def test_export_list_with_meta_perms(self):
"""
Test export list for forms with meta permissions.
"""
with HTTMock(enketo_mock):
self._publish_transportation_form()
for survey in self.surveys:
self._make_submission(os.path.join(
settings.PROJECT_ROOT, 'apps', 'main', 'tests', 'fixtures',
'transportation', 'instances', survey, survey + '.xml'),
forced_submission_time=parse_datetime(
'2013-02-18 15:54:01Z'))
alice = self._create_user('alice', 'alice', True)
MetaData.xform_meta_permission(self.xform,
data_value="editor|dataentry-minor")
DataEntryMinorRole.add(alice, self.xform)
for i in self.xform.instances.all()[:2]:
i.user = alice
i.save()
view = XFormViewSet.as_view({'get': 'retrieve'})
alices_extra = {
'HTTP_AUTHORIZATION': 'Token %s' % alice.auth_token.key
}
# Alice creates an export with her own submissions
request = self.factory.get('/', **alices_extra)
response = view(request, pk=self.xform.pk, format='csv')
self.assertEqual(response.status_code, 200)
exports = Export.objects.filter(xform=self.xform)
view = ExportViewSet.as_view({'get': 'list'})
request = self.factory.get('/export',
data={'xform': self.xform.id})
force_authenticate(request, user=alice)
response = view(request)
self.assertEqual(len(exports), len(response.data))
# Mary should not have access to the export with Alice's
# submissions.
self._create_user_and_login(username='******', password='******')
self.assertEqual(self.user.username, 'mary')
# Mary should only view their own submissions.
DataEntryMinorRole.add(self.user, self.xform)
request = self.factory.get('/export',
data={'xform': self.xform.id})
force_authenticate(request, user=self.user)
response = view(request)
self.assertFalse(bool(response.data), response.data)
self.assertEqual(status.HTTP_200_OK, response.status_code)
def test_retrieve_xform_manifest_linked_form(self):
# for linked forms check if manifest media download url for csv
# has a group_delimiter param
data_type = 'media'
data_value = 'xform {} transportation'.format(self.xform.pk)
media = self._add_form_metadata(self.xform, data_type, data_value)
self.view = XFormListViewSet.as_view(
{
"get": "manifest",
"head": "manifest"
}
)
# sign in bob
request = self.factory.head('/')
auth_response = self.view(request, pk=self.xform.pk)
auth = DigestAuth('bob', 'bobbob')
# set up bob's request
request = self.factory.get('/xformsManifest')
request.META.update(auth(request.META, auth_response))
# make request
response = self.view(request, pk=self.xform.pk, format='csv')
# test
manifest_media_url = '{}{}'.format(
media.data['media_url'],
'?group_delimiter=.&repeat_index_tags=_,_')
download_url = response.data[0]['downloadUrl']
self.assertEqual(manifest_media_url, download_url)
url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\
.format(self.xform.pk, self.metadata.pk)
username = '******'
password = '******'
client = DigestClient()
client.set_authorization(username, password, 'Digest')
req = client.get(url)
self.assertEqual(req.status_code, 200)
# enable meta perms
data_value = "editor-minor|dataentry"
MetaData.xform_meta_permission(self.xform, data_value=data_value)
req = client.get(url)
self.assertEqual(req.status_code, 401)
def test_retrieve_xform_manifest_linked_form(self):
# for linked forms check if manifest media download url for csv
# has a group_delimiter param
data_type = 'media'
data_value = 'xform {} transportation'.format(self.xform.pk)
media = self._add_form_metadata(self.xform, data_type, data_value)
self.view = XFormListViewSet.as_view(
{
"get": "manifest",
"head": "manifest"
}
)
# sign in bob
request = self.factory.head('/')
auth_response = self.view(request, pk=self.xform.pk)
auth = DigestAuth('bob', 'bobbob')
# set up bob's request
request = self.factory.get('/xformsManifest')
request.META.update(auth(request.META, auth_response))
# make request
response = self.view(request, pk=self.xform.pk, format='csv')
# test
manifest_media_url = '{}{}'.format(
media.data['media_url'],
'?group_delimiter=.&repeat_index_tags=_,_')
download_url = response.data[0]['downloadUrl']
self.assertEqual(manifest_media_url, download_url)
url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\
.format(self.xform.pk, self.metadata.pk)
username = '******'
password = '******'
client = DigestClient()
client.set_authorization(username, password, 'Digest')
req = client.get(url)
self.assertEqual(req.status_code, 200)
# enable meta perms
data_value = "editor-minor|dataentry"
MetaData.xform_meta_permission(self.xform, data_value=data_value)
req = client.get(url)
self.assertEqual(req.status_code, 401)
def create(self, validated_data):
data_type = validated_data.get('data_type')
data_file = validated_data.get('data_file')
data_file_type = validated_data.get('data_file_type')
content_object = self.get_content_object(validated_data)
data_value = data_file.name \
if data_file else validated_data.get('data_value')
# not exactly sure what changed in the requests.FILES for django 1.7
# csv files uploaded in windows do not have the text/csv content_type
# this works around that
if data_type == MEDIA_TYPE and data_file \
and data_file.name.lower().endswith('.csv') \
and data_file_type != CSV_CONTENT_TYPE:
data_file_type = CSV_CONTENT_TYPE
content_type = ContentType.objects.get_for_model(content_object)
try:
if data_type == XFORM_META_PERMS:
metadata = \
MetaData.xform_meta_permission(content_object,
data_value=data_value)
update_role_by_meta_xform_perms(content_object)
elif data_type == SUBMISSION_REVIEW:
# ensure only one submission_review metadata exists per form
if MetaData.submission_review(content_object):
raise serializers.ValidationError(_(UNIQUE_TOGETHER_ERROR))
else:
metadata = MetaData.submission_review(
content_object, data_value=data_value)
else:
metadata = MetaData.objects.create(
content_type=content_type,
data_type=data_type,
data_value=data_value,
data_file=data_file,
data_file_type=data_file_type,
object_id=content_object.id)
return metadata
except IntegrityError:
raise serializers.ValidationError(_(UNIQUE_TOGETHER_ERROR))
