api: add support for temporary access to formdata in backoffice (#22280) #817
|
@ -11,7 +11,7 @@ from wcs.formdef import FormDef
|
|||
from wcs.qommon.afterjobs import AfterJob
|
||||
from wcs.qommon.http_request import HTTPRequest
|
||||
|
||||
from ..utilities import clean_temporary_pub, create_temporary_pub, get_app
|
||||
from ..utilities import clean_temporary_pub, create_temporary_pub, get_app, login
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
|
@ -40,7 +40,7 @@ def teardown_module(module):
|
|||
|
||||
|
||||
@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
|
||||
def test_tracking_code(pub, auth):
|
||||
def test_tracking_code(pub, auth, admin_user):
|
||||
FormDef.wipe()
|
||||
|
||||
app = get_app(pub)
|
||||
|
@ -60,7 +60,11 @@ def test_tracking_code(pub, auth):
|
|||
else:
|
||||
|
||||
def get_url(url, **kwargs):
|
||||
return app.get(sign_url(url + '?orig=coucou', '1234'), **kwargs)
|
||||
if '?' in url:
|
||||
url += '&orig=coucou'
|
||||
else:
|
||||
url += '?orig=coucou'
|
||||
return app.get(sign_url(url, '1234'), **kwargs)
|
||||
|
||||
formdef = FormDef()
|
||||
formdef.name = 'test'
|
||||
|
@ -102,6 +106,15 @@ def test_tracking_code(pub, auth):
|
|||
assert resp.json['url'] == 'http://example.net/test/%s/' % formdata.id
|
||||
assert get_app(pub).get(resp.json['load_url']).location == formdata.get_url()
|
||||
|
||||
resp = get_url('/api/code/%s?backoffice=true' % code.id, status=200)
|
||||
assert resp.json['err'] == 0
|
||||
assert resp.json['url'] == 'http://example.net/backoffice/management/test/%s/' % formdata.id
|
||||
app2 = login(get_app(pub))
|
||||
tnoel marked this conversation as resolved
Outdated
|
||||
resp = app2.get(resp.json['load_url'])
|
||||
assert resp.location == formdata.get_backoffice_url()
|
||||
resp = resp.follow()
|
||||
assert 'This form has been accessed via its tracking code' in resp.text
|
||||
|
||||
formdef.enable_tracking_codes = False
|
||||
formdef.store()
|
||||
resp = get_url('/api/code/%s' % code.id, status=404)
|
||||
|
|
|
@ -1250,8 +1250,10 @@ class ApiTrackingCodeDirectory(Directory):
|
|||
# redirect the user to the formdata.
|
||||
data = {
|
||||
'err': 0,
|
||||
'url': formdata.get_url(),
|
||||
'load_url': formdata.get_temporary_access_url(duration=300),
|
||||
'url': formdata.get_url(backoffice=get_query_flag('backoffice')),
|
||||
'load_url': formdata.get_temporary_access_url(
|
||||
duration=300, backoffice=get_query_flag('backoffice')
|
||||
),
|
||||
}
|
||||
return json.dumps(data)
|
||||
|
||||
|
|
|
@ -851,7 +851,7 @@ class FormData(StorableObject):
|
|||
def get_file_base_url(self):
|
||||
return '%sdownload' % self.get_url()
|
||||
|
||||
def get_temporary_access_url(self, duration, bypass_checks=False):
|
||||
def get_temporary_access_url(self, duration, bypass_checks=False, backoffice=False):
|
||||
token = get_publisher().token_class(expiration_delay=duration, size=64)
|
||||
token.type = 'temporary-access-url'
|
||||
token.context = {
|
||||
|
@ -859,6 +859,7 @@ class FormData(StorableObject):
|
|||
'form_type': self.formdef.xml_root_node,
|
||||
'form_number_raw': self.id,
|
||||
'bypass_checks': bypass_checks,
|
||||
'backoffice': backoffice,
|
||||
}
|
||||
token.store()
|
||||
return urllib.parse.urljoin(get_publisher().get_frontoffice_url(), f'/code/{token.id}/load')
|
||||
|
|
|
@ -197,6 +197,9 @@ class TrackingCodeDirectory(Directory):
|
|||
except KeyError:
|
||||
raise errors.TraversalError()
|
||||
bypass_checks = token.context.get('bypass_checks')
|
||||
if token.context.get('backoffice'):
|
||||
get_session().mark_anonymous_formdata(formdata)
|
||||
return redirect(formdata.get_backoffice_url())
|
||||
elif get_publisher().get_site_option('allow-tracking-code-in-url') == 'true':
|
||||
formdata = self.get_formdata_from_code(self.code)
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue
Je verrais bien à la suite ici un test qui vérifie qu'un accès au formulaire en backoffice affiche bien le texte "This form has been accessed via its tracking code" (qui s'affiche quand un agent accès à un formulaire via le code de suivi). Histoire de vérifier qu'on est passé par le mark_anonymous_formdata
Genre :
Ça a demandé un peu plus que ces 4 lignes mais ça a été ajouté au test.