def get_xform_from_submission(xml, username, uuid=None):
# check alternative form submission ids
uuid = uuid or get_uuid_from_submission(xml)
if not username and not uuid:
raise InstanceInvalidUserError()
if uuid:
# try find the form by its uuid which is the ideal condition
if XForm.objects.filter(
uuid=uuid, deleted_at__isnull=True).count() > 0:
xform = XForm.objects.get(uuid=uuid, deleted_at__isnull=True)
return xform
id_string = get_id_string_from_xml_str(xml)
try:
return get_object_or_404(
XForm,
id_string__iexact=id_string,
user__username=username,
deleted_at__isnull=True)
except MultipleObjectsReturned:
raise NonUniqueFormIdError()
def get_xform_from_submission(
xml, username, uuid=None, request=None):
"""Gets the submissions target XForm.
Retrieves the target XForm by either utilizing the `uuid` param
or the `uuid` retrievable from the `xml` or the `id_string`
retrievable from the XML. Only returns form if `request_user` has
permission to submit.
:param (str) xml: The submission in XML form
:param (str) username: The owner of the target XForm
:param (str) uuid: The target XForms universally unique identifier.
Default: None
:param (django.http.request) request: Request object. Default: None
"""
uuid = uuid or get_uuid_from_submission(xml)
if not username and not uuid:
raise InstanceInvalidUserError()
if uuid:
# try find the form by its uuid which is the ideal condition
if XForm.objects.filter(
uuid=uuid, deleted_at__isnull=True).count() > 0:
xform = XForm.objects.get(uuid=uuid, deleted_at__isnull=True)
# If request is present, verify that the request user
# has the correct permissions
if request:
try:
# Verify request user has permission
# to make submissions to the XForm
check_submission_permissions(request, xform)
return xform
except PermissionDenied as e:
# Check if the owner_username is equal to the XForm owner
# Assumption: If the owner_username is equal to the XForm
# owner we've retrieved the correct form.
if username and xform.user.username == username:
raise e
else:
return xform
id_string = get_id_string_from_xml_str(xml)
try:
return get_object_or_404(
XForm,
id_string__iexact=id_string,
user__username__iexact=username,
deleted_at__isnull=True)
except MultipleObjectsReturned:
raise NonUniqueFormIdError()
