def create_case(case_id, files, patient_case_id=None): """ Handle case submission for the sonosite endpoint """ # we already parsed what we need from this, so can just remove it # without worrying we will need it later files.pop('PT_PPS.XML', '') xform = render_sonosite_xform(files, case_id, patient_case_id) file_dict = {} for f in files: file_dict[f] = UploadedFile(files[f], f) submit_form_locally( instance=xform, attachments=file_dict, domain=UTH_DOMAIN, ) # this is a bit of a hack / abstraction violation # would be nice if submit_form_locally returned info about cases updated case_ids = { case_update.id for case_update in get_case_updates(convert_xform_to_json(xform)) } return [CommCareCase.get(case_id) for case_id in case_ids]
def _noauth_post(request, domain, app_id=None): instance, _ = receiver.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def case_block_ok(case_updates): case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in ('demo_user', None): return False if create_action.owner_id not in ('demo_user', None): return False if update_action: if update_action.owner_id not in ('demo_user', None): return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id != 'demo_user': return False return True if not case_block_ok(case_updates): return HttpResponseForbidden() return post(request, domain, app_id)
def _get_new_form_json(xml, xform_id): form_json = convert_xform_to_json(xml) with force_phone_timezones_should_be_processed(): adjust_datetimes(form_json) # this is actually in-place because of how jsonobject works scrub_meta(XFormInstance.wrap({'form': form_json, '_id': xform_id})) return form_json
def _noauth_post(request, domain, app_id=None): """ This is explictly called for a submission that has secure submissions enabled, but is manually overriding the submit URL to not specify auth context. It appears to be used by demo mode. It mainly just checks that we are touching test data only in the right domain and submitting as demo_user. """ instance, _ = couchforms.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def form_ok(form_json): try: # require new-style meta/userID (reject Meta/chw_id) if form_json['meta']['userID'] == 'demo_user': return True except (KeyError, ValueError): pass if is_device_report(form_json): return True return False def case_block_ok(case_updates): """ Check for all cases that we are submitting as demo_user and that the domain we are submitting against for any previously existing cases matches the submission domain. """ allowed_ids = ('demo_user', 'demo_user_group_id', None) case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in allowed_ids: return False if create_action.owner_id not in allowed_ids: return False if update_action: if update_action.owner_id not in allowed_ids: return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) # todo: consider whether we want to remove this call, and/or pass the result # through to the next function so we don't have to get the cases again later cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id not in allowed_ids: return False
def _noauth_post(request, domain, app_id=None): instance, _ = couchforms.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def form_ok(form_json): try: # require new-style meta/userID (reject Meta/chw_id) if form_json['meta']['userID'] == 'demo_user': return True except (KeyError, ValueError): pass if is_device_report(form_json): return True return False def case_block_ok(case_updates): case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in ('demo_user', None): return False if create_action.owner_id not in ('demo_user', None): return False if update_action: if update_action.owner_id not in ('demo_user', None): return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id != 'demo_user': return False return True if not (form_ok(form_json) and case_block_ok(case_updates)): return HttpResponseForbidden() return _process_form( request=request, domain=domain, app_id=app_id, user_id=None, authenticated=False, auth_cls=WaivedAuthContext, )
def _noauth_post(request, domain, app_id=None): instance, _ = couchforms.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def form_ok(form_json): try: # require new-style meta/userID (reject Meta/chw_id) if form_json['meta']['userID'] == 'demo_user': return True except (KeyError, ValueError): pass if is_device_report(form_json): return True return False def case_block_ok(case_updates): case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in ('demo_user', None): return False if create_action.owner_id not in ('demo_user', None): return False if update_action: if update_action.owner_id not in ('demo_user', None): return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id != 'demo_user': return False
def _noauth_post(request, domain, app_id=None): """ This is explictly called for a submission that has secure submissions enabled, but is manually overriding the submit URL to not specify auth context. It appears to be used by demo mode. It mainly just checks that we are touching test data only in the right domain and submitting as demo_user. """ instance, _ = couchforms.get_instance_and_attachment(request) form_json = convert_xform_to_json(instance) case_updates = get_case_updates(form_json) def form_ok(form_json): try: # require new-style meta/userID (reject Meta/chw_id) if form_json['meta']['userID'] == 'demo_user': return True except (KeyError, ValueError): pass if is_device_report(form_json): return True return False def case_block_ok(case_updates): """ Check for all cases that we are submitting as demo_user and that the domain we are submitting against for any previously existing cases matches the submission domain. """ allowed_ids = ('demo_user', 'demo_user_group_id', None) case_ids = set() for case_update in case_updates: case_ids.add(case_update.id) create_action = case_update.get_create_action() update_action = case_update.get_update_action() index_action = case_update.get_index_action() if create_action: if create_action.user_id not in allowed_ids: return False if create_action.owner_id not in allowed_ids: return False if update_action: if update_action.owner_id not in allowed_ids: return False if index_action: for index in index_action.indices: case_ids.add(index.referenced_id) # todo: consider whether we want to remove this call, and/or pass the result # through to the next function so we don't have to get the cases again later cases = CommCareCase.bulk_get_lite(list(case_ids)) for case in cases: if case.domain != domain: return False if case.owner_id or case.user_id not in allowed_ids: return False return True if not (form_ok(form_json) and case_block_ok(case_updates)): return HttpResponseForbidden() return _process_form( request=request, domain=domain, app_id=app_id, user_id=None, authenticated=False, auth_cls=WaivedAuthContext, )