Esempio n. 1
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        xform = get_object_or_404(XForm, uuid=uuid)
        request.session["public_link"] = xform.uuid if MetaData.public_link(xform) else False
        return HttpResponseRedirect(
            reverse(show, kwargs={"username": xform.user.username, "id_string": xform.id_string})
        )
    xform, is_owner, can_edit, can_view = get_xform_and_perms(username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get("public_link")):
        return HttpResponseRedirect(reverse(home))
    context = RequestContext(request)
    context.cloned = (
        len(XForm.objects.filter(user__username=request.user.username, id_string=id_string + XForm.CLONED_SUFFIX)) > 0
    )
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get("public_link")
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    context.media_upload = MetaData.media_upload(xform)
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    if is_owner:
        context.sms_support_form = ActivateSMSSupportFom(
            initial={"enable_sms_support": xform.allows_sms, "sms_id_string": xform.sms_id_string}
        )
        if not xform.allows_sms:
            context.sms_compatible = check_form_sms_compatibility(None, json_survey=json.loads(xform.json))
        else:
            url_root = request.build_absolute_uri("/")[:-1]
            context.sms_providers_doc = providers_doc(url_root=url_root, username=username, id_string=id_string)
            context.url_root = url_root
        context.form_license_form = FormLicenseForm(initial={"value": context.form_license})
        context.data_license_form = DataLicenseForm(initial={"value": context.data_license})
        context.doc_form = SupportDocForm()
        context.source_form = SourceForm()
        context.media_form = MediaForm()
        context.mapbox_layer_form = MapboxLayerForm()
        users_with_perms = []
        for perm in get_users_with_perms(xform, attach_perms=True).items():
            has_perm = []
            if "change_xform" in perm[1]:
                has_perm.append(_(u"Can Edit"))
            if "view_xform" in perm[1]:
                has_perm.append(_(u"Can View"))
            users_with_perms.append((perm[0], u" | ".join(has_perm)))
        context.users_with_perms = users_with_perms
        context.permission_form = PermissionForm(username)
    if xform.allows_sms:
        context.sms_support_doc = get_autodoc_for(xform)
    return render_to_response("show.html", context_instance=context)
Esempio n. 2
0
 def test_private_set_link_to_share_toggle_off(self):
     response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"})
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response["Location"], "%s%s" % (self.base_url, self.show_normal_url))
     response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"})
     self.assertEqual(MetaData.public_link(self.xform), False)
     response = self.anon.get(self.show_url)
     # follow redirect
     response = self.anon.get(response["Location"])
     self.assertEqual(response.status_code, 302)
     self.assertNotEqual(response["Location"], "%s%s" % (self.base_url, self.show_normal_url))
Esempio n. 3
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        xform = get_object_or_404(XForm, uuid=uuid)
        request.session['public_link'] = MetaData.public_link(xform)
        return HttpResponseRedirect(reverse(show, kwargs={
            'username': xform.user.username,
            'id_string': xform.id_string
        }))
    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))
    context = RequestContext(request)
    context.cloned = len(
        XForm.objects.filter(user__username=request.user.username,
                             id_string=id_string + XForm.CLONED_SUFFIX)
    ) > 0
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get('public_link')
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    context.media_upload = MetaData.media_upload(xform)
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    if is_owner:
        context.form_license_form = FormLicenseForm(
            initial={'value': context.form_license})
        context.data_license_form = DataLicenseForm(
            initial={'value': context.data_license})
        context.doc_form = SupportDocForm()
        context.source_form = SourceForm()
        context.media_form = MediaForm()
        context.mapbox_layer_form = MapboxLayerForm()
        context.users_with_perms = get_users_with_perms(
            xform,
            attach_perms=True
        ).items()
        context.permission_form = PermissionForm(username)
    user_list = [u.username for u in User.objects.exclude(username=username)]
    context.user_json_list = simplejson.dumps(user_list)
    return render_to_response("show.html", context_instance=context)
Esempio n. 4
0
 def test_public_with_link_to_share(self):
     response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response["Location"], "%s%s" % (self.base_url, self.show_normal_url))
Esempio n. 5
0
 def test_private_set_link_to_share_toggle_off(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
         'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
             '%s%s' % (self.base_url, self.show_normal_url))
     response = self.client.post(self.perm_url, {'for_user': '******',
         'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), False)
     response = self.anon.get(self.show_url)
     # follow redirect
     response = self.anon.get(response['Location'])
     self.assertEqual(response.status_code, 302)
     self.assertNotEqual(response['Location'],
             '%s%s' % (self.base_url, self.show_normal_url))
Esempio n. 6
0
def set_perm(request, username, id_string):
    xform = get_object_or_404(XForm, user__username=username, id_string=id_string)
    try:
        perm_type = request.POST["perm_type"]
        for_user = request.POST["for_user"]
    except KeyError:
        return HttpResponseBadRequest()
    if perm_type in ["edit", "view", "remove"]:
        user = User.objects.get(username=for_user)
        if perm_type == "edit":
            assign("change_xform", user, xform)
        elif perm_type == "view":
            assign("view_xform", user, xform)
        elif perm_type == "remove":
            remove_perm("change_xform", user, xform)
            remove_perm("view_xform", user, xform)
    elif perm_type == "link":
        if for_user == "all":
            MetaData.public_link(xform, True)
        elif for_user == "none":
            MetaData.public_link(xform, False)
        elif for_user == "toggle":
            current = MetaData.public_link(xform)
            MetaData.public_link(xform, not current)
    return HttpResponseRedirect(reverse(show, kwargs={"username": username, "id_string": id_string}))
Esempio n. 7
0
def set_perm(request, username, id_string):
    xform = get_object_or_404(XForm,
            user__username=username, id_string=id_string)
    try:
        perm_type = request.POST['perm_type']
        for_user = request.POST['for_user']
    except KeyError:
        return HttpResponseBadRequest()
    if perm_type in ['edit', 'view', 'remove']:
        user = User.objects.get(username=for_user)
        if perm_type == 'edit':
            assign('change_xform', user, xform)
        elif perm_type == 'view':
            assign('view_xform', user, xform)
        elif perm_type == 'remove':
            remove_perm('change_xform', user, xform)
            remove_perm('view_xform', user, xform)
    elif perm_type == 'link':
        if for_user == 'all':
            MetaData.public_link(xform, True)
        elif for_user == 'none':
            MetaData.public_link(xform, False)
        elif for_user == 'toggle':
            current = MetaData.public_link(xform)
            MetaData.public_link(xform, not current)
    return HttpResponseRedirect(reverse(show, kwargs={
                'username': username,
                'id_string': id_string
            }))
Esempio n. 8
0
def set_perm(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username, id_string=id_string)
    try:
        perm_type = request.POST['perm_type']
        for_user = request.POST['for_user']
    except KeyError:
        return HttpResponseBadRequest()
    if perm_type in ['edit', 'view', 'remove']:
        user = User.objects.get(username=for_user)
        if perm_type == 'edit':
            assign('change_xform', user, xform)
        elif perm_type == 'view':
            assign('view_xform', user, xform)
        elif perm_type == 'remove':
            remove_perm('change_xform', user, xform)
            remove_perm('view_xform', user, xform)
    elif perm_type == 'link':
        if for_user == 'all':
            MetaData.public_link(xform, True)
        elif for_user == 'none':
            MetaData.public_link(xform, False)
        elif for_user == 'toggle':
            current = MetaData.public_link(xform)
            MetaData.public_link(xform, not current)
    return HttpResponseRedirect(reverse(show, kwargs={
        'username': username,
        'id_string': id_string
    }))
Esempio n. 9
0
 def test_public_with_link_to_share(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
         'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
             '%s%s' % (self.base_url, self.show_normal_url))
Esempio n. 10
0
 def test_public_with_link_to_share_toggle_on(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
         'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     response = self.anon.get(self.url)
     self.assertEqual(response.status_code, 302)
Esempio n. 11
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        xform = get_object_or_404(XForm, uuid=uuid)
        request.session['public_link'] = MetaData.public_link(xform)
        return HttpResponseRedirect(reverse(show, kwargs={
                    'username': xform.user.username,
                    'id_string': xform.id_string
                    }))
    xform, is_owner, can_edit, can_view = get_xform_and_perms(username,\
            id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))
    context = RequestContext(request)
    context.cloned = len(
        XForm.objects.filter(user__username=request.user.username,
                id_string=id_string + XForm.CLONED_SUFFIX)
    ) > 0
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get('public_link')
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    context.media_upload = MetaData.media_upload(xform)
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    if is_owner:
        context.form_license_form = FormLicenseForm(
                initial={'value': context.form_license})
        context.data_license_form = DataLicenseForm(
                initial={'value': context.data_license})
        context.doc_form = SupportDocForm()
        context.source_form = SourceForm()
        context.media_form = MediaForm()
        context.mapbox_layer_form = MapboxLayerForm()
        context.users_with_perms = get_users_with_perms(xform,
                attach_perms=True).items()
        context.permission_form = PermissionForm(username)
    return render_to_response("show.html", context_instance=context)
Esempio n. 12
0
 def test_only_access_shared_link_form(self):
     response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"})
     self.assertEqual(MetaData.public_link(self.xform), True)
     # publish a second form to make sure the user cant access other forms
     self._publish_xls_file(os.path.join(self.this_directory, "fixtures", "csv_export", "tutorial.xls"))
     xform_2 = XForm.objects.order_by("pk").reverse()[0]
     url_2 = reverse(show, kwargs={"username": self.user.username, "id_string": xform_2.id_string})
     response = self.anon.get(url_2)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response["Location"], "%s/" % self.base_url)
Esempio n. 13
0
 def test_public_with_link_to_share_toggle_on(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
         'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     response = self.anon.get(self.url)
     status_code = 200 if self._running_touchforms() else 302
     self.assertEqual(response.status_code, status_code)
Esempio n. 14
0
 def test_public_with_link_to_share(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
                      '%s%s' % (self.base_url, self.show_normal_url))
Esempio n. 15
0
 def test_public_with_link_to_share_toggle_on(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
         'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
             '%s%s' % (self.base_url, self.show_normal_url))
     response = self.anon.get(self.show_normal_url)
     self.assertEqual(response.status_code, 200)
     self.assertContains(response, '/forms/%s' % self.xform.uuid)
Esempio n. 16
0
 def test_private_set_link_to_share_toggle_off(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
                      '%s%s' % (self.base_url, self.show_normal_url))
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(MetaData.public_link(self.xform), False)
     response = self.anon.get(self.show_url)
     # follow redirect
     response = self.anon.get(response['Location'])
     self.assertEqual(response.status_code, 302)
     self.assertNotEqual(response['Location'],
                         '%s%s' % (self.base_url, self.show_normal_url))
Esempio n. 17
0
 def test_public_with_link_to_share_toggle_on(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
                      '%s%s' % (self.base_url, self.show_normal_url))
     response = self.anon.get(self.show_normal_url)
     self.assertEqual(response.status_code, 200)
     self.assertContains(response, '/forms/%s' % self.xform.uuid)
Esempio n. 18
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        xform = get_object_or_404(XForm, uuid=uuid)
        request.session['public_link'] = MetaData.public_link(xform)
        return HttpResponseRedirect(reverse(show, kwargs={
                    'username': xform.user.username,
                    'id_string': xform.id_string
                    }))
    xform, is_owner, can_edit, can_view = get_xform_and_perms(username,\
            id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))
    context = RequestContext(request)
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get('public_link')
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    if is_owner:
        context.form_license_form = FormLicenseForm(
                initial={'value': context.form_license})
        context.data_license_form = DataLicenseForm(
                initial={'value': context.data_license})
        context.doc_form = SupportDocForm()
        context.source_form = SourceForm()
        context.users_with_perms = get_users_with_perms(xform,
                attach_perms=True).items()
        context.permission_form = PermissionForm(username)
    return render_to_response("show.html", context_instance=context)
Esempio n. 19
0
 def test_public_with_link_to_share_toggle_on(self):
     #sharing behavior as of 09/13/2012:
     #it requires both data_share and form_share both turned on
     #in order to grant anon access to form uploading
     #TODO: findout 'for_user': '******' and what it means
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     #toggle shared on
     self.xform.shared = True
     self.xform.shared_data = True
     self.xform.save()
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     response = self.anon.get(self.url)
     status_code = 302 if self._running_enketo() else 403
     self.assertEqual(response.status_code, status_code)
Esempio n. 20
0
 def test_only_access_shared_link_form(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(MetaData.public_link(self.xform), True)
     # publish a second form to make sure the user cant access other forms
     self._publish_xls_file(
         os.path.join(self.this_directory, "fixtures", "csv_export",
                      "tutorial.xls"))
     xform_2 = XForm.objects.order_by('pk').reverse()[0]
     url_2 = reverse(show,
                     kwargs={
                         'username': self.user.username,
                         'id_string': xform_2.id_string
                     })
     response = self.anon.get(url_2)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response["Location"], "%s/" % self.base_url)
Esempio n. 21
0
 def test_public_with_link_to_share_toggle_on(self):
     #sharing behavior as of 09/13/2012:
     #it requires both data_share and form_share both turned on
     #in order to grant anon access to form uploading
     #TODO: findout 'for_user': '******' and what it means
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     #toggle shared on
     self.xform.shared = True
     self.xform.shared_data = True
     self.xform.save()
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     response = self.anon.get(self.url)
     status_code = 302 if self._running_enketo() else 403
     self.assertEqual(response.status_code, status_code)
 def test_public_with_link_to_share_toggle_on(self):
     #sharing behavior as of 09/13/2012:
     #it requires both data_share and form_share both turned on
     #in order to grant anon access to form uploading
     #TODO: findout 'for_user': '******' and what it means
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     #toggle shared on
     self.xform.shared = True
     self.xform.shared_data = True
     self.xform.save()
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     if not self._running_enketo():
         raise SkipTest
     with HTTMock(enketo_mock):
         factory = RequestFactory()
         request = factory.get('/')
         request.user = AnonymousUser()
         response = enter_data(
             request, self.user.username, self.xform.id_string)
         self.assertEqual(response.status_code, 302)
Esempio n. 23
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        xform = get_object_or_404(XForm, uuid=uuid)
        request.session['public_link'] = xform.uuid if MetaData.public_link(xform) else False
        return HttpResponseRedirect(reverse(show, kwargs={
            'username': xform.user.username,
            'id_string': xform.id_string
        }))
    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (
        xform.shared or can_view or\
        request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))
    context = RequestContext(request)
    context.cloned = len(
        XForm.objects.filter(user__username=request.user.username,
                             id_string=id_string + XForm.CLONED_SUFFIX)
    ) > 0
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get('public_link')
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    context.media_upload = MetaData.media_upload(xform)
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    if is_owner:
        context.sms_support_form = ActivateSMSSupportFom(
            initial={'enable_sms_support': xform.allows_sms,
                     'sms_id_string': xform.sms_id_string})
        if not xform.allows_sms:
            context.sms_compatible = check_form_sms_compatibility(None,
                json_survey=json.loads(xform.json))
        else:
            url_root = request.build_absolute_uri('/')[:-1]
            context.sms_providers_doc = providers_doc(
                url_root=url_root,
                username=username,
                id_string=id_string)
            context.url_root = url_root
        context.form_license_form = FormLicenseForm(
            initial={'value': context.form_license})
        context.data_license_form = DataLicenseForm(
            initial={'value': context.data_license})
        context.doc_form = SupportDocForm()
        context.source_form = SourceForm()
        context.media_form = MediaForm()
        context.mapbox_layer_form = MapboxLayerForm()
        context.users_with_perms = get_users_with_perms(
            xform,
            attach_perms=True
        ).items()
        context.permission_form = PermissionForm(username)
    context.sms_support_doc = get_autodoc_for(xform)
    user_list = [u.username for u in User.objects.exclude(username=username)]
    context.user_json_list = simplejson.dumps(user_list)
    return render_to_response("show.html", context_instance=context)
Esempio n. 24
0
def set_perm(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username, id_string=id_string)
    owner = xform.user
    if username != request.user.username\
            and not has_permission(xform, username, request):
        return HttpResponseForbidden(_(u'Permission denied.'))
    try:
        perm_type = request.POST['perm_type']
        for_user = request.POST['for_user']
    except KeyError:
        return HttpResponseBadRequest()
    if perm_type in ['edit', 'view', 'remove']:
        try:
            user = User.objects.get(username=for_user)
        except User.DoesNotExist:
            messages.add_message(
                request, messages.INFO,
                _(u'Username "%s" does not exist.' % for_user),
                extra_tags='alert-error')
        else:
            if perm_type == 'edit' and\
                    not user.has_perm('change_xform', xform):
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("Edit permissions on '%(id_string)s' assigned to "
                        "'%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                assign_perm('change_xform', user, xform)
            elif perm_type == 'view' and\
                    not user.has_perm('view_xform', xform):
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("View permissions on '%(id_string)s' "
                        "assigned to '%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                assign_perm('view_xform', user, xform)
            elif perm_type == 'remove':
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("All permissions on '%(id_string)s' "
                        "removed from '%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                remove_perm('change_xform', user, xform)
                remove_perm('view_xform', user, xform)
    elif perm_type == 'link':
        current = MetaData.public_link(xform)
        if for_user == 'all':
            MetaData.public_link(xform, True)
        elif for_user == 'none':
            MetaData.public_link(xform, False)
        elif for_user == 'toggle':
            MetaData.public_link(xform, not current)
        audit = {
            'xform': xform.id_string
        }
        audit_log(
            Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
            _("Public link on '%(id_string)s' %(action)s.") %
            {
                'id_string': xform.id_string,
                'action': "created"
                if for_user == "all" or
                (for_user == "toggle" and not current) else "removed"
            }, audit, request)
    if request.is_ajax():
        return HttpResponse(
            json.dumps(
                {'status': 'success'}), mimetype='application/json')
    return HttpResponseRedirect(reverse(show, kwargs={
        'username': username,
        'id_string': id_string
    }))
Esempio n. 25
0
def set_perm(request, username, id_string):
    xform = get_object_or_404(XForm, user__username=username, id_string=id_string)
    owner = xform.user
    if username != request.user.username and not has_permission(xform, username, request):
        return HttpResponseForbidden(_(u"Permission denied."))
    try:
        perm_type = request.POST["perm_type"]
        for_user = request.POST["for_user"]
    except KeyError:
        return HttpResponseBadRequest()
    if perm_type in ["edit", "view", "remove"]:
        try:
            user = User.objects.get(username=for_user)
        except User.DoesNotExist:
            messages.add_message(
                request, messages.INFO, _(u"Wrong username <b>%s</b>." % for_user), extra_tags="alert-error"
            )
        else:
            if perm_type == "edit" and not user.has_perm("change_xform", xform):
                audit = {"xform": xform.id_string}
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED,
                    request.user,
                    owner,
                    _("Edit permissions on '%(id_string)s' assigned to " "'%(for_user)s'.")
                    % {"id_string": xform.id_string, "for_user": for_user},
                    audit,
                    request,
                )
                assign_perm("change_xform", user, xform)
            elif perm_type == "view" and not user.has_perm("view_xform", xform):
                audit = {"xform": xform.id_string}
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED,
                    request.user,
                    owner,
                    _("View permissions on '%(id_string)s' " "assigned to '%(for_user)s'.")
                    % {"id_string": xform.id_string, "for_user": for_user},
                    audit,
                    request,
                )
                assign_perm("view_xform", user, xform)
            elif perm_type == "remove":
                audit = {"xform": xform.id_string}
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED,
                    request.user,
                    owner,
                    _("All permissions on '%(id_string)s' " "removed from '%(for_user)s'.")
                    % {"id_string": xform.id_string, "for_user": for_user},
                    audit,
                    request,
                )
                remove_perm("change_xform", user, xform)
                remove_perm("view_xform", user, xform)
    elif perm_type == "link":
        current = MetaData.public_link(xform)
        if for_user == "all":
            MetaData.public_link(xform, True)
        elif for_user == "none":
            MetaData.public_link(xform, False)
        elif for_user == "toggle":
            MetaData.public_link(xform, not current)
        audit = {"xform": xform.id_string}
        audit_log(
            Actions.FORM_PERMISSIONS_UPDATED,
            request.user,
            owner,
            _("Public link on '%(id_string)s' %(action)s.")
            % {
                "id_string": xform.id_string,
                "action": "created" if for_user == "all" or (for_user == "toggle" and not current) else "removed",
            },
            audit,
            request,
        )
    if request.is_ajax():
        return HttpResponse(json.dumps({"status": "success"}), mimetype="application/json")
    return HttpResponseRedirect(reverse(show, kwargs={"username": username, "id_string": id_string}))