110 lines
4.0 KiB
Python
110 lines
4.0 KiB
Python
# w.c.s. - web application for online forms
|
|
# Copyright (C) 2005-2011 Entr'ouvert
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
import random
|
|
|
|
from quixote.directory import Directory
|
|
|
|
from qommon.publisher import get_publisher_class
|
|
from qommon.form import *
|
|
|
|
from qommon.ident.password import make_password
|
|
from qommon import errors
|
|
|
|
from qommon import tokens
|
|
|
|
from wcs.workflows import WorkflowStatusItem, register_item_class
|
|
|
|
from wcs.roles import Role, logged_users_role, get_user_roles
|
|
from wcs.forms.common import FormStatusPage
|
|
|
|
|
|
class CreateAnonymousAccessCodeItem(WorkflowStatusItem):
|
|
'''This adds a anonymous_code property to a formdata'''
|
|
description = N_('Allow Access by Tracking Code (code creation)')
|
|
key = 'create-anonymous-access-code'
|
|
|
|
def perform(self, formdata):
|
|
token = tokens.Token(expiration_delay=None)
|
|
token.type = 'anonymous-access-code'
|
|
token.formdata_reference = (formdata.formdef.url_name, formdata.id)
|
|
token.store()
|
|
formdata._wf_anonymous_access_code = token.id
|
|
formdata.store()
|
|
|
|
def get_substitution_variables(self, formdata):
|
|
return {'form_anonymous_access_code': formdata._wf_anonymous_access_code}
|
|
|
|
class AnonymousCodeFormPage(errors.AccessError):
|
|
def render(self):
|
|
form = Form(enctype='multipart/form-data')
|
|
form.add(StringWidget, 'code', title=_('Tracking Code'), size=20, required=True)
|
|
form.add_submit('submit', _('Submit'))
|
|
output = form.render()
|
|
|
|
# hack to make this response considered a standard response, and styled
|
|
# appropriately.
|
|
response = get_response()
|
|
response.filter = {'xxx': True}
|
|
|
|
return output
|
|
|
|
|
|
class AnonymousAccessDirectory(FormStatusPage):
|
|
_q_exports = ['']
|
|
|
|
def __init__(self, formdata, wfstatusitem, wfstatus):
|
|
self.formdata = formdata
|
|
self.wfstatus = wfstatus
|
|
self.wfstatusitem = wfstatusitem
|
|
FormStatusPage.__init__(self, formdata.formdef, formdata,
|
|
register_workflow_subdirs=False)
|
|
|
|
def check_auth(self):
|
|
session = get_session()
|
|
if not hasattr(session, '_wf_anonymous_access_authorized'):
|
|
session._wf_anonymous_access_authorized = []
|
|
if self.formdata.get_url() in session._wf_anonymous_access_authorized:
|
|
return True
|
|
|
|
form = Form(enctype='multipart/form-data')
|
|
form.add(StringWidget, 'code', title=_('Tracking Code'), size=20, required=True)
|
|
form.add_submit('submit', _('Submit'))
|
|
if form.is_submitted() and not form.has_errors():
|
|
# check access code
|
|
access_code = form.get_widget('code').parse()
|
|
if access_code == self.formdata._wf_anonymous_access_code:
|
|
session._wf_anonymous_access_authorized.append(
|
|
self.formdata.get_url())
|
|
return True
|
|
raise AnonymousCodeFormPage()
|
|
|
|
class AnonymousAccessCodeItem(WorkflowStatusItem):
|
|
'''This adds a directory that allows access to the complete form, given an
|
|
access code is provided.'''
|
|
description = N_('Allow Access by Tracking Code')
|
|
key = 'anonymous-access-code'
|
|
|
|
directory_name = 'access'
|
|
directory_class = AnonymousAccessDirectory
|
|
|
|
def get_substitution_variables(self, formdata):
|
|
return {'form_anonymous_access_code': formdata._wf_anonymous_access_code}
|
|
|
|
|
|
register_item_class(AnonymousAccessCodeItem)
|
|
register_item_class(CreateAnonymousAccessCodeItem)
|