' % code.id, status=200)
+    assert resp.json['err'] == 0
+    assert resp.json['url'] == 'http://example.net/backoffice/management/test/%s/' % formdata.id
+    app2 = login(get_app(pub))
+    resp = app2.get(resp.json['load_url'])
+    assert resp.location == formdata.get_backoffice_url()
+    resp = resp.follow()
+    assert 'This form has been accessed via its tracking code' in resp.text
+
    formdef.enable_tracking_codes = False
    formdef.store()
    resp = get_url('/api/code/%s' % code.id, status=404)
--- a/wcs/api.py
+++ b/wcs/api.py
@ -1250,8 +1250,10 @@ class ApiTrackingCodeDirectory(Directory):
        # redirect the user to the formdata.
        data = {
            'err': 0,
-            'url': formdata.get_url(),
-            'load_url': formdata.get_temporary_access_url(duration=300),
+            'url': formdata.get_url(backoffice=get_query_flag('backoffice')),
+            'load_url': formdata.get_temporary_access_url(
+                duration=300, backoffice=get_query_flag('backoffice')
+            ),
        }
        return json.dumps(data)

--- a/wcs/formdata.py
+++ b/wcs/formdata.py
@ -851,7 +851,7 @@ class FormData(StorableObject):
    def get_file_base_url(self):
        return '%sdownload' % self.get_url()

-    def get_temporary_access_url(self, duration, bypass_checks=False):
+    def get_temporary_access_url(self, duration, bypass_checks=False, backoffice=False):
        token = get_publisher().token_class(expiration_delay=duration, size=64)
        token.type = 'temporary-access-url'
        token.context = {
@ -859,6 +859,7 @@ class FormData(StorableObject):
            'form_type': self.formdef.xml_root_node,
            'form_number_raw': self.id,
            'bypass_checks': bypass_checks,
+            'backoffice': backoffice,
        }
        token.store()
        return urllib.parse.urljoin(get_publisher().get_frontoffice_url(), f'/code/{token.id}/load')
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@ -197,6 +197,9 @@ class TrackingCodeDirectory(Directory):
            except KeyError:
                raise errors.TraversalError()
            bypass_checks = token.context.get('bypass_checks')
+            if token.context.get('backoffice'):
+                get_session().mark_anonymous_formdata(formdata)
+                return redirect(formdata.get_backoffice_url())
        elif get_publisher().get_site_option('allow-tracking-code-in-url') == 'true':
            formdata = self.get_formdata_from_code(self.code)
        else: