def get_xform_from_submission(xml, username, uuid=None): # check alternative form submission ids uuid = uuid or get_uuid_from_submission(xml) if not username and not uuid: raise InstanceInvalidUserError() if uuid: # try find the form by its uuid which is the ideal condition if XForm.objects.filter( uuid=uuid, deleted_at__isnull=True).count() > 0: xform = XForm.objects.get(uuid=uuid, deleted_at__isnull=True) return xform id_string = get_id_string_from_xml_str(xml) try: return get_object_or_404( XForm, id_string__iexact=id_string, user__username=username, deleted_at__isnull=True) except MultipleObjectsReturned: raise NonUniqueFormIdError()
def get_xform_from_submission( xml, username, uuid=None, request=None): """Gets the submissions target XForm. Retrieves the target XForm by either utilizing the `uuid` param or the `uuid` retrievable from the `xml` or the `id_string` retrievable from the XML. Only returns form if `request_user` has permission to submit. :param (str) xml: The submission in XML form :param (str) username: The owner of the target XForm :param (str) uuid: The target XForms universally unique identifier. Default: None :param (django.http.request) request: Request object. Default: None """ uuid = uuid or get_uuid_from_submission(xml) if not username and not uuid: raise InstanceInvalidUserError() if uuid: # try find the form by its uuid which is the ideal condition if XForm.objects.filter( uuid=uuid, deleted_at__isnull=True).count() > 0: xform = XForm.objects.get(uuid=uuid, deleted_at__isnull=True) # If request is present, verify that the request user # has the correct permissions if request: try: # Verify request user has permission # to make submissions to the XForm check_submission_permissions(request, xform) return xform except PermissionDenied as e: # Check if the owner_username is equal to the XForm owner # Assumption: If the owner_username is equal to the XForm # owner we've retrieved the correct form. if username and xform.user.username == username: raise e else: return xform id_string = get_id_string_from_xml_str(xml) try: return get_object_or_404( XForm, id_string__iexact=id_string, user__username__iexact=username, deleted_at__isnull=True) except MultipleObjectsReturned: raise NonUniqueFormIdError()