def create_case(case_id, files, patient_case_id=None): """ Handle case submission for the sonosite endpoint """ # we already parsed what we need from this, so can just remove it # without worrying we will need it later files.pop('PT_PPS.XML', '') xform = render_sonosite_xform(files, case_id, patient_case_id) file_dict = {} for f in files: file_dict[f] = UploadedFile(files[f], f) submit_form_locally( instance=xform, attachments=file_dict, domain=UTH_DOMAIN, ) # this is a bit of a hack / abstraction violation # would be nice if submit_form_locally returned info about cases updated case_ids = { case_update.id for case_update in get_case_updates(convert_xform_to_json(xform)) } return [CommCareCase.get(case_id) for case_id in case_ids]
def _noauth_post(request, domain, app_id=None): instance, _ = receiver.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def case_block_ok(case_updates): case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in ('demo_user', None): return False if create_action.owner_id not in ('demo_user', None): return False if update_action: if update_action.owner_id not in ('demo_user', None): return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id != 'demo_user': return False return True if not case_block_ok(case_updates): return HttpResponseForbidden() return post(request, domain, app_id)
def _noauth_post(request, domain, app_id=None): instance, _ = couchforms.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def form_ok(form_json): try: # require new-style meta/userID (reject Meta/chw_id) if form_json['meta']['userID'] == 'demo_user': return True except (KeyError, ValueError): pass if is_device_report(form_json): return True return False def case_block_ok(case_updates): case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in ('demo_user', None): return False if create_action.owner_id not in ('demo_user', None): return False if update_action: if update_action.owner_id not in ('demo_user', None): return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id != 'demo_user': return False return True if not (form_ok(form_json) and case_block_ok(case_updates)): return HttpResponseForbidden() return _process_form( request=request, domain=domain, app_id=app_id, user_id=None, authenticated=False, auth_cls=WaivedAuthContext, )
def _noauth_post(request, domain, app_id=None): instance, _ = couchforms.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def form_ok(form_json): try: # require new-style meta/userID (reject Meta/chw_id) if form_json['meta']['userID'] == 'demo_user': return True except (KeyError, ValueError): pass if is_device_report(form_json): return True return False def case_block_ok(case_updates): case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in ('demo_user', None): return False if create_action.owner_id not in ('demo_user', None): return False if update_action: if update_action.owner_id not in ('demo_user', None): return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id != 'demo_user': return False