def test_get_xform_list_other_user_with_readonly_role(self):
request = self.factory.get('/')
response = self.view(request)
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
ReadOnlyRole.add(alice_profile.user, self.xform)
self.assertTrue(
ReadOnlyRole.user_has_role(alice_profile.user, self.xform)
)
auth = DigestAuth('alice', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request)
self.assertEqual(response.status_code, 200)
content = response.render().content
self.assertNotIn(self.xform.id_string, content)
self.assertEqual(
content, '<?xml version="1.0" encoding="utf-8"?>\n<xforms '
'xmlns="http://openrosa.org/xforms/xformsList"></xforms>')
self.assertTrue(response.has_header('X-OpenRosa-Version'))
self.assertTrue(
response.has_header('X-OpenRosa-Accept-Content-Length'))
self.assertTrue(response.has_header('Date'))
self.assertEqual(response['Content-Type'], 'text/xml; charset=utf-8')
def test_project_users_get_readonly_role_on_add_form(self):
self._project_create()
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
ReadOnlyRole.add(alice_profile.user, self.project)
self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user,
self.project))
self._publish_xls_form_to_project()
self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user,
self.xform))
self.assertFalse(OwnerRole.user_has_role(alice_profile.user,
self.xform))
def save(self, **kwargs):
if self.remove:
self.remove_user()
else:
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# add readonly role to forms under the project
for xform in self.project.xform_set.all():
ReadOnlyRole.add(self.user, xform)
def set_project_perms_to_xform(xform, project):
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
if user != xform.created_by:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
def test_form_list_filter_by_user(self):
# publish bob's form
self._publish_xls_form_to_project()
previous_user = self.user
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(extra_post_data=alice_data)
self.assertEqual(self.user.username, 'alice')
self.assertNotEqual(previous_user, self.user)
ReadOnlyRole.add(self.user, self.xform)
view = XFormViewSet.as_view({
'get': 'retrieve'
})
request = self.factory.get('/', **self.extra)
response = view(request, pk=self.xform.pk)
bobs_form_data = response.data
# publish alice's form
self._publish_xls_form_to_project()
request = self.factory.get('/', **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.status_code, 200)
# should be both bob's and alice's form
self.assertEqual(sorted(response.data),
sorted([bobs_form_data, self.form_data]))
# apply filter, see only bob's forms
request = self.factory.get('/', data={'owner': 'bob'}, **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [bobs_form_data])
# apply filter, see only alice's forms
request = self.factory.get('/', data={'owner': 'alice'}, **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [self.form_data])
# apply filter, see a non existent user
request = self.factory.get('/', data={'owner': 'noone'}, **self.extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.data, [])
def test_form_list_filter_by_user(self):
# publish bob's form
self._publish_xls_form_to_project()
previous_user = self.user
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(extra_post_data=alice_data)
self.assertEqual(self.user.username, 'alice')
self.assertNotEqual(previous_user, self.user)
ReadOnlyRole.add(self.user, self.xform)
view = XFormViewSet.as_view({'get': 'retrieve'})
request = self.factory.get('/', **self.extra)
response = view(request, pk=self.xform.pk)
bobs_form_data = response.data
# publish alice's form
self._publish_xls_form_to_project()
request = self.factory.get('/', **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.status_code, 200)
# should be both bob's and alice's form
self.assertEqual(sorted(response.data),
sorted([bobs_form_data, self.form_data]))
# apply filter, see only bob's forms
request = self.factory.get('/', data={'owner': 'bob'}, **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [bobs_form_data])
# apply filter, see only alice's forms
request = self.factory.get('/', data={'owner': 'alice'}, **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [self.form_data])
# apply filter, see a non existent user
request = self.factory.get('/', data={'owner': 'noone'}, **self.extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertNotEqual(response.get('Last-Modified'), None)
self.assertEqual(response.data, [])
def test_data_list_filter_by_user(self):
self._make_submissions()
view = DataViewSet.as_view({'get': 'list'})
formid = self.xform.pk
bobs_data = _data_list(formid)[0]
previous_user = self.user
self._create_user_and_login('alice', 'alice')
self.assertEqual(self.user.username, 'alice')
self.assertNotEqual(previous_user, self.user)
ReadOnlyRole.add(self.user, self.xform)
# publish alice's form
self._publish_transportation_form()
self.extra = {
'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
formid = self.xform.pk
alice_data = _data_list(formid)[0]
request = self.factory.get('/', **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
# should be both bob's and alice's form
self.assertEqual(sorted(response.data),
sorted([bobs_data, alice_data]))
# apply filter, see only bob's forms
request = self.factory.get('/', data={'owner': 'bob'}, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [bobs_data])
# apply filter, see only alice's forms
request = self.factory.get('/', data={'owner': 'alice'}, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [alice_data])
# apply filter, see a non existent user
request = self.factory.get('/', data={'owner': 'noone'}, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
def test_data_list_filter_by_user(self):
self._make_submissions()
view = DataViewSet.as_view({'get': 'list'})
formid = self.xform.pk
bobs_data = _data_list(formid)[0]
previous_user = self.user
self._create_user_and_login('alice', 'alice')
self.assertEqual(self.user.username, 'alice')
self.assertNotEqual(previous_user, self.user)
ReadOnlyRole.add(self.user, self.xform)
# publish alice's form
self._publish_transportation_form()
self.extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
formid = self.xform.pk
alice_data = _data_list(formid)[0]
request = self.factory.get('/', **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
# should be both bob's and alice's form
self.assertEqual(sorted(response.data), sorted([bobs_data,
alice_data]))
# apply filter, see only bob's forms
request = self.factory.get('/', data={'owner': 'bob'}, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [bobs_data])
# apply filter, see only alice's forms
request = self.factory.get('/', data={'owner': 'alice'}, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [alice_data])
# apply filter, see a non existent user
request = self.factory.get('/', data={'owner': 'noone'}, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
def test_project_filter_by_owner(self):
self._project_create()
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(alice_data)
ReadOnlyRole.add(self.user, self.project)
view = ProjectViewSet.as_view({
'get': 'retrieve'
})
request = self.factory.get('/', **self.extra)
response = view(request, pk=self.project.pk)
updated_project_data = response.data
self._project_create({'name': 'another project'})
# both bob's and alice's projects
request = self.factory.get('/', **self.extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertIn(updated_project_data, response.data)
self.assertIn(self.project_data, response.data)
# only bob's project
request = self.factory.get('/', {'owner': 'bob'}, **self.extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertIn(updated_project_data, response.data)
self.assertNotIn(self.project_data, response.data)
# only alice's project
request = self.factory.get('/', {'owner': 'alice'}, **self.extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertNotIn(updated_project_data, response.data)
self.assertIn(self.project_data, response.data)
# none existent user
request = self.factory.get('/', {'owner': 'noone'}, **self.extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
def test_reassign_role(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(ManagerRole.user_has_role(alice, self.xform))
ManagerRole.add(alice, self.xform)
self.assertTrue(ManagerRole.user_has_role(alice, self.xform))
self.assertTrue(
ManagerRole.has_role(perms_for(alice, self.xform), self.xform))
ReadOnlyRole.add(alice, self.xform)
self.assertFalse(ManagerRole.user_has_role(alice, self.xform))
self.assertTrue(ReadOnlyRole.user_has_role(alice, self.xform))
self.assertFalse(
ManagerRole.has_role(perms_for(alice, self.xform), self.xform))
self.assertTrue(
ReadOnlyRole.has_role(perms_for(alice, self.xform), self.xform))
def test_reassign_role(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(ManagerRole.user_has_role(alice, self.xform))
ManagerRole.add(alice, self.xform)
self.assertTrue(ManagerRole.user_has_role(alice, self.xform))
self.assertTrue(ManagerRole.has_role(
perms_for(alice, self.xform), self.xform))
ReadOnlyRole.add(alice, self.xform)
self.assertFalse(ManagerRole.user_has_role(alice, self.xform))
self.assertTrue(ReadOnlyRole.user_has_role(alice, self.xform))
self.assertFalse(ManagerRole.has_role(
perms_for(alice, self.xform), self.xform))
self.assertTrue(ReadOnlyRole.has_role(
perms_for(alice, self.xform), self.xform))
def test_get_xform_list_other_user_with_readonly_role(self):
request = self.factory.get('/')
response = self.view(request)
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
ReadOnlyRole.add(alice_profile.user, self.xform)
self.assertTrue(
ReadOnlyRole.user_has_role(alice_profile.user, self.xform))
auth = DigestAuth('alice', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request)
self.assertEqual(response.status_code, 200)
content = response.render().content
self.assertNotIn(self.xform.id_string, content)
self.assertEqual(
content, '<?xml version="1.0" encoding="utf-8"?>\n<xforms '
'xmlns="http://openrosa.org/xforms/xformsList"></xforms>')
self.assertTrue(response.has_header('X-OpenRosa-Version'))
self.assertTrue(
response.has_header('X-OpenRosa-Accept-Content-Length'))
self.assertTrue(response.has_header('Date'))
self.assertEqual(response['Content-Type'], 'text/xml; charset=utf-8')