def test_export_list_with_meta_perms(self): """ Test export list for forms with meta permissions. """ with HTTMock(enketo_mock): self._publish_transportation_form() for survey in self.surveys: self._make_submission(os.path.join( settings.PROJECT_ROOT, 'apps', 'main', 'tests', 'fixtures', 'transportation', 'instances', survey, survey + '.xml'), forced_submission_time=parse_datetime( '2013-02-18 15:54:01Z')) alice = self._create_user('alice', 'alice', True) MetaData.xform_meta_permission(self.xform, data_value="editor|dataentry-minor") DataEntryMinorRole.add(alice, self.xform) for i in self.xform.instances.all()[:2]: i.user = alice i.save() view = XFormViewSet.as_view({'get': 'retrieve'}) alices_extra = { 'HTTP_AUTHORIZATION': 'Token %s' % alice.auth_token.key } # Alice creates an export with her own submissions request = self.factory.get('/', **alices_extra) response = view(request, pk=self.xform.pk, format='csv') self.assertEqual(response.status_code, 200) exports = Export.objects.filter(xform=self.xform) view = ExportViewSet.as_view({'get': 'list'}) request = self.factory.get('/export', data={'xform': self.xform.id}) force_authenticate(request, user=alice) response = view(request) self.assertEqual(len(exports), len(response.data)) # Mary should not have access to the export with Alice's # submissions. self._create_user_and_login(username='******', password='******') self.assertEqual(self.user.username, 'mary') # Mary should only view their own submissions. DataEntryMinorRole.add(self.user, self.xform) request = self.factory.get('/export', data={'xform': self.xform.id}) force_authenticate(request, user=self.user) response = view(request) self.assertFalse(bool(response.data), response.data) self.assertEqual(status.HTTP_200_OK, response.status_code)
def test_retrieve_xform_manifest_linked_form(self): # for linked forms check if manifest media download url for csv # has a group_delimiter param data_type = 'media' data_value = 'xform {} transportation'.format(self.xform.pk) media = self._add_form_metadata(self.xform, data_type, data_value) self.view = XFormListViewSet.as_view( { "get": "manifest", "head": "manifest" } ) # sign in bob request = self.factory.head('/') auth_response = self.view(request, pk=self.xform.pk) auth = DigestAuth('bob', 'bobbob') # set up bob's request request = self.factory.get('/xformsManifest') request.META.update(auth(request.META, auth_response)) # make request response = self.view(request, pk=self.xform.pk, format='csv') # test manifest_media_url = '{}{}'.format( media.data['media_url'], '?group_delimiter=.&repeat_index_tags=_,_') download_url = response.data[0]['downloadUrl'] self.assertEqual(manifest_media_url, download_url) url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\ .format(self.xform.pk, self.metadata.pk) username = '******' password = '******' client = DigestClient() client.set_authorization(username, password, 'Digest') req = client.get(url) self.assertEqual(req.status_code, 200) # enable meta perms data_value = "editor-minor|dataentry" MetaData.xform_meta_permission(self.xform, data_value=data_value) req = client.get(url) self.assertEqual(req.status_code, 401)
def test_retrieve_xform_manifest_linked_form(self): # for linked forms check if manifest media download url for csv # has a group_delimiter param data_type = 'media' data_value = 'xform {} transportation'.format(self.xform.pk) media = self._add_form_metadata(self.xform, data_type, data_value) self.view = XFormListViewSet.as_view( { "get": "manifest", "head": "manifest" } ) # sign in bob request = self.factory.head('/') auth_response = self.view(request, pk=self.xform.pk) auth = DigestAuth('bob', 'bobbob') # set up bob's request request = self.factory.get('/xformsManifest') request.META.update(auth(request.META, auth_response)) # make request response = self.view(request, pk=self.xform.pk, format='csv') # test manifest_media_url = '{}{}'.format( media.data['media_url'], '?group_delimiter=.&repeat_index_tags=_,_') download_url = response.data[0]['downloadUrl'] self.assertEqual(manifest_media_url, download_url) url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\ .format(self.xform.pk, self.metadata.pk) username = '******' password = '******' client = DigestClient() client.set_authorization(username, password, 'Digest') req = client.get(url) self.assertEqual(req.status_code, 200) # enable meta perms data_value = "editor-minor|dataentry" MetaData.xform_meta_permission(self.xform, data_value=data_value) req = client.get(url) self.assertEqual(req.status_code, 401)
def create(self, validated_data): data_type = validated_data.get('data_type') data_file = validated_data.get('data_file') data_file_type = validated_data.get('data_file_type') content_object = self.get_content_object(validated_data) data_value = data_file.name \ if data_file else validated_data.get('data_value') # not exactly sure what changed in the requests.FILES for django 1.7 # csv files uploaded in windows do not have the text/csv content_type # this works around that if data_type == MEDIA_TYPE and data_file \ and data_file.name.lower().endswith('.csv') \ and data_file_type != CSV_CONTENT_TYPE: data_file_type = CSV_CONTENT_TYPE content_type = ContentType.objects.get_for_model(content_object) try: if data_type == XFORM_META_PERMS: metadata = \ MetaData.xform_meta_permission(content_object, data_value=data_value) update_role_by_meta_xform_perms(content_object) elif data_type == SUBMISSION_REVIEW: # ensure only one submission_review metadata exists per form if MetaData.submission_review(content_object): raise serializers.ValidationError(_(UNIQUE_TOGETHER_ERROR)) else: metadata = MetaData.submission_review( content_object, data_value=data_value) else: metadata = MetaData.objects.create( content_type=content_type, data_type=data_type, data_value=data_value, data_file=data_file, data_file_type=data_file_type, object_id=content_object.id) return metadata except IntegrityError: raise serializers.ValidationError(_(UNIQUE_TOGETHER_ERROR))