Exemplo n.º 1
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        return redirect_to_public_link(request, uuid)

    xform, is_owner, can_edit, can_view, can_delete_data = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))

    data = {}
    data['cloned'] = len(
        XForm.objects.filter(
            user__username__iexact=request.user.username,
            id_string__exact=id_string + XForm.CLONED_SUFFIX)) > 0
    data['public_link'] = MetaData.public_link(xform)
    data['is_owner'] = is_owner
    data['can_edit'] = can_edit
    data['can_view'] = can_view or request.session.get('public_link')
    data['can_delete_data'] = can_delete_data
    data['xform'] = xform
    data['content_user'] = xform.user
    data['base_url'] = "https://%s" % request.get_host()
    data['supporting_docs'] = MetaData.supporting_docs(xform)
    data['media_upload'] = MetaData.media_upload(xform)

    if is_owner:
        data['media_form'] = MediaForm()

    if xform.kpi_asset_uid:
        data['kpi_url'] = (
            f'{settings.KOBOFORM_URL}/#/forms/{xform.kpi_asset_uid}')

    return render(request, "show.html", data)
Exemplo n.º 2
0
 def test_user_add_crowdform_duplicate_entry(self):
     self._add_crowdform()
     self.assertEqual(self.response.status_code, 302)
     meta = MetaData.crowdform_users(self.xform)
     self.assertEqual(len(meta), 1)
     self._add_crowdform()
     meta = MetaData.crowdform_users(self.xform)
     self.assertEqual(len(meta), 1)
Exemplo n.º 3
0
 def test_upload_source_file_keep_name(self):
     desc = 'Snooky'
     response = self.client.post(self.edit_url, {'source': desc},
                                 HTTP_X_REQUESTED_WITH='XMLHttpRequest')
     self.assertEqual(response.status_code, 200)
     self._add_metadata('source')
     self.assertNotEqual(MetaData.source(self.xform).data_file, None)
     self.assertEqual(MetaData.source(self.xform).data_value, desc)
Exemplo n.º 4
0
 def test_upload_source_file_keep_name(self):
     desc = 'Snooky'
     response = self.client.post(self.edit_url, {'source': desc},
                                 HTTP_X_REQUESTED_WITH='XMLHttpRequest')
     self.assertEqual(response.status_code, 200)
     self._add_metadata('source')
     self.assertNotEqual(MetaData.source(self.xform).data_file, None)
     self.assertEqual(MetaData.source(self.xform).data_value, desc)
Exemplo n.º 5
0
 def test_user_add_crowdform_duplicate_entry(self):
     self._add_crowdform()
     self.assertEqual(self.response.status_code, 302)
     meta = MetaData.crowdform_users(self.xform)
     self.assertEqual(len(meta), 1)
     self._add_crowdform()
     meta = MetaData.crowdform_users(self.xform)
     self.assertEqual(len(meta), 1)
Exemplo n.º 6
0
    def test_export_list_with_meta_perms(self):
        """
        Test export list for forms with meta permissions.
        """
        with HTTMock(enketo_mock):
            self._publish_transportation_form()

            for survey in self.surveys:
                self._make_submission(os.path.join(
                    settings.PROJECT_ROOT, 'apps', 'main', 'tests', 'fixtures',
                    'transportation', 'instances', survey, survey + '.xml'),
                                      forced_submission_time=parse_datetime(
                                          '2013-02-18 15:54:01Z'))

            alice = self._create_user('alice', 'alice', True)

            MetaData.xform_meta_permission(self.xform,
                                           data_value="editor|dataentry-minor")

            DataEntryMinorRole.add(alice, self.xform)

            for i in self.xform.instances.all()[:2]:
                i.user = alice
                i.save()

            view = XFormViewSet.as_view({'get': 'retrieve'})

            alices_extra = {
                'HTTP_AUTHORIZATION': 'Token %s' % alice.auth_token.key
            }

            # Alice creates an export with her own submissions
            request = self.factory.get('/', **alices_extra)
            response = view(request, pk=self.xform.pk, format='csv')
            self.assertEqual(response.status_code, 200)

            exports = Export.objects.filter(xform=self.xform)
            view = ExportViewSet.as_view({'get': 'list'})
            request = self.factory.get('/export',
                                       data={'xform': self.xform.id})
            force_authenticate(request, user=alice)
            response = view(request)
            self.assertEqual(len(exports), len(response.data))

            # Mary should not have access to the export with Alice's
            # submissions.
            self._create_user_and_login(username='******', password='******')
            self.assertEqual(self.user.username, 'mary')

            # Mary should only view their own submissions.
            DataEntryMinorRole.add(self.user, self.xform)
            request = self.factory.get('/export',
                                       data={'xform': self.xform.id})
            force_authenticate(request, user=self.user)
            response = view(request)
            self.assertFalse(bool(response.data), response.data)
            self.assertEqual(status.HTTP_200_OK, response.status_code)
Exemplo n.º 7
0
 def test_metadata_file_hash(self):
     self._publish_transportation_form()
     src = os.path.join(self.this_directory, "fixtures", "transportation",
                        "screenshot.png")
     uf = UploadedFile(file=open(src), content_type='image/png')
     count = MetaData.objects.count()
     MetaData.media_upload(self.xform, uf)
     # assert successful insert of new metadata record
     self.assertEqual(MetaData.objects.count(), count + 1)
     md = MetaData.objects.get(xform=self.xform,
                               data_value='screenshot.png')
     # assert checksum string has been generated, hash length > 1
     self.assertTrue(len(md.hash) > 16)
Exemplo n.º 8
0
 def test_windows_csv_file_upload(self):
     count = MetaData.objects.filter(data_type='media').count()
     media_file = os.path.join(self.this_directory, 'fixtures',
                               'transportation', 'transportation.csv')
     f = InMemoryUploadedFile(open(media_file), 'media',
                              'transportation.csv',
                              'application/octet-stream', 2625, None)
     MetaData.media_upload(self.xform, f)
     media_list = MetaData.objects.filter(data_type='media')
     new_count = media_list.count()
     self.assertEqual(count + 1, new_count)
     media = media_list.get(data_value='transportation.csv')
     self.assertEqual(media.data_file_type, 'text/csv')
Exemplo n.º 9
0
 def test_metadata_file_hash(self):
     self._publish_transportation_form()
     src = os.path.join(self.this_directory, "fixtures",
                        "transportation", "screenshot.png")
     uf = UploadedFile(file=open(src), content_type='image/png')
     count = MetaData.objects.count()
     MetaData.media_upload(self.xform, uf)
     # assert successful insert of new metadata record
     self.assertEqual(MetaData.objects.count(), count + 1)
     md = MetaData.objects.get(xform=self.xform,
                               data_value='screenshot.png')
     # assert checksum string has been generated, hash length > 1
     self.assertTrue(len(md.hash) > 16)
    def handle(self, *args, **kwargs):
        cursor = connection.cursor()
        cursor.execute(
            'SELECT uid FROM kpi_asset WHERE asset_type=%s', ['survey'])
        rs = cursor.cursor.fetchall()
        uids = [a[0] for a in rs]
        xforms = XForm.objects.filter(id_string__in=uids)
        for x in xforms:
            MetaData.published_by_formbuilder(x, 'True')

        self.stdout.write(
            "Done creating published_by_formbuilder metadata!!!"
        )
Exemplo n.º 11
0
    def test_retrieve_xform_manifest_linked_form(self):
        # for linked forms check if manifest media download url for csv
        # has a group_delimiter param
        data_type = 'media'
        data_value = 'xform {} transportation'.format(self.xform.pk)
        media = self._add_form_metadata(self.xform, data_type, data_value)

        self.view = XFormListViewSet.as_view(
            {
                "get": "manifest",
                "head": "manifest"
            }
        )

        # sign in bob
        request = self.factory.head('/')
        auth_response = self.view(request, pk=self.xform.pk)
        auth = DigestAuth('bob', 'bobbob')

        # set up bob's request
        request = self.factory.get('/xformsManifest')
        request.META.update(auth(request.META, auth_response))

        # make request
        response = self.view(request, pk=self.xform.pk, format='csv')

        # test
        manifest_media_url = '{}{}'.format(
            media.data['media_url'],
            '?group_delimiter=.&repeat_index_tags=_,_')
        download_url = response.data[0]['downloadUrl']
        self.assertEqual(manifest_media_url, download_url)

        url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\
            .format(self.xform.pk, self.metadata.pk)
        username = '******'
        password = '******'

        client = DigestClient()
        client.set_authorization(username, password, 'Digest')

        req = client.get(url)
        self.assertEqual(req.status_code, 200)

        # enable meta perms
        data_value = "editor-minor|dataentry"
        MetaData.xform_meta_permission(self.xform, data_value=data_value)

        req = client.get(url)
        self.assertEqual(req.status_code, 401)
Exemplo n.º 12
0
    def test_retrieve_xform_manifest_linked_form(self):
        # for linked forms check if manifest media download url for csv
        # has a group_delimiter param
        data_type = 'media'
        data_value = 'xform {} transportation'.format(self.xform.pk)
        media = self._add_form_metadata(self.xform, data_type, data_value)

        self.view = XFormListViewSet.as_view(
            {
                "get": "manifest",
                "head": "manifest"
            }
        )

        # sign in bob
        request = self.factory.head('/')
        auth_response = self.view(request, pk=self.xform.pk)
        auth = DigestAuth('bob', 'bobbob')

        # set up bob's request
        request = self.factory.get('/xformsManifest')
        request.META.update(auth(request.META, auth_response))

        # make request
        response = self.view(request, pk=self.xform.pk, format='csv')

        # test
        manifest_media_url = '{}{}'.format(
            media.data['media_url'],
            '?group_delimiter=.&repeat_index_tags=_,_')
        download_url = response.data[0]['downloadUrl']
        self.assertEqual(manifest_media_url, download_url)

        url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\
            .format(self.xform.pk, self.metadata.pk)
        username = '******'
        password = '******'

        client = DigestClient()
        client.set_authorization(username, password, 'Digest')

        req = client.get(url)
        self.assertEqual(req.status_code, 200)

        # enable meta perms
        data_value = "editor-minor|dataentry"
        MetaData.xform_meta_permission(self.xform, data_value=data_value)

        req = client.get(url)
        self.assertEqual(req.status_code, 401)
Exemplo n.º 13
0
 def test_private_set_link_to_share_toggle_off(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertRedirects(response,  self.show_normal_url)
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), False)
     response = self.anon.get(self.show_url)
     # follow redirect
     response = self.anon.get(response['Location'])
     self.assertEqual(response.status_code, 302)
     self.assertNotEqual(response['Location'],
                         '%s%s' % (self.base_url, self.show_normal_url))
Exemplo n.º 14
0
 def test_private_set_link_to_share_toggle_off(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertRedirects(response,  self.show_normal_url)
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), False)
     response = self.anon.get(self.show_url)
     # follow redirect
     response = self.anon.get(response['Location'])
     self.assertEqual(response.status_code, 302)
     self.assertNotEqual(response['Location'],
                         '%s%s' % (self.base_url, self.show_normal_url))
Exemplo n.º 15
0
    def send(self, url, parsed_instance):
        """
        Sends the submission to the configured rest service
        :param url:
        :param parsed_instance:
        :return:
        """
        extra_data = self.clean_keys_of_slashes(parsed_instance.instance.json)

        meta = MetaData.textit(parsed_instance.instance.xform)

        token, flow_uuid, contacts = meta.data_value.split(METADATA_SEPARATOR)
        post_data = {
            "extra": extra_data,
            "flow_uuid": flow_uuid,
            "contacts": contacts
        }
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Token {}".format(token)
        }
        http = httplib2.Http()

        resp, content = http.request(uri=url,
                                     method='POST',
                                     headers=headers,
                                     body=json.dumps(post_data))
 def test_public_with_link_to_share_toggle_on(self):
     # sharing behavior as of 09/13/2012:
     # it requires both data_share and form_share both turned on
     # in order to grant anon access to form uploading
     # TODO: findout 'for_user': '******' and what it means
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     # toggle shared on
     self.xform.shared = True
     self.xform.shared_data = True
     self.xform.save()
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     if not self._running_enketo():
         raise SkipTest
     with HTTMock(enketo_mock):
         factory = RequestFactory()
         request = factory.get('/')
         request.user = AnonymousUser()
         response = enter_data(request, self.user.username,
                               self.xform.id_string)
         self.assertEqual(response.status_code, 302)
Exemplo n.º 17
0
def xformsManifest(request, username, id_string):
    xform = get_object_or_404(XForm, id_string__exact=id_string, user__username__iexact=username)
    formlist_user = xform.user
    profile, created = UserProfile.objects.get_or_create(user=formlist_user)

    if profile.require_auth:
        authenticator = HttpDigestAuthenticator()
        if not authenticator.authenticate(request):
            return authenticator.build_challenge_response()

    response = render(
        request,
        "xformsManifest.xml",
        {
            "host": request.build_absolute_uri().replace(request.get_full_path(), ""),
            "media_files": MetaData.media_upload(xform, download=True),
        },
        content_type="text/xml; charset=utf-8",
    )
    response["X-OpenRosa-Version"] = "1.0"
    tz = pytz.timezone(settings.TIME_ZONE)
    dt = datetime.now(tz).strftime("%a, %d %b %Y %H:%M:%S %Z")
    response["Date"] = dt

    return response
Exemplo n.º 18
0
def xformsManifest(request, username, id_string):  # pylint: disable=C0103
    """
    XFormManifest view, part of OpenRosa Form Discovery API 1.0.
    """
    xform_kwargs = {
        'id_string__iexact': id_string,
        'user__username__iexact': username
    }

    xform = get_form(xform_kwargs)
    formlist_user = xform.user
    profile, __ = UserProfile.objects.get_or_create(user=formlist_user)

    if profile.require_auth:
        authenticator = HttpDigestAuthenticator()
        if not authenticator.authenticate(request):
            return authenticator.build_challenge_response()

    response = render(
        request,
        "xformsManifest.xml", {
            'host':
            request.build_absolute_uri().replace(request.get_full_path(), ''),
            'media_files':
            MetaData.media_upload(xform, download=True)
        },
        content_type="text/xml; charset=utf-8")
    response['X-OpenRosa-Version'] = '1.0'
    response['Date'] = datetime.now(pytz.timezone(settings.TIME_ZONE))\
        .strftime('%a, %d %b %Y %H:%M:%S %Z')

    return response
Exemplo n.º 19
0
 def test_public_with_link_to_share_toggle_on(self):
     # sharing behavior as of 09/13/2012:
     # it requires both data_share and form_share both turned on
     # in order to grant anon access to form uploading
     # TODO: findout 'for_user': '******' and what it means
     response = self.client.post(
         self.perm_url, {"for_user": "******", "perm_type": "link"}
     )
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     # toggle shared on
     self.xform.shared = True
     self.xform.shared_data = True
     self.xform.save()
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     if not self._running_enketo():
         raise SkipTest
     with HTTMock(enketo_mock):
         factory = RequestFactory()
         request = factory.get("/")
         request.user = AnonymousUser()
         response = enter_data(
             request, self.user.username, self.xform.id_string
         )
         self.assertEqual(response.status_code, 302)
Exemplo n.º 20
0
 def test_public_with_link_to_share(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******', 'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertRedirects(response, self.show_normal_url)
Exemplo n.º 21
0
def xformsManifest(request, username, id_string):  # pylint: disable=C0103
    """
    XFormManifest view, part of OpenRosa Form Discovery API 1.0.
    """
    xform_kwargs = {
        'id_string__iexact': id_string,
        'user__username__iexact': username
    }

    xform = get_form(xform_kwargs)
    formlist_user = xform.user
    profile, __ = UserProfile.objects.get_or_create(user=formlist_user)

    if profile.require_auth:
        authenticator = HttpDigestAuthenticator()
        if not authenticator.authenticate(request):
            return authenticator.build_challenge_response()

    response = render(
        request,
        "xformsManifest.xml", {
            'host':
            request.build_absolute_uri().replace(request.get_full_path(), ''),
            'media_files':
            MetaData.media_upload(xform, download=True)
        },
        content_type="text/xml; charset=utf-8")
    response['X-OpenRosa-Version'] = '1.0'
    response['Date'] = datetime.now(pytz.timezone(settings.TIME_ZONE))\
        .strftime('%a, %d %b %Y %H:%M:%S %Z')

    return response
Exemplo n.º 22
0
def xformsManifest(request, username, id_string):
    xform = get_object_or_404(XForm,
                              id_string__exact=id_string,
                              user__username__iexact=username)
    formlist_user = xform.user
    profile, created = \
        UserProfile.objects.get_or_create(user=formlist_user)

    if profile.require_auth:
        authenticator = HttpDigestAuthenticator()
        if not authenticator.authenticate(request):
            return authenticator.build_challenge_response()

    response = render(
        request,
        "xformsManifest.xml", {
            'host':
            request.build_absolute_uri().replace(request.get_full_path(), ''),
            'media_files':
            MetaData.media_upload(xform, download=True)
        },
        content_type="text/xml; charset=utf-8")
    response['X-OpenRosa-Version'] = '1.0'
    tz = pytz.timezone(settings.TIME_ZONE)
    dt = datetime.now(tz).strftime('%a, %d %b %Y %H:%M:%S %Z')
    response['Date'] = dt

    return response
Exemplo n.º 23
0
 def test_public_with_link_to_share(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******', 'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertRedirects(response, self.show_normal_url)
Exemplo n.º 24
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        xform = get_object_or_404(XForm, uuid=uuid)
        request.session["public_link"] = xform.uuid if MetaData.public_link(xform) else False
        return HttpResponseRedirect(
            reverse(show, kwargs={"username": xform.user.username, "id_string": xform.id_string})
        )
    xform, is_owner, can_edit, can_view = get_xform_and_perms(username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get("public_link")):
        return HttpResponseRedirect(reverse(home))
    context = RequestContext(request)
    context.cloned = (
        len(XForm.objects.filter(user__username=request.user.username, id_string=id_string + XForm.CLONED_SUFFIX)) > 0
    )
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get("public_link")
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    context.media_upload = MetaData.media_upload(xform)
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    if is_owner:
        context.sms_support_form = ActivateSMSSupportFom(
            initial={"enable_sms_support": xform.allows_sms, "sms_id_string": xform.sms_id_string}
        )
        if not xform.allows_sms:
            context.sms_compatible = check_form_sms_compatibility(None, json_survey=json.loads(xform.json))
        else:
            url_root = request.build_absolute_uri("/")[:-1]
            context.sms_providers_doc = providers_doc(url_root=url_root, username=username, id_string=id_string)
            context.url_root = url_root
        context.form_license_form = FormLicenseForm(initial={"value": context.form_license})
        context.data_license_form = DataLicenseForm(initial={"value": context.data_license})
        context.doc_form = SupportDocForm()
        context.source_form = SourceForm()
        context.media_form = MediaForm()
        context.mapbox_layer_form = MapboxLayerForm()
        users_with_perms = []
        for perm in get_users_with_perms(xform, attach_perms=True).items():
            has_perm = []
            if "change_xform" in perm[1]:
                has_perm.append(_(u"Can Edit"))
            if "view_xform" in perm[1]:
                has_perm.append(_(u"Can View"))
            users_with_perms.append((perm[0], u" | ".join(has_perm)))
        context.users_with_perms = users_with_perms
        context.permission_form = PermissionForm(username)
    if xform.allows_sms:
        context.sms_support_doc = get_autodoc_for(xform)
    return render_to_response("show.html", context_instance=context)
Exemplo n.º 25
0
    def create(self, validated_data):
        data_type = validated_data.get('data_type')
        data_file = validated_data.get('data_file')
        data_file_type = validated_data.get('data_file_type')

        content_object = self.get_content_object(validated_data)
        data_value = data_file.name \
            if data_file else validated_data.get('data_value')

        # not exactly sure what changed in the requests.FILES for django 1.7
        # csv files uploaded in windows do not have the text/csv content_type
        # this works around that
        if data_type == MEDIA_TYPE and data_file \
                and data_file.name.lower().endswith('.csv') \
                and data_file_type != CSV_CONTENT_TYPE:
            data_file_type = CSV_CONTENT_TYPE

        content_type = ContentType.objects.get_for_model(content_object)

        try:
            if data_type == XFORM_META_PERMS:
                metadata = \
                    MetaData.xform_meta_permission(content_object,
                                                   data_value=data_value)
                update_role_by_meta_xform_perms(content_object)

            elif data_type == SUBMISSION_REVIEW:
                # ensure only one submission_review metadata exists per form
                if MetaData.submission_review(content_object):
                    raise serializers.ValidationError(_(UNIQUE_TOGETHER_ERROR))
                else:
                    metadata = MetaData.submission_review(
                        content_object, data_value=data_value)

            else:
                metadata = MetaData.objects.create(
                    content_type=content_type,
                    data_type=data_type,
                    data_value=data_value,
                    data_file=data_file,
                    data_file_type=data_file_type,
                    object_id=content_object.id)

            return metadata
        except IntegrityError:
            raise serializers.ValidationError(_(UNIQUE_TOGETHER_ERROR))
Exemplo n.º 26
0
 def test_windows_csv_file_upload(self):
     count = MetaData.objects.filter(data_type='media').count()
     media_file = os.path.join(
         self.this_directory, 'fixtures', 'transportation',
         'transportation.csv')
     f = InMemoryUploadedFile(open(media_file),
                              'media',
                              'transportation.csv',
                              'application/octet-stream',
                              2625,
                              None)
     MetaData.media_upload(self.xform, f)
     media_list = MetaData.objects.filter(data_type='media')
     new_count = media_list.count()
     self.assertEqual(count + 1, new_count)
     media = media_list.get(data_value='transportation.csv')
     self.assertEqual(media.data_file_type, 'text/csv')
Exemplo n.º 27
0
def redirect_to_public_link(request, uuid):
    xform = get_object_or_404(XForm, uuid=uuid)
    request.session['public_link'] = \
        xform.uuid if MetaData.public_link(xform) else False

    return HttpResponseRedirect(reverse(show, kwargs={
        'username': xform.user.username,
        'id_string': xform.id_string
    }))
Exemplo n.º 28
0
def create_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username__iexact=username)
    xform = get_object_or_404(XForm, id_string__exact=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    if export_type == Export.EXTERNAL_EXPORT:
        # check for template before trying to generate a report
        if not MetaData.external_export(xform=xform):
            return HttpResponseForbidden(_(u'No XLS Template set.'))

    query = request.POST.get("query")
    force_xlsx = request.POST.get('xls') != 'true'

    # export options
    group_delimiter = request.POST.get("options[group_delimiter]", '/')
    if group_delimiter not in ['.', '/']:
        return HttpResponseBadRequest(
            _("%s is not a valid delimiter" % group_delimiter))

    # default is True, so when dont_.. is yes
    # split_select_multiples becomes False
    split_select_multiples = request.POST.get(
        "options[dont_split_select_multiples]", "no") == "no"

    binary_select_multiples = getattr(settings, 'BINARY_SELECT_MULTIPLES',
                                      False)
    # external export option
    meta = request.POST.get("meta")
    options = {
        'group_delimiter': group_delimiter,
        'split_select_multiples': split_select_multiples,
        'binary_select_multiples': binary_select_multiples,
        'meta': meta.replace(",", "") if meta else None
    }

    try:
        create_async_export(xform, export_type, query, force_xlsx, options)
    except Export.ExportTypeError:
        return HttpResponseBadRequest(
            _("%s is not a valid export type" % export_type))
    else:
        audit = {"xform": xform.id_string, "export_type": export_type}
        audit_log(
            Actions.EXPORT_CREATED, request.user, owner,
            _("Created %(export_type)s export on '%(id_string)s'.") % {
                'export_type': export_type.upper(),
                'id_string': xform.id_string,
            }, audit, request)
        return HttpResponseRedirect(
            reverse(export_list,
                    kwargs={
                        "username": username,
                        "id_string": id_string,
                        "export_type": export_type
                    }))
Exemplo n.º 29
0
 def setUp(self):
     TestBase.setUp(self)
     self._publish_transportation_form()
     self._submit_transport_instance_w_attachment()
     src = os.path.join(self.this_directory, "fixtures", "transportation",
                        "screenshot.png")
     uf = UploadedFile(file=open(src, 'rb'), content_type='image/png')
     count = MetaData.objects.count()
     MetaData.media_upload(self.xform, uf)
     self.assertEqual(MetaData.objects.count(), count + 1)
     url = urljoin(
         self.base_url,
         reverse(profile, kwargs={'username': self.user.username}))
     self._logout()
     self._create_user_and_login('deno', 'deno')
     self.bc = BriefcaseClient(username='******',
                               password='******',
                               url=url,
                               user=self.user)
Exemplo n.º 30
0
def edit(request, username, id_string):
    xform = XForm.objects.get(user__username__iexact=username,
                              id_string__exact=id_string)
    owner = xform.user

    if username == request.user.username or\
            request.user.has_perm('logger.change_xform', xform):

        if request.POST.get('media_url'):
            uri = request.POST.get('media_url')
            try:
                SSRFProtect.validate(uri)
            except SSRFProtectException:
                return HttpResponseForbidden(
                    t('URL {uri} is forbidden.').format(uri=uri))
            MetaData.media_add_uri(xform, uri)
        elif request.FILES.get('media'):
            audit = {'xform': xform.id_string}
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                t("Media added to '%(id_string)s'.") %
                {'id_string': xform.id_string}, audit, request)
            for aFile in request.FILES.getlist("media"):
                MetaData.media_upload(xform, aFile)

        xform.update()

        if request.is_ajax():
            return HttpResponse(t('Updated succeeded.'))
        else:
            if 'HTTP_REFERER' in request.META and request.META[
                    'HTTP_REFERER'].strip():
                return HttpResponseRedirect(request.META['HTTP_REFERER'])

            return HttpResponseRedirect(
                reverse(show,
                        kwargs={
                            'username': username,
                            'id_string': id_string
                        }))

    return HttpResponseForbidden(t('Update failed.'))
Exemplo n.º 31
0
 def test_public_with_link_to_share_toggle_on(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
                      '%s%s' % (self.base_url, self.show_normal_url))
     response = self.anon.get(self.show_normal_url)
     self.assertEqual(response.status_code, 200)
Exemplo n.º 32
0
def auto_add_crowd_form_to_registered_user(sender, **kwargs):
    new_user = kwargs.get("user")
    if (
        hasattr(settings, "AUTO_ADD_CROWDFORM")
        and settings.AUTO_ADD_CROWDFORM
        and hasattr(settings, "DEFAULT_CROWDFORM")
    ):
        try:
            default_crowdform = settings.DEFAULT_CROWDFORM
            if (
                isinstance(default_crowdform, dict)
                and "xform_username" in default_crowdform
                and "xform_id_string" in default_crowdform
            ):
                xform = XForm.objects.get(
                    id_string=default_crowdform["xform_id_string"], user__username=default_crowdform["xform_username"]
                )
                MetaData.crowdform_users(xform, new_user.username)
        except XForm.DoesNotExist:
            pass
Exemplo n.º 33
0
def export_list(request, username, id_string, export_type):
    if export_type == Export.GDOC_EXPORT:
        redirect_url = reverse(
            export_list,
            kwargs={
                'username': username, 'id_string': id_string,
                'export_type': export_type})
        token = _get_google_token(request, redirect_url)
        if isinstance(token, HttpResponse):
            return token
    owner = get_object_or_404(User, username__iexact=username)
    xform = get_object_or_404(XForm, id_string__exact=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    if export_type == Export.EXTERNAL_EXPORT:
        # check for template before trying to generate a report
        if not MetaData.external_export(xform=xform):
            return HttpResponseForbidden(_(u'No XLS Template set.'))
    # Get meta and token
    export_token = request.GET.get('token')
    export_meta = request.GET.get('meta')
    options = {
        'meta': export_meta,
        'token': export_token,
    }

    if should_create_new_export(xform, export_type):
        try:
            create_async_export(
                xform, export_type, query=None, force_xlsx=True,
                options=options)
        except Export.ExportTypeError:
            return HttpResponseBadRequest(
                _("%s is not a valid export type" % export_type))

    metadata = MetaData.objects.filter(xform=xform,
                                       data_type="external_export")\
        .values('id', 'data_value')

    for m in metadata:
        m['data_value'] = m.get('data_value').split('|')[0]

    data = {
        'username': owner.username,
        'xform': xform,
        'export_type': export_type,
        'export_type_name': Export.EXPORT_TYPE_DICT[export_type],
        'exports': Export.objects.filter(
            xform=xform, export_type=export_type).order_by('-created_on'),
        'metas': metadata
    }

    return render(request, 'export_list.html', data)
Exemplo n.º 34
0
def export_list(request, username, id_string, export_type):
    if export_type == Export.GDOC_EXPORT:
        redirect_url = reverse(
            export_list,
            kwargs={
                'username': username, 'id_string': id_string,
                'export_type': export_type})
        token = _get_google_token(request, redirect_url)
        if isinstance(token, HttpResponse):
            return token
    owner = get_object_or_404(User, username__iexact=username)
    xform = get_object_or_404(XForm, id_string__exact=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    if export_type == Export.EXTERNAL_EXPORT:
        # check for template before trying to generate a report
        if not MetaData.external_export(xform=xform):
            return HttpResponseForbidden(_(u'No XLS Template set.'))
    # Get meta and token
    export_token = request.GET.get('token')
    export_meta = request.GET.get('meta')
    options = {
        'meta': export_meta,
        'token': export_token,
    }

    if should_create_new_export(xform, export_type):
        try:
            create_async_export(
                xform, export_type, query=None, force_xlsx=True,
                options=options)
        except Export.ExportTypeError:
            return HttpResponseBadRequest(
                _("%s is not a valid export type" % export_type))

    metadata = MetaData.objects.filter(xform=xform,
                                       data_type="external_export")\
        .values('id', 'data_value')

    for m in metadata:
        m['data_value'] = m.get('data_value').split('|')[0]

    data = {
        'username': owner.username,
        'xform': xform,
        'export_type': export_type,
        'export_type_name': Export.EXPORT_TYPE_DICT[export_type],
        'exports': Export.objects.filter(
            xform=xform, export_type=export_type).order_by('-created_on'),
        'metas': metadata
    }

    return render(request, 'export_list.html', data)
Exemplo n.º 35
0
 def setUp(self):
     TestBase.setUp(self)
     self._publish_transportation_form()
     self._submit_transport_instance_w_attachment()
     src = os.path.join(self.this_directory, "fixtures",
                        "transportation", "screenshot.png")
     uf = UploadedFile(file=open(src), content_type='image/png')
     count = MetaData.objects.count()
     MetaData.media_upload(self.xform, uf)
     self.assertEqual(MetaData.objects.count(), count + 1)
     url = urljoin(
         self.base_url,
         reverse(profile, kwargs={'username': self.user.username})
     )
     self._logout()
     self._create_user_and_login('deno', 'deno')
     self.bc = BriefcaseClient(
         username='******', password='******',
         url=url,
         user=self.user
     )
Exemplo n.º 36
0
    def test_crowdform_for_new_user(self):
        # initial
        meta = MetaData.crowdform_users(self.xform)
        self.assertEqual(len(meta), 0)

        #save settings to be restored later
        old_auto_add_cf = settings.AUTO_ADD_CROWDFORM
        old_default_cf = settings.DEFAULT_CROWDFORM

        # enable auto add crowdform
        settings.AUTO_ADD_CROWDFORM = True
        settings.DEFAULT_CROWDFORM = {
            'xform_username': self.user.username,
            'xform_id_string': self.xform.id_string
        }

        # register new user
        post_data = {
            'username': self.alice,
            'email': '*****@*****.**',
            'password1': 'bobbob',
            'password2': 'bobbob',
            'name': 'Alice',
            'city': 'Ecila',
            'country': 'US',
            'organization': 'Alic Inc.',
            'home_page': 'alice.com',
            'twitter': 'alicerama'
        }
        url = '/accounts/register/'
        self.response = self.client.post(url, post_data)

        # check to ensure that crowd form was added
        meta = MetaData.crowdform_users(self.xform)
        self.assertEqual(len(meta), 1)
        self.assertEqual(meta[0].data_value, self.alice)

        # restore old settings
        settings.AUTO_ADD_CROWDFORM = old_auto_add_cf
        settings.DEFAULT_CROWDFORM = old_default_cf
Exemplo n.º 37
0
def map_view(request, username, id_string, template='map.html'):
    """
    Map view.
    """
    owner = get_object_or_404(User, username__iexact=username)
    xform = get_form({'user': owner, 'id_string__iexact': id_string})

    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    data = {'content_user': owner, 'xform': xform}
    data['profile'], __ = UserProfile.objects.get_or_create(user=owner)

    data['form_view'] = True
    data['jsonform_url'] = reverse(download_jsonform,
                                   kwargs={
                                       "username": username,
                                       "id_string": id_string
                                   })
    data['enketo_edit_url'] = reverse('edit_data',
                                      kwargs={
                                          "username": username,
                                          "id_string": id_string,
                                          "data_id": 0
                                      })
    data['enketo_add_url'] = reverse('enter_data',
                                     kwargs={
                                         "username": username,
                                         "id_string": id_string
                                     })

    data['enketo_add_with_url'] = reverse('add_submission_with',
                                          kwargs={
                                              "username": username,
                                              "id_string": id_string
                                          })
    data['mongo_api_url'] = reverse('mongo_view_api',
                                    kwargs={
                                        "username": username,
                                        "id_string": id_string
                                    })
    data['delete_data_url'] = reverse('delete_data',
                                      kwargs={
                                          "username": username,
                                          "id_string": id_string
                                      })
    data['mapbox_layer'] = MetaData.mapbox_layer_upload(xform)
    audit = {"xform": xform.id_string}
    audit_log(
        Actions.FORM_MAP_VIEWED, request.user, owner,
        _("Requested map on '%(id_string)s'.") %
        {'id_string': xform.id_string}, audit, request)
    return render(request, template, data)
Exemplo n.º 38
0
 def test_public_with_link_to_share_toggle_on(self):
     response = self.client.post(self.perm_url, {
         'for_user': '******',
         'perm_type': 'link'
     })
     self.assertEqual(response.status_code, 302)
     self.assertEqual(MetaData.public_link(self.xform), True)
     response = self.anon.get(self.show_url)
     self.assertEqual(response.status_code, 302)
     self.assertEqual(response['Location'],
                      '%s%s' % (self.base_url, self.show_normal_url))
     response = self.anon.get(self.show_normal_url)
     self.assertEqual(response.status_code, 200)
Exemplo n.º 39
0
    def test_textit_service(self, mock_http):
        service_url = "https://textit.io/api/v1/runs.json"
        service_name = "textit"

        self._add_rest_service(service_url, service_name)

        # add metadata
        api_token = "asdaasda"
        flow_uuid = "getvdgdfd"
        default_contact = "sadlsdfskjdfds"

        MetaData.textit(self.xform,
                        data_value="{}|{}|{}".format(api_token, flow_uuid,
                                                     default_contact))

        xml_submission = os.path.join(self.this_directory, u'fixtures',
                                      u'dhisform_submission1.xml')

        self.assertFalse(mock_http.called)
        self._make_submission(xml_submission)
        self.assertTrue(mock_http.called)
        self.assertEquals(mock_http.call_count, 1)
Exemplo n.º 40
0
    def test_crowdform_for_new_user(self):
        # initial
        meta = MetaData.crowdform_users(self.xform)
        self.assertEqual(len(meta), 0)

        #save settings to be restored later
        old_auto_add_cf = settings.AUTO_ADD_CROWDFORM
        old_default_cf = settings.DEFAULT_CROWDFORM

        # enable auto add crowdform
        settings.AUTO_ADD_CROWDFORM = True
        settings.DEFAULT_CROWDFORM = {
            'xform_username': self.user.username,
            'xform_id_string': self.xform.id_string}

        # register new user
        post_data = {
            'username': self.alice,
            'email': '*****@*****.**',
            'password1': 'bobbob',
            'password2': 'bobbob',
            'name': 'Alice',
            'city': 'Ecila',
            'country': 'US',
            'organization': 'Alic Inc.',
            'home_page': 'alice.com',
            'twitter': 'alicerama'
        }
        url = '/accounts/register/'
        self.response = self.client.post(url, post_data)

        # check to ensure that crowd form was added
        meta = MetaData.crowdform_users(self.xform)
        self.assertEqual(len(meta), 1)
        self.assertEqual(meta[0].data_value, self.alice)

        # restore old settings
        settings.AUTO_ADD_CROWDFORM = old_auto_add_cf
        settings.DEFAULT_CROWDFORM = old_default_cf
Exemplo n.º 41
0
def show_form_settings(request, username=None, id_string=None, uuid=None):
    if uuid:
        return redirect_to_public_link(request, uuid)

    xform, is_owner, can_edit, can_view, can_delete_data = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))

    data = {}
    data['cloned'] = len(
        XForm.objects.filter(
            user__username__iexact=request.user.username,
            id_string__exact=id_string + XForm.CLONED_SUFFIX)) > 0
    data['public_link'] = MetaData.public_link(xform)
    data['is_owner'] = is_owner
    data['can_edit'] = can_edit
    data['can_view'] = can_view or request.session.get('public_link')
    data['can_delete_data'] = can_delete_data
    data['xform'] = xform
    data['content_user'] = xform.user
    data['base_url'] = "https://%s" % request.get_host()
    data['source'] = MetaData.source(xform)
    data['media_upload'] = MetaData.media_upload(xform)
    # https://html.spec.whatwg.org/multipage/input.html#attr-input-accept
    # e.g. .csv,.xml,text/csv,text/xml
    media_upload_types = []
    for supported_type in settings.SUPPORTED_MEDIA_UPLOAD_TYPES:
        extension = '.{}'.format(supported_type.split('/')[-1])
        media_upload_types.append(extension)
        media_upload_types.append(supported_type)
    data['media_upload_types'] = ','.join(media_upload_types)

    if is_owner:
        data['media_form'] = MediaForm()

    return render(request, "show_form_settings.html", data)
Exemplo n.º 42
0
 def test_only_access_shared_link_form(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), True)
     # publish a second form to make sure the user cant access other forms
     self._publish_xls_file(os.path.join(
         self.this_directory, "fixtures", "csv_export", "tutorial.xls"))
     xform_2 = XForm.objects.order_by('pk').reverse()[0]
     url_2 = reverse(show, kwargs={
         'username': self.user.username,
         'id_string': xform_2.id_string
     })
     response = self.anon.get(url_2)
     self.assertRedirects(response, "/")
Exemplo n.º 43
0
def map_view(request, username, id_string, template='map.html'):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context = RequestContext(request)
    context.content_user = owner
    context.xform = xform
    context.profile, created = UserProfile.objects.get_or_create(user=owner)

    context.form_view = True
    context.jsonform_url = reverse(download_jsonform,
                                   kwargs={
                                       "username": username,
                                       "id_string": id_string
                                   })
    context.enketo_edit_url = reverse('edit_data',
                                      kwargs={
                                          "username": username,
                                          "id_string": id_string,
                                          "data_id": 0
                                      })
    context.enketo_add_url = reverse('enter_data',
                                     kwargs={
                                         "username": username,
                                         "id_string": id_string
                                     })

    context.enketo_add_with_url = reverse('add_submission_with',
                                          kwargs={
                                              "username": username,
                                              "id_string": id_string
                                          })
    context.mongo_api_url = reverse('mongo_view_api',
                                    kwargs={
                                        "username": username,
                                        "id_string": id_string
                                    })
    context.delete_data_url = reverse('delete_data',
                                      kwargs={
                                          "username": username,
                                          "id_string": id_string
                                      })
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    audit = {"xform": xform.id_string}
    audit_log(
        Actions.FORM_MAP_VIEWED, request.user, owner,
        _("Requested map on '%(id_string)s'.") %
        {'id_string': xform.id_string}, audit, request)
    return render_to_response(template, context_instance=context)
Exemplo n.º 44
0
 def test_only_access_shared_link_form(self):
     response = self.client.post(self.perm_url, {'for_user': '******',
                                 'perm_type': 'link'})
     self.assertEqual(MetaData.public_link(self.xform), True)
     # publish a second form to make sure the user cant access other forms
     self._publish_xls_file(os.path.join(
         self.this_directory, "fixtures", "csv_export", "tutorial.xls"))
     xform_2 = XForm.objects.order_by('pk').reverse()[0]
     url_2 = reverse(show, kwargs={
         'username': self.user.username,
         'id_string': xform_2.id_string
     })
     response = self.anon.get(url_2)
     self.assertRedirects(response, "/")
Exemplo n.º 45
0
    def test_textit_service(self, mock_http):
        service_url = "https://textit.io/api/v1/runs.json"
        service_name = "textit"

        self._add_rest_service(service_url, service_name)

        # add metadata
        api_token = "asdaasda"
        flow_uuid = "getvdgdfd"
        default_contact = "sadlsdfskjdfds"

        MetaData.textit(
            self.xform, data_value="{}|{}|{}".format(api_token,
                                                     flow_uuid,
                                                     default_contact))

        xml_submission = os.path.join(self.this_directory,
                                      u'fixtures',
                                      u'dhisform_submission1.xml')

        self.assertFalse(mock_http.called)
        self._make_submission(xml_submission)
        self.assertTrue(mock_http.called)
        self.assertEquals(mock_http.call_count, 1)
Exemplo n.º 46
0
def export_list(request, username, id_string, export_type, is_project=0, id=0, site_id=0, version="0"):
    site_id = int(site_id)
    if export_type == Export.GDOC_EXPORT:
        return HttpResponseForbidden(_(u'Not shared.'))
        token = _get_google_token(request, redirect_url)
        if isinstance(token, HttpResponse):
            return token
    owner = get_object_or_404(User, username__iexact=username)
    xform = get_object_or_404(XForm, id_string__exact=id_string, user=owner)

    if export_type == Export.EXTERNAL_EXPORT:
        return HttpResponseForbidden(_(u'Not shared.'))
        # check for template before trying to generate a report
        if not MetaData.external_export(xform=xform):
            return HttpResponseForbidden(_(u'No XLS Template set.'))
    # Get meta and token
    export_token = request.GET.get('token')
    export_meta = request.GET.get('meta')
    options = {
        'meta': export_meta,
        'token': export_token,
    }

    metadata = MetaData.objects.filter(xform=xform,
                                       data_type="external_export")\
        .values('id', 'data_value')

    for m in metadata:
        m['data_value'] = m.get('data_value').split('|')[0]

    data = {
        'username': xform.user.username,
        'xform': xform,
        'export_type': export_type,
        'export_type_name': Export.EXPORT_TYPE_DICT[export_type],
        'exports': Export.objects.filter(
            xform=xform, export_type=export_type, fsxf=id, site=site_id, version=version).order_by('-created_on'),
        'metas': metadata,
        'is_project': is_project,
        'id': id,
        'version': version,
            }
    data['site_id'] = site_id

    return render(request, 'export_list.html', data)
Exemplo n.º 47
0
def map_view(request, username, id_string, template='map.html'):
    """
    Map view.
    """
    owner = get_object_or_404(User, username__iexact=username)
    xform = get_form({'user': owner, 'id_string__iexact': id_string})

    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    data = {'content_user': owner, 'xform': xform}
    data['profile'], __ = UserProfile.objects.get_or_create(user=owner)

    data['form_view'] = True
    data['jsonform_url'] = reverse(
        download_jsonform,
        kwargs={"username": username,
                "id_string": id_string})
    data['enketo_edit_url'] = reverse(
        'edit_data',
        kwargs={"username": username,
                "id_string": id_string,
                "data_id": 0})
    data['enketo_add_url'] = reverse(
        'enter_data', kwargs={"username": username,
                              "id_string": id_string})

    data['enketo_add_with_url'] = reverse(
        'add_submission_with',
        kwargs={"username": username,
                "id_string": id_string})
    data['mongo_api_url'] = reverse(
        'mongo_view_api',
        kwargs={"username": username,
                "id_string": id_string})
    data['delete_data_url'] = reverse(
        'delete_data', kwargs={"username": username,
                               "id_string": id_string})
    data['mapbox_layer'] = MetaData.mapbox_layer_upload(xform)
    audit = {"xform": xform.id_string}
    audit_log(Actions.FORM_MAP_VIEWED, request.user, owner,
              _("Requested map on '%(id_string)s'.") %
              {'id_string': xform.id_string}, audit, request)
    return render(request, template, data)
Exemplo n.º 48
0
def xformsManifest(request, username, id_string):
    xform = get_object_or_404(
        XForm, id_string=id_string, user__username=username)
    formlist_user = xform.user
    profile, created = \
        UserProfile.objects.get_or_create(user=formlist_user)

    if profile.require_auth:
        authenticator = HttpDigestAuthenticator()
        if not authenticator.authenticate(request):
            return authenticator.build_challenge_response()
    response = render_to_response("xformsManifest.xml", {
        'host': request.build_absolute_uri().replace(
            request.get_full_path(), ''),
        'media_files': MetaData.media_upload(xform, download=True)
    }, mimetype="text/xml; charset=utf-8")
    response['X-OpenRosa-Version'] = '1.0'
    tz = pytz.timezone(settings.TIME_ZONE)
    dt = datetime.now(tz).strftime('%a, %d %b %Y %H:%M:%S %Z')
    response['Date'] = dt
    return response
Exemplo n.º 49
0
    def send(self, url, submission_instance):
        """
        Sends the submission to the configured rest service
        :param url:
        :param submission_instance:
        :return:
        """
        extra_data = self.clean_keys_of_slashes(submission_instance.json)

        data_value = MetaData.textit(submission_instance.xform)

        if data_value:
            token, flow, contacts = data_value.split(METADATA_SEPARATOR)
            post_data = {
                "extra": extra_data,
                "flow": flow,
                "contacts": contacts.split(',')
            }
            headers = {"Content-Type": "application/json",
                       "Authorization": "Token {}".format(token)}

            requests.post(url, headers=headers, data=json.dumps(post_data))
Exemplo n.º 50
0
def map_view(request, username, id_string, template='map.html'):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context = RequestContext(request)
    context.content_user = owner
    context.xform = xform
    context.profile, created = UserProfile.objects.get_or_create(user=owner)

    context.form_view = True
    context.jsonform_url = reverse(download_jsonform,
                                   kwargs={"username": username,
                                           "id_string": id_string})
    context.enketo_edit_url = reverse('edit_data',
                                      kwargs={"username": username,
                                              "id_string": id_string,
                                              "data_id": 0})
    context.enketo_add_url = reverse('enter_data',
                                     kwargs={"username": username,
                                             "id_string": id_string})

    context.enketo_add_with_url = reverse('add_submission_with',
                                          kwargs={"username": username,
                                                  "id_string": id_string})
    context.mongo_api_url = reverse('mongo_view_api',
                                    kwargs={"username": username,
                                            "id_string": id_string})
    context.delete_data_url = reverse('delete_data',
                                      kwargs={"username": username,
                                              "id_string": id_string})
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    audit = {
        "xform": xform.id_string
    }
    audit_log(Actions.FORM_MAP_VIEWED, request.user, owner,
              _("Requested map on '%(id_string)s'.")
              % {'id_string': xform.id_string}, audit, request)
    return render_to_response(template, context_instance=context)
Exemplo n.º 51
0
    def send(self, url, submission_instance):
        """
        Sends the submission to the configured rest service
        :param url:
        :param submission_instance:
        :return:
        """
        extra_data = self.clean_keys_of_slashes(submission_instance.json)

        data_value = MetaData.textit(submission_instance.xform)

        if data_value:
            token, flow, contacts = data_value.split(METADATA_SEPARATOR)
            post_data = {
                "extra": extra_data,
                "flow": flow,
                "contacts": contacts.split(',')
            }
            headers = {"Content-Type": "application/json",
                       "Authorization": "Token {}".format(token)}

            requests.post(url, headers=headers, data=json.dumps(post_data))
Exemplo n.º 52
0
    def send(self, url, parsed_instance):
        """
        Sends the submission to the configured rest service
        :param url:
        :param parsed_instance:
        :return:
        """
        extra_data = self.clean_keys_of_slashes(parsed_instance.instance.json)

        meta = MetaData.textit(parsed_instance.instance.xform)

        token, flow_uuid, contacts = meta.data_value.split(METADATA_SEPARATOR)
        post_data = {
            "extra": extra_data,
            "flow_uuid": flow_uuid,
            "contacts": contacts
        }
        headers = {"Content-Type": "application/json",
                   "Authorization": "Token {}".format(token)}
        http = httplib2.Http()

        resp, content = http.request(uri=url, method='POST',
                                     headers=headers,
                                     body=json.dumps(post_data))
Exemplo n.º 53
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        return redirect_to_public_link(request, uuid)

    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))

    context = RequestContext(request)
    context.cloned = len(
        XForm.objects.filter(user__username=request.user.username,
                             id_string=id_string + XForm.CLONED_SUFFIX)
    ) > 0
    context.public_link = MetaData.public_link(xform)
    context.is_owner = is_owner
    context.can_edit = can_edit
    context.can_view = can_view or request.session.get('public_link')
    context.xform = xform
    context.content_user = xform.user
    context.base_url = "https://%s" % request.get_host()
    context.source = MetaData.source(xform)
    context.form_license = MetaData.form_license(xform).data_value
    context.data_license = MetaData.data_license(xform).data_value
    context.supporting_docs = MetaData.supporting_docs(xform)
    context.media_upload = MetaData.media_upload(xform)
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)

    if is_owner:
        set_xform_owner_context(context, xform, request, username, id_string)

    if xform.allows_sms:
        context.sms_support_doc = get_autodoc_for(xform)

    return render_to_response("show.html", context_instance=context)
Exemplo n.º 54
0
def show(request, username=None, id_string=None, uuid=None):
    if uuid:
        return redirect_to_public_link(request, uuid)

    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared or can_view or request.session.get('public_link')):
        return HttpResponseRedirect(reverse(home))

    data = {}
    data['cloned'] = len(
        XForm.objects.filter(user__username__iexact=request.user.username,
                             id_string__iexact=id_string + XForm.CLONED_SUFFIX)
    ) > 0
    data['public_link'] = MetaData.public_link(xform)
    data['is_owner'] = is_owner
    data['can_edit'] = can_edit
    data['can_view'] = can_view or request.session.get('public_link')
    data['xform'] = xform
    data['content_user'] = xform.user
    data['base_url'] = "https://%s" % request.get_host()
    data['source'] = MetaData.source(xform)
    data['form_license'] = MetaData.form_license(xform).data_value
    data['data_license'] = MetaData.data_license(xform).data_value
    data['supporting_docs'] = MetaData.supporting_docs(xform)
    data['media_upload'] = MetaData.media_upload(xform)
    data['mapbox_layer'] = MetaData.mapbox_layer_upload(xform)

    if is_owner:
        set_xform_owner_data(data, xform, request, username, id_string)

    if xform.allows_sms:
        data['sms_support_doc'] = get_autodoc_for(xform)

    return render(request, "show.html", data)
Exemplo n.º 55
0
 def test_upload_source_file_set_value_to_name(self):
     name = self._add_metadata('source')
     self.assertEqual(MetaData.source(self.xform).data_value, name)
Exemplo n.º 56
0
def set_perm(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username, id_string=id_string)
    owner = xform.user
    if username != request.user.username\
            and not has_permission(xform, username, request):
        return HttpResponseForbidden(_(u'Permission denied.'))

    try:
        perm_type = request.POST['perm_type']
        for_user = request.POST['for_user']
    except KeyError:
        return HttpResponseBadRequest()
    if perm_type in ['edit', 'view', 'report', 'remove']:
        try:
            user = User.objects.get(username=for_user)
        except User.DoesNotExist:
            messages.add_message(
                request, messages.INFO,
                _(u"Wrong username <b>%s</b>." % for_user),
                extra_tags='alert-error')
        else:
            if perm_type == 'edit' and\
                    not user.has_perm('change_xform', xform):
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("Edit permissions on '%(id_string)s' assigned to "
                        "'%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                assign_perm('change_xform', user, xform)
            elif perm_type == 'view' and\
                    not user.has_perm('view_xform', xform):
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("View permissions on '%(id_string)s' "
                        "assigned to '%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                assign_perm('view_xform', user, xform)
            elif perm_type == 'report' and\
                    not user.has_perm('report_xform', xform):
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("Report permissions on '%(id_string)s' "
                        "assigned to '%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                assign_perm('report_xform', user, xform)
            elif perm_type == 'remove':
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
                    _("All permissions on '%(id_string)s' "
                        "removed from '%(for_user)s'.") %
                    {
                        'id_string': xform.id_string,
                        'for_user': for_user
                    }, audit, request)
                remove_perm('change_xform', user, xform)
                remove_perm('view_xform', user, xform)
    elif perm_type == 'link':
        current = MetaData.public_link(xform)
        if for_user == 'all':
            MetaData.public_link(xform, True)
        elif for_user == 'none':
            MetaData.public_link(xform, False)
        elif for_user == 'toggle':
            MetaData.public_link(xform, not current)
        audit = {
            'xform': xform.id_string
        }
        audit_log(
            Actions.FORM_PERMISSIONS_UPDATED, request.user, owner,
            _("Public link on '%(id_string)s' %(action)s.") %
            {
                'id_string': xform.id_string,
                'action': "created"
                if for_user == "all" or
                (for_user == "toggle" and not current) else "removed"
            }, audit, request)
    if request.is_ajax():
        return HttpResponse(
            json.dumps(
                {'status': 'success'}), mimetype='application/json')
    return HttpResponseRedirect(reverse(show, kwargs={
        'username': username,
        'id_string': id_string
    }))
Exemplo n.º 57
0
def edit(request, username, id_string):
    xform = XForm.objects.get(user__username=username, id_string=id_string)
    owner = xform.user

    if username == request.user.username or\
            request.user.has_perm('logger.change_xform', xform):
        if request.POST.get('description'):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Description for '%(id_string)s' updated from "
                    "'%(old_description)s' to '%(new_description)s'.") %
                {
                    'id_string': xform.id_string,
                    'old_description': xform.description,
                    'new_description': request.POST['description']
                }, audit, request)
            xform.description = request.POST['description']
        elif request.POST.get('title'):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Title for '%(id_string)s' updated from "
                    "'%(old_title)s' to '%(new_title)s'.") %
                {
                    'id_string': xform.id_string,
                    'old_title': xform.title,
                    'new_title': request.POST.get('title')
                }, audit, request)
            xform.title = request.POST['title']
        elif request.POST.get('toggle_shared'):
            if request.POST['toggle_shared'] == 'data':
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_UPDATED, request.user, owner,
                    _("Data sharing updated for '%(id_string)s' from "
                        "'%(old_shared)s' to '%(new_shared)s'.") %
                    {
                        'id_string': xform.id_string,
                        'old_shared': _("shared")
                        if xform.shared_data else _("not shared"),
                        'new_shared': _("shared")
                        if not xform.shared_data else _("not shared")
                    }, audit, request)
                xform.shared_data = not xform.shared_data
            elif request.POST['toggle_shared'] == 'form':
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_UPDATED, request.user, owner,
                    _("Form sharing for '%(id_string)s' updated "
                        "from '%(old_shared)s' to '%(new_shared)s'.") %
                    {
                        'id_string': xform.id_string,
                        'old_shared': _("shared")
                        if xform.shared else _("not shared"),
                        'new_shared': _("shared")
                        if not xform.shared else _("not shared")
                    }, audit, request)
                xform.shared = not xform.shared
            elif request.POST['toggle_shared'] == 'active':
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_UPDATED, request.user, owner,
                    _("Active status for '%(id_string)s' updated from "
                        "'%(old_shared)s' to '%(new_shared)s'.") %
                    {
                        'id_string': xform.id_string,
                        'old_shared': _("shared")
                        if xform.downloadable else _("not shared"),
                        'new_shared': _("shared")
                        if not xform.downloadable else _("not shared")
                    }, audit, request)
                xform.downloadable = not xform.downloadable
        elif request.POST.get('form-license'):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Form License for '%(id_string)s' updated to "
                    "'%(form_license)s'.") %
                {
                    'id_string': xform.id_string,
                    'form_license': request.POST['form-license'],
                }, audit, request)
            MetaData.form_license(xform, request.POST['form-license'])
        elif request.POST.get('data-license'):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Data license for '%(id_string)s' updated to "
                    "'%(data_license)s'.") %
                {
                    'id_string': xform.id_string,
                    'data_license': request.POST['data-license'],
                }, audit, request)
            MetaData.data_license(xform, request.POST['data-license'])
        elif request.POST.get('source') or request.FILES.get('source'):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Source for '%(id_string)s' updated to '%(source)s'.") %
                {
                    'id_string': xform.id_string,
                    'source': request.POST.get('source'),
                }, audit, request)
            MetaData.source(xform, request.POST.get('source'),
                            request.FILES.get('source'))
        elif request.POST.get('enable_sms_support_trigger') is not None:
            sms_support_form = ActivateSMSSupportFom(request.POST)
            if sms_support_form.is_valid():
                audit = {
                    'xform': xform.id_string
                }
                enabled = \
                    sms_support_form.cleaned_data.get('enable_sms_support')
                if enabled:
                    audit_action = Actions.SMS_SUPPORT_ACTIVATED
                    audit_message = _(u"SMS Support Activated on")
                else:
                    audit_action = Actions.SMS_SUPPORT_DEACTIVATED
                    audit_message = _(u"SMS Support Deactivated on")
                audit_log(
                    audit_action, request.user, owner,
                    audit_message
                    % {'id_string': xform.id_string}, audit, request)
                # stored previous states to be able to rollback form status
                # in case we can't save.
                pe = xform.allows_sms
                pid = xform.sms_id_string
                xform.allows_sms = enabled
                xform.sms_id_string = \
                    sms_support_form.cleaned_data.get('sms_id_string')
                compat = check_form_sms_compatibility(None,
                                                      json.loads(xform.json))
                if compat['type'] == 'alert-error':
                    xform.allows_sms = False
                    xform.sms_id_string = pid
                try:
                    xform.save()
                except IntegrityError:
                    # unfortunately, there's no feedback mechanism here
                    xform.allows_sms = pe
                    xform.sms_id_string = pid

        elif request.POST.get('media_url'):
            uri = request.POST.get('media_url')
            MetaData.media_add_uri(xform, uri)
        elif request.FILES.get('media'):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Media added to '%(id_string)s'.") %
                {
                    'id_string': xform.id_string
                }, audit, request)
            for aFile in request.FILES.getlist("media"):
                MetaData.media_upload(xform, aFile)
        elif request.POST.get('map_name'):
            mapbox_layer = MapboxLayerForm(request.POST)
            if mapbox_layer.is_valid():
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_UPDATED, request.user, owner,
                    _("Map layer added to '%(id_string)s'.") %
                    {
                        'id_string': xform.id_string
                    }, audit, request)
                MetaData.mapbox_layer_upload(xform, mapbox_layer.cleaned_data)
        elif request.FILES:
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Supporting document added to '%(id_string)s'.") %
                {
                    'id_string': xform.id_string
                }, audit, request)
            MetaData.supporting_docs(xform, request.FILES['doc'])
        xform.update()

        if request.is_ajax():
            return HttpResponse(_(u'Updated succeeded.'))
        else:
            return HttpResponseRedirect(reverse(show, kwargs={
                'username': username,
                'id_string': id_string
            }))
    return HttpResponseForbidden(_(u'Update failed.'))