Exemplo n.º 1
0
def zip_export(request, username, id_string):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    if request.GET.get('raw'):
        id_string = None
    attachments = Attachment.objects.filter(instance__xform=xform)
    zip_file = create_attachments_zipfile(attachments)
    audit = {"xform": xform.id_string, "export_type": Export.ZIP_EXPORT}
    audit_log(
        Actions.EXPORT_CREATED, request.user, owner,
        _("Created ZIP export on '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    # log download as well
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded ZIP export on '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    if request.GET.get('raw'):
        id_string = None
    response = response_with_mimetype_and_name('zip',
                                               id_string,
                                               file_path=zip_file,
                                               use_local_filesystem=True)
    return response
Exemplo n.º 2
0
def instance(request, username, id_string):
    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared_data or can_view or
            request.session.get('public_link') == xform.uuid):
        return HttpResponseForbidden(_(u'Not shared.'))

    context = RequestContext(request)

    audit = {
        "xform": xform.id_string,
    }
    audit_log(
        Actions.FORM_DATA_VIEWED, request.user, xform.user,
        _("Requested instance view for '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
        }, audit, request)
    return render_to_response('instance.html', {
        'username': username,
        'id_string': id_string,
        'xform': xform,
        'can_edit': can_edit
    }, context_instance=context)
Exemplo n.º 3
0
def export_download(request, username, id_string, export_type, filename):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    # find the export entry in the db
    export = get_object_or_404(Export, xform=xform, filename=filename)

    if export_type == Export.GDOC_EXPORT and export.export_url is not None:
        return HttpResponseRedirect(export.export_url)

    ext, mime_type = export_def_from_filename(export.filename)

    audit = {
        "xform": xform.id_string,
        "export_type": export.export_type
    }
    audit_log(Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded %(export_type)s export '%(filename)s' on '%(id_string)s'.") %\
        {
            'export_type': export.export_type.upper(),
            'filename': export.filename,
            'id_string': xform.id_string,
        }, audit, request)
    if request.GET.get('raw'):
        id_string = None
    basename = os.path.splitext(export.filename)[0]
    response = response_with_mimetype_and_name(
        mime_type, name=basename, extension=ext,
        file_path=export.filepath, show_date=False)
    return response
Exemplo n.º 4
0
def kml_export(request, username, id_string):
    # read the locations from the database
    context = RequestContext(request)
    context.message = "HELLO!!"
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context.data = kml_export_data(id_string, user=owner)
    response = \
        render_to_response("survey.kml", context_instance=context,
                           mimetype="application/vnd.google-earth.kml+xml")
    response['Content-Disposition'] = \
        disposition_ext_and_date(id_string, 'kml')
    audit = {"xform": xform.id_string, "export_type": Export.KML_EXPORT}
    audit_log(
        Actions.EXPORT_CREATED, request.user, owner,
        _("Created KML export on '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    # log download as well
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded KML export on '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    return response
Exemplo n.º 5
0
def link_to_bamboo(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username, id_string=id_string)
    owner = xform.user
    from utils.bamboo import get_new_bamboo_dataset, delete_bamboo_dataset

    audit = {
        'xform': xform.id_string
    }

    # try to delete the dataset first (in case it exists)
    if xform.bamboo_dataset and delete_bamboo_dataset(xform):
        xform.bamboo_dataset = u''
        xform.save()
        audit_log(Actions.BAMBOO_LINK_DELETED, request.user, owner,
            _("Bamboo link deleted on '%(id_string)s'.")
            % {'id_string': xform.id_string}, audit, request)

    # create a new one from all the data
    dataset_id = get_new_bamboo_dataset(xform)

    # update XForm
    xform.bamboo_dataset = dataset_id
    xform.save()

    audit_log(Actions.BAMBOO_LINK_CREATED, request.user, owner,
        _("Bamboo link created on '%(id_string)s'.") %\
        {
            'id_string': xform.id_string,
        }, audit, request)

    return HttpResponseRedirect(reverse(show, kwargs={
        'username': username,
        'id_string': id_string
    }))
Exemplo n.º 6
0
def download_xlsform(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username,
                              id_string=id_string)
    owner = User.objects.get(username=username)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request, xform.shared):
        return HttpResponseForbidden('Not shared.')
    file_path = xform.xls.name
    default_storage = get_storage_class()()
    if default_storage.exists(file_path):
        audit = {"xform": xform.id_string}
        audit_log(
            Actions.FORM_XLS_DOWNLOADED, request.user, xform.user,
            _("Downloaded XLS file for form '%(id_string)s'.") %
            {"id_string": xform.id_string}, audit, request)
        split_path = file_path.split(os.extsep)
        extension = 'xls'
        if len(split_path) > 1:
            extension = split_path[len(split_path) - 1]
        response = response_with_mimetype_and_name('vnd.ms-excel',
                                                   id_string,
                                                   show_date=False,
                                                   extension=extension,
                                                   file_path=file_path)
        return response
    else:
        messages.add_message(
            request, messages.WARNING,
            _(u'No XLS file for your form '
              u'<strong>%(id)s</strong>') % {'id': id_string})
        return HttpResponseRedirect("/%s" % username)
Exemplo n.º 7
0
def instance(request, username, id_string):
    import re

    if request.META and request.META.get('HTTP_REFERER'):
        if re.match(r'.*-0.enketo.*/webform/edit.*', request.META.get('HTTP_REFERER')):
            return HttpResponseRedirect('/app/')
    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared_data or can_view or
            request.session.get('public_link') == xform.uuid):
        return HttpResponseForbidden(_(u'Not shared.'))

    context = RequestContext(request)

    audit = {
        "xform": xform.id_string,
    }
    audit_log(
        Actions.FORM_DATA_VIEWED, request.user, xform.user,
        _("Requested instance view for '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
        }, audit, request)
    return render_to_response('instance.html', {
        'username': username,
        'id_string': id_string,
        'xform': xform,
        'can_edit': can_edit
    }, context_instance=context)
Exemplo n.º 8
0
 def set_form():
     form_owner = request.POST.get('username')
     id_string = request.POST.get('id_string')
     xform = XForm.objects.get(user__username=form_owner,
                               id_string=id_string)
     if len(id_string) > 0 and id_string[0].isdigit():
         id_string = '_' + id_string
     path = xform.xls.name
     if default_storage.exists(path):
         xls_file = upload_to(None, '%s%s.xls' % (
                              id_string, XForm.CLONED_SUFFIX), to_username)
         xls_data = default_storage.open(path)
         xls_file = default_storage.save(xls_file, xls_data)
         context.message = u'%s-%s' % (form_owner, xls_file)
         survey = DataDictionary.objects.create(
             user=request.user,
             xls=xls_file
         ).survey
         # log to cloner's account
         audit = {}
         audit_log(Actions.FORM_CLONED, request.user, request.user,
             _("Cloned form '%(id_string)s'.") %\
             {
                 'id_string': survey.id_string,
             }, audit, request)
         return {
             'type': 'alert-success',
             'text': _(u'Successfully cloned %(id_string)s into your '
                       u'%(profile_url)s') % {
                           'id_string': survey.id_string,
                           'profile_url': u'<a href="%s">profile</a>.' %
                           reverse(profile,
                                   kwargs={'username': to_username})
                       }
         }
Exemplo n.º 9
0
 def set_form():
     form_owner = request.POST.get("username")
     id_string = request.POST.get("id_string")
     xform = XForm.objects.get(user__username=form_owner, id_string=id_string)
     if len(id_string) > 0 and id_string[0].isdigit():
         id_string = "_" + id_string
     path = xform.xls.name
     if default_storage.exists(path):
         xls_file = upload_to(None, "%s%s.xls" % (id_string, XForm.CLONED_SUFFIX), to_username)
         xls_data = default_storage.open(path)
         xls_file = default_storage.save(xls_file, xls_data)
         context.message = u"%s-%s" % (form_owner, xls_file)
         survey = DataDictionary.objects.create(user=request.user, xls=xls_file).survey
         # log to cloner's account
         audit = {}
         audit_log(
             Actions.FORM_CLONED,
             request.user,
             request.user,
             _("Cloned form '%(id_string)s'.") % {"id_string": survey.id_string},
             audit,
             request,
         )
         clone_form_url = reverse(
             show, kwargs={"username": to_username, "id_string": xform.id_string + XForm.CLONED_SUFFIX}
         )
         return {
             "type": "alert-success",
             "text": _(u"Successfully cloned to %(form_url)s into your " u"%(profile_url)s")
             % {
                 "form_url": u'<a href="%(url)s">%(id_string)s</a> '
                 % {"id_string": survey.id_string, "url": clone_form_url},
                 "profile_url": u'<a href="%s">profile</a>.' % reverse(profile, kwargs={"username": to_username}),
             },
         }
Exemplo n.º 10
0
 def set_form():
     form = QuickConverter(request.POST, request.FILES)
     survey = form.publish(request.user).survey
     
     audit = {}
     audit_log(
         Actions.FORM_PUBLISHED, request.user, content_user,
         _("Published form '%(id_string)s'.") %
         {
             'id_string': survey.id_string,
         }, audit, request)
     enketo_webform_url = reverse(
         enter_data,
         kwargs={'username': username, 'id_string': survey.id_string}
     )
     return {
         'type': 'alert-success',
         'preview_url': reverse(enketo_preview, kwargs={
             'username': username,
             'id_string': survey.id_string
         }),
         'text': _(u'Successfully published %(form_id)s.'
                   u' <a href="%(form_url)s">Enter Web Form</a>'
                   u' or <a href="#preview-modal" data-toggle="modal">'
                   u'Preview Web Form</a>')
         % {'form_id': survey.id_string,
             'form_url': enketo_webform_url},
         'form_o': survey
     }
Exemplo n.º 11
0
def zip_export(request, username, id_string):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    if request.GET.get('raw'):
        id_string = None
    attachments = Attachment.objects.filter(instance__xform=xform)
    zip_file = create_attachments_zipfile(attachments)
    audit = {
        "xform": xform.id_string,
        "export_type": Export.ZIP_EXPORT
    }
    audit_log(
        Actions.EXPORT_CREATED, request.user, owner,
        _("Created ZIP export on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
        }, audit, request)
    # log download as well
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded ZIP export on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
        }, audit, request)
    if request.GET.get('raw'):
        id_string = None
    response = response_with_mimetype_and_name('zip', id_string,
                                               file_path=zip_file,
                                               use_local_filesystem=True)
    return response
Exemplo n.º 12
0
def delete_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    export_id = request.POST.get('export_id')

    # find the export entry in the db
    export = get_object_or_404(Export, id=export_id)

    export.delete()
    audit = {
        "xform": xform.id_string,
        "export_type": export.export_type
    }
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Deleted %(export_type)s export '%(filename)s'"
          " on '%(id_string)s'.") %
        {
            'export_type': export.export_type.upper(),
            'filename': export.filename,
            'id_string': xform.id_string,
        }, audit, request)
    return HttpResponseRedirect(reverse(
        export_list,
        kwargs={
            "username": username,
            "id_string": id_string,
            "export_type": export_type
        }))
Exemplo n.º 13
0
def kml_export(request, username, id_string):
    # read the locations from the database
    context = RequestContext(request)
    context.message = "HELLO!!"
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context.data = kml_export_data(id_string, user=owner)
    response = \
        render_to_response("survey.kml", context_instance=context,
                           mimetype="application/vnd.google-earth.kml+xml")
    response['Content-Disposition'] = \
        disposition_ext_and_date(id_string, 'kml')
    audit = {
        "xform": xform.id_string,
        "export_type": Export.KML_EXPORT
    }
    audit_log(
        Actions.EXPORT_CREATED, request.user, owner,
        _("Created KML export on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
        }, audit, request)
    # log download as well
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded KML export on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
        }, audit, request)
    return response
Exemplo n.º 14
0
def delete_data(request, username=None, id_string=None):
    xform, owner = check_and_set_user_and_form(username, id_string, request)
    response_text = u""
    if not xform:
        return HttpResponseForbidden(_(u"Not shared."))

    data_id = request.POST.get("id")
    if not data_id:
        return HttpResponseBadRequest(_(u"id must be specified"))

    Instance.set_deleted_at(data_id)
    audit = {"xform": xform.id_string}
    audit_log(
        Actions.SUBMISSION_DELETED,
        request.user,
        owner,
        _("Deleted submission with id '%(record_id)s' " "on '%(id_string)s'.")
        % {"id_string": xform.id_string, "record_id": data_id},
        audit,
        request,
    )
    response_text = json.dumps({"success": "Deleted data %s" % data_id})
    if "callback" in request.GET and request.GET.get("callback") != "":
        callback = request.GET.get("callback")
        response_text = "%s(%s)" % (callback, response_text)
    return HttpResponse(response_text, mimetype="application/json")
Exemplo n.º 15
0
def instance(request, username, id_string):
    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared_data or can_view
            or request.session.get('public_link') == xform.uuid):
        return HttpResponseForbidden(_(u'Not shared.'))

    context = RequestContext(request)

    audit = {
        "xform": xform.id_string,
    }
    audit_log(
        Actions.FORM_DATA_VIEWED, request.user, xform.user,
        _("Requested instance view for '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    return render_to_response('instance.html', {
        'username': username,
        'id_string': id_string,
        'xform': xform,
        'can_edit': can_edit
    },
                              context_instance=context)
Exemplo n.º 16
0
def delete_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    export_id = request.POST.get('export_id')

    # find the export entry in the db
    export = get_object_or_404(Export, id=export_id)

    export.delete()
    audit = {"xform": xform.id_string, "export_type": export.export_type}
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Deleted %(export_type)s export '%(filename)s'"
          " on '%(id_string)s'.") % {
              'export_type': export.export_type.upper(),
              'filename': export.filename,
              'id_string': xform.id_string,
          }, audit, request)
    return HttpResponseRedirect(
        reverse(export_list,
                kwargs={
                    "username": username,
                    "id_string": id_string,
                    "export_type": export_type
                }))
Exemplo n.º 17
0
def download_xlsform(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username, id_string=id_string)
    owner = User.objects.get(username=username)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request, xform.shared):
        return HttpResponseForbidden('Not shared.')
    file_path = xform.xls.name
    default_storage = get_storage_class()()
    if default_storage.exists(file_path):
        audit = {
            "xform": xform.id_string
        }
        audit_log(
            Actions.FORM_XLS_DOWNLOADED, request.user, xform.user,
            _("Downloaded XLS file for form '%(id_string)s'.") %
            {
                "id_string": xform.id_string
            }, audit, request)
        split_path = file_path.split(os.extsep)
        extension = 'xls'
        if len(split_path) > 1:
            extension = split_path[len(split_path) - 1]
        response = response_with_mimetype_and_name(
            'vnd.ms-excel', id_string, show_date=False, extension=extension,
            file_path=file_path)
        return response
    else:
        messages.add_message(request, messages.WARNING,
                             _(u'No XLS file for your form '
                               u'<strong>%(id)s</strong>')
                             % {'id': id_string})
        return HttpResponseRedirect("/%s" % username)
Exemplo n.º 18
0
 def set_form():
     form = QuickConverter(request.POST, request.FILES)
     survey = form.publish(request.user).survey
     audit = {}
     audit_log(
         Actions.FORM_PUBLISHED,
         request.user,
         content_user,
         _("Published form '%(id_string)s'.") % {"id_string": survey.id_string},
         audit,
         request,
     )
     enketo_webform_url = reverse(enter_data, kwargs={"username": username, "id_string": survey.id_string})
     return {
         "type": "alert-success",
         "preview_url": reverse(enketo_preview, kwargs={"username": username, "id_string": survey.id_string}),
         "text": _(
             u"Successfully published %(form_id)s."
             u' <a href="%(form_url)s">Enter Web Form</a>'
             u' or <a href="#preview-modal" data-toggle="modal">'
             u"Preview Web Form</a>"
         )
         % {"form_id": survey.id_string, "form_url": enketo_webform_url},
         "form_o": survey,
     }
Exemplo n.º 19
0
def download_media_data(request, username, id_string, data_id):
    xform = get_object_or_404(XForm,
        user__username=username, id_string=id_string)
    owner = xform.user
    data = get_object_or_404(MetaData, id=data_id)
    default_storage = get_storage_class()()
    if request.GET.get('del', False):
        if username == request.user.username:
            try:
                default_storage.delete(data.data_file.name)
                data.delete()
                audit = {
                    'xform': xform.id_string
                }
                audit_log(Actions.FORM_UPDATED, request.user, owner,
                    _("Media download '%(filename)s' deleted from '%(id_string)s'.") %\
                    {
                        'id_string': xform.id_string,
                        'filename': os.path.basename(data.data_file.name)
                    }, audit, request)
                return HttpResponseRedirect(reverse(show, kwargs={
                    'username': username,
                    'id_string': id_string
                }))
            except Exception, e:
                return HttpResponseServerError()
Exemplo n.º 20
0
def create_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    query = request.POST.get("query")
    force_xlsx = request.POST.get('xlsx') == 'true'

    try:
        create_async_export(xform, export_type, query, force_xlsx)
    except Export.ExportTypeError:
        return HttpResponseBadRequest(
            _("%s is not a valid export type" % export_type))
    else:
        audit = {
            "xform": xform.id_string,
            "export_type": export_type
        }
        audit_log(Actions.EXPORT_CREATED, request.user, owner,
            _("Created %(export_type)s export on '%(id_string)s'.") %\
            {
                'export_type': export_type.upper(),
                'id_string': xform.id_string,
            }, audit, request)
        return HttpResponseRedirect(reverse(
            export_list,
            kwargs={
                "username": username,
                "id_string": id_string,
                "export_type": export_type
            })
        )
Exemplo n.º 21
0
def download_metadata(request, username, id_string, data_id):
    xform = get_object_or_404(XForm,
                              user__username=username, id_string=id_string)
    owner = xform.user
    if username == request.user.username or xform.shared:
        data = get_object_or_404(MetaData, pk=data_id)
        file_path = data.data_file.name
        filename, extension = os.path.splitext(file_path.split('/')[-1])
        extension = extension.strip('.')
        dfs = get_storage_class()()
        if dfs.exists(file_path):
            audit = {
                'xform': xform.id_string
            }
            audit_log(
                Actions.FORM_UPDATED, request.user, owner,
                _("Document '%(filename)s' for '%(id_string)s' downloaded.") %
                {
                    'id_string': xform.id_string,
                    'filename': "%s.%s" % (filename, extension)
                }, audit, request)
            response = response_with_mimetype_and_name(
                data.data_file_type,
                filename, extension=extension, show_date=False,
                file_path=file_path)
            return response
        else:
            return HttpResponseNotFound()
    return HttpResponseForbidden(_(u'Permission denied.'))
Exemplo n.º 22
0
def profile_settings(request, username):
    context = RequestContext(request)
    content_user = check_and_set_user(request, username)
    context.content_user = content_user
    profile, created = UserProfile.objects.get_or_create(user=content_user)
    if request.method == 'POST':
        form = UserProfileForm(request.POST, instance=profile)
        if form.is_valid():
            # get user
            # user.email = cleaned_email
            form.instance.user.email = form.cleaned_data['email']
            form.instance.user.save()
            form.save()
            # todo: add string rep. of settings to see what changed
            audit = {}
            audit_log(
                Actions.PROFILE_SETTINGS_UPDATED, request.user, content_user,
                _("Profile settings updated."), audit, request)
            return HttpResponseRedirect(reverse(
                public_profile, kwargs={'username': request.user.username}
            ))
    else:
        form = UserProfileForm(
            instance=profile, initial={"email": content_user.email})
    return render_to_response("settings.html", {'form': form},
                              context_instance=context)
Exemplo n.º 23
0
def delete_data(request, username=None, id_string=None):
    xform, owner = check_and_set_user_and_form(username, id_string, request)
    response_text = u''
    if not xform:
        return HttpResponseForbidden(_(u'Not shared.'))

    data_id = request.POST.get('id')
    if not data_id:
        return HttpResponseBadRequest(_(u"id must be specified"))

    Instance.set_deleted_at(data_id)
    audit = {
        'xform': xform.id_string
    }
    audit_log(
        Actions.SUBMISSION_DELETED, request.user, owner,
        _("Deleted submission with id '%(record_id)s' "
            "on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
            'record_id': data_id
        }, audit, request)
    response_text = json.dumps({"success": "Deleted data %s" % data_id})
    if 'callback' in request.GET and request.GET.get('callback') != '':
        callback = request.GET.get('callback')
        response_text = ("%s(%s)" % (callback, response_text))
    return HttpResponse(response_text, mimetype='application/json')
Exemplo n.º 24
0
def instance(request, username, id_string):
    import re

    if request.META and request.META.get('HTTP_REFERER'):
        if re.match(r'.*-0.enketo.*/webform/edit.*',
                    request.META.get('HTTP_REFERER')):
            return HttpResponseRedirect('/app/')
    xform, is_owner, can_edit, can_view = get_xform_and_perms(
        username, id_string, request)
    # no access
    if not (xform.shared_data or can_view
            or request.session.get('public_link') == xform.uuid):
        return HttpResponseForbidden(_(u'Not shared.'))

    context = RequestContext(request)

    audit = {
        "xform": xform.id_string,
    }
    audit_log(
        Actions.FORM_DATA_VIEWED, request.user, xform.user,
        _("Requested instance view for '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    return render_to_response('instance.html', {
        'username': username,
        'id_string': id_string,
        'xform': xform,
        'can_edit': can_edit
    },
                              context_instance=context)
Exemplo n.º 25
0
 def set_form():
     form = QuickConverter(request.POST, request.FILES)
     survey = form.publish(request.user, id_string).survey
     enketo_webform_url = reverse(
         enter_data,
         kwargs={'username': username, 'id_string': survey.id_string}
     )
     audit = {
         'xform': xform.id_string
     }
     audit_log(
         Actions.FORM_XLS_UPDATED, request.user, owner,
         _("XLS for '%(id_string)s' updated.") %
         {
             'id_string': xform.id_string,
         }, audit, request)
     return {
         'type': 'alert-success',
         'text': _(u'Successfully published %(form_id)s.'
                   u' <a href="%(form_url)s">Enter Web Form</a>'
                   u' or <a href="#preview-modal" data-toggle="modal">'
                   u'Preview Web Form</a>')
                 % {'form_id': survey.id_string,
                    'form_url': enketo_webform_url}
     }
Exemplo n.º 26
0
def data_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    query = request.GET.get("query")
    extension = export_type

    # check if we should force xlsx
    force_xlsx = request.GET.get('xls') != 'true'
    if export_type == Export.XLS_EXPORT and force_xlsx:
        extension = 'xlsx'

    audit = {
        "xform": xform.id_string,
        "export_type": export_type
    }
    # check if we need to re-generate,
    # we always re-generate if a filter is specified
    if should_create_new_export(xform, export_type) or query:
        try:
            export = generate_export(
                export_type, extension, username, id_string, None, query)
            audit_log(
                Actions.EXPORT_CREATED, request.user, owner,
                _("Created %(export_type)s export on '%(id_string)s'.") %
                {
                    'id_string': xform.id_string,
                    'export_type': export_type.upper()
                }, audit, request)
        except NoRecordsFoundError:
            return HttpResponseNotFound(_("No records found to export"))
    else:
        export = newset_export_for(xform, export_type)

    # log download as well
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded %(export_type)s export on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
            'export_type': export_type.upper()
        }, audit, request)

    if not export.filename:
        # tends to happen when using newset_export_for.
        return HttpResponseNotFound("File does not exist!")
    # get extension from file_path, exporter could modify to
    # xlsx if it exceeds limits
    path, ext = os.path.splitext(export.filename)
    ext = ext[1:]
    if request.GET.get('raw'):
        id_string = None
    response = response_with_mimetype_and_name(
        Export.EXPORT_MIMES[ext], id_string, extension=ext,
        file_path=export.filepath)
    return response
Exemplo n.º 27
0
def map_view(request, username, id_string, template='map.html'):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context = RequestContext(request)
    context.content_user = owner
    context.xform = xform
    context.profile, created = UserProfile.objects.get_or_create(user=owner)
    points = ParsedInstance.objects.values('lat', 'lng', 'instance').filter(
        instance__user=owner,
        instance__xform__id_string=id_string,
        lat__isnull=False,
        lng__isnull=False)
    center = {
        'lat': round_down_geopoint(average([p['lat'] for p in points])),
        'lng': round_down_geopoint(average([p['lng'] for p in points])),
    }

    def round_down_point(p):
        return {
            'lat': round_down_geopoint(p['lat']),
            'lng': round_down_geopoint(p['lng']),
            'instance': p['instance']
        }
    context.center = json.dumps(center)
    context.form_view = True
    context.jsonform_url = reverse(download_jsonform,
                                   kwargs={"username": username,
                                           "id_string": id_string})
    context.enketo_edit_url = reverse('edit_data',
                                      kwargs={"username": username,
                                              "id_string": id_string,
                                              "data_id": 0})
    context.enketo_add_url = reverse('enter_data',
                                     kwargs={"username": username,
                                             "id_string": id_string})

    context.enketo_add_with_url = reverse('add_submission_with',
                                          kwargs={"username": username,
                                                  "id_string": id_string})
    context.mongo_api_url = reverse('mongo_view_api',
                                    kwargs={"username": username,
                                            "id_string": id_string})
    context.delete_data_url = reverse('delete_data',
                                      kwargs={"username": username,
                                              "id_string": id_string})
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    audit = {
        "xform": xform.id_string
    }
    audit_log(Actions.FORM_MAP_VIEWED, request.user, owner,
              _("Requested map on '%(id_string)s'.")
              % {'id_string': xform.id_string}, audit, request)
    return render_to_response(template, context_instance=context)
Exemplo n.º 28
0
Arquivo: views.py Projeto: smn/formhub
def map_view(request, username, id_string, template='map.html'):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context = RequestContext(request)
    context.content_user = owner
    context.xform = xform
    context.profile, created = UserProfile.objects.get_or_create(user=owner)
    points = ParsedInstance.objects.values('lat', 'lng', 'instance').filter(
        instance__user=owner,
        instance__xform__id_string=id_string,
        lat__isnull=False,
        lng__isnull=False)
    center = {
        'lat': round_down_geopoint(average([p['lat'] for p in points])),
        'lng': round_down_geopoint(average([p['lng'] for p in points])),
    }

    def round_down_point(p):
        return {
            'lat': round_down_geopoint(p['lat']),
            'lng': round_down_geopoint(p['lng']),
            'instance': p['instance']
        }
    context.center = json.dumps(center)
    context.form_view = True
    context.jsonform_url = reverse(download_jsonform,
                                   kwargs={"username": username,
                                           "id_string": id_string})
    context.enketo_edit_url = reverse('edit_data',
                                      kwargs={"username": username,
                                              "id_string": id_string,
                                              "data_id": 0})
    context.enketo_add_url = reverse('enter_data',
                                     kwargs={"username": username,
                                             "id_string": id_string})

    context.enketo_add_with_url = reverse('add_submission_with',
                                          kwargs={"username": username,
                                                  "id_string": id_string})
    context.mongo_api_url = reverse('mongo_view_api',
                                    kwargs={"username": username,
                                            "id_string": id_string})
    context.delete_data_url = reverse('delete_data',
                                      kwargs={"username": username,
                                              "id_string": id_string})
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    audit = {
        "xform": xform.id_string
    }
    audit_log(Actions.FORM_MAP_VIEWED, request.user, owner,
              _("Requested map on '%(id_string)s'.")
              % {'id_string': xform.id_string}, audit, request)
    return render_to_response(template, context_instance=context)
Exemplo n.º 29
0
def bulksubmission(request, username):
    # puts it in a temp directory.
    # runs "import_tools(temp_directory)"
    # deletes
    posting_user = get_object_or_404(User, username=username)

    # request.FILES is a django.utils.datastructures.MultiValueDict
    # for each key we have a list of values
    try:
        temp_postfile = request.FILES.pop("zip_submission_file", [])
    except IOError:
        return HttpResponseBadRequest(
            _(u"There was a problem receiving your "
              u"ODK submission. [Error: IO Error "
              u"reading data]"))
    if len(temp_postfile) == 1:
        postfile = temp_postfile[0]
        tempdir = tempfile.gettempdir()
        our_tfpath = os.path.join(tempdir, postfile.name)
        our_tempfile = open(our_tfpath, 'wb')
        our_tempfile.write(postfile.read())
        our_tempfile.close()
        our_tf = open(our_tfpath, 'rb')
        total_count, success_count, errors = \
            import_instances_from_zip(our_tf, user=posting_user)
        # chose the try approach as suggested by the link below
        # http://stackoverflow.com/questions/82831
        try:
            os.remove(our_tfpath)
        except IOError:
            # TODO: log this Exception somewhere
            pass
        json_msg = {
            'message': _(u"Submission complete. Out of %(total)d "
                         u"survey instances, %(success)d were imported, "
                         u"(%(rejected)d were rejected as duplicates, "
                         u"missing forms, etc.)") % {
                             'total': total_count,
                             'success': success_count,
                             'rejected': total_count - success_count
                         },
            'errors': u"%d %s" % (len(errors), errors)
        }
        audit = {"bulk_submission_log": json_msg}
        audit_log(Actions.USER_BULK_SUBMISSION, request.user, posting_user,
                  _("Made bulk submissions."), audit, request)
        response = HttpResponse(json.dumps(json_msg))
        response.status_code = 200
        response['Location'] = request.build_absolute_uri(request.path)
        return response
    else:
        return HttpResponseBadRequest(
            _(u"There was a problem receiving your"
              u" ODK submission. [Error: multiple "
              u"submission files (?)]"))
Exemplo n.º 30
0
def delete_xform(request, username, id_string):
    xform = get_object_or_404(XForm, user__username=username,
                              id_string=id_string)
    xform.delete()
    audit = {}
    audit_log(Actions.FORM_DELETED, request.user, xform.user,
        _("Deleted form '%(id_string)s'.") %\
        {
            'id_string': xform.id_string,
        }, audit, request)
    return HttpResponseRedirect('/')
Exemplo n.º 31
0
def public_profile(request, username):
    content_user = check_and_set_user(request, username)
    if isinstance(content_user, HttpResponseRedirect):
        return content_user
    context = RequestContext(request)
    set_profile_data(context, content_user)
    context.is_owner = request.user == content_user
    audit = {}
    audit_log(Actions.PUBLIC_PROFILE_ACCESSED, request.user, content_user,
        _("Public profile accessed."), audit, request)
    return render_to_response("profile.html", context_instance=context)
Exemplo n.º 32
0
def toggle_downloadable(request, username, id_string):
    xform = XForm.objects.get(user__username=username, id_string=id_string)
    xform.downloadable = not xform.downloadable
    xform.save()
    audit = {}
    audit_log(Actions.FORM_UPDATED, request.user, xform.user,
        _("Made form '%(id_string)s' %(downloadable)s.") %\
        {
            'id_string': xform.id_string,
            'downloadable': _("downloadable") if xform.downloadable else _("un-downloadable")
        }, audit, request)
    return HttpResponseRedirect("/%s" % username)
Exemplo n.º 33
0
def bulksubmission(request, username):
    # puts it in a temp directory.
    # runs "import_tools(temp_directory)"
    # deletes
    posting_user = get_object_or_404(User, username=username)

    # request.FILES is a django.utils.datastructures.MultiValueDict
    # for each key we have a list of values
    try:
        temp_postfile = request.FILES.pop("zip_submission_file", [])
    except IOError:
        return HttpResponseBadRequest(_(u"There was a problem receiving your "
                                        u"ODK submission. [Error: IO Error "
                                        u"reading data]"))
    if len(temp_postfile) == 1:
        postfile = temp_postfile[0]
        tempdir = tempfile.gettempdir()
        our_tfpath = os.path.join(tempdir, postfile.name)
        our_tempfile = open(our_tfpath, 'wb')
        our_tempfile.write(postfile.read())
        our_tempfile.close()
        our_tf = open(our_tfpath, 'rb')
        total_count, success_count, errors = \
            import_instances_from_zip(our_tf, user=posting_user)
        # chose the try approach as suggested by the link below
        # http://stackoverflow.com/questions/82831
        try:
            os.remove(our_tfpath)
        except IOError:
            # TODO: log this Exception somewhere
            pass
        json_msg = {
            'message': _(u"Submission complete. Out of %(total)d "
                         u"survey instances, %(success)d were imported, "
                         u"(%(rejected)d were rejected as duplicates, "
                         u"missing forms, etc.)") %
            {'total': total_count, 'success': success_count,
             'rejected': total_count - success_count},
            'errors': u"%d %s" % (len(errors), errors)
        }
        audit = {
            "bulk_submission_log": json_msg
        }
        audit_log(Actions.USER_BULK_SUBMISSION, request.user, posting_user,
                  _("Made bulk submissions."), audit, request)
        response = HttpResponse(json.dumps(json_msg))
        response.status_code = 200
        response['Location'] = request.build_absolute_uri(request.path)
        return response
    else:
        return HttpResponseBadRequest(_(u"There was a problem receiving your"
                                        u" ODK submission. [Error: multiple "
                                        u"submission files (?)]"))
Exemplo n.º 34
0
def download_media_data(request, username, id_string, data_id):
    xform = get_object_or_404(
        XForm, user__username=username, id_string=id_string)
    owner = xform.user
    data = get_object_or_404(MetaData, id=data_id)
    dfs = get_storage_class()()
    if request.GET.get('del', False):
        if username == request.user.username:
            try:
                dfs.delete(data.data_file.name)
                data.delete()
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_UPDATED, request.user, owner,
                    _("Media download '%(filename)s' deleted from "
                        "'%(id_string)s'.") %
                    {
                        'id_string': xform.id_string,
                        'filename': os.path.basename(data.data_file.name)
                    }, audit, request)
                return HttpResponseRedirect(reverse(show, kwargs={
                    'username': username,
                    'id_string': id_string
                }))
            except Exception:
                return HttpResponseServerError()
    else:
        if username:  # == request.user.username or xform.shared:
            file_path = data.data_file.name
            filename, extension = os.path.splitext(file_path.split('/')[-1])
            extension = extension.strip('.')
            if dfs.exists(file_path):
                audit = {
                    'xform': xform.id_string
                }
                audit_log(
                    Actions.FORM_UPDATED, request.user, owner,
                    _("Media '%(filename)s' downloaded from "
                        "'%(id_string)s'.") %
                    {
                        'id_string': xform.id_string,
                        'filename': os.path.basename(file_path)
                    }, audit, request)
                response = response_with_mimetype_and_name(
                    data.data_file_type,
                    filename, extension=extension, show_date=False,
                    file_path=file_path)
                return response
            else:
                return HttpResponseNotFound()
    return HttpResponseForbidden(_(u'Permission denied.'))
Exemplo n.º 35
0
def generate_instance(username, xml_file, media_files, uuid=None):
    """ Process an XForm submission as if done via HTTP

        :param IO xml_file: file-like object containing XML XForm
        :param string username: username of the Form's owner
        :param list media_files: a list of UploadedFile objects
        :param string uuid: an optionnal uuid for the instance.

        :returns a (status, message) tuple. """

    try:
        instance = create_instance(username, xml_file, media_files, uuid=uuid)
    except InstanceInvalidUserError:
        return {"code": SMS_SUBMISSION_REFUSED, "text": _(u"Username or ID required.")}
    except IsNotCrowdformError:
        return {"code": SMS_SUBMISSION_REFUSED, "text": _(u"Sorry but the crowd form you " u"submitted to is closed.")}
    except InstanceEmptyError:
        return {"code": SMS_INTERNAL_ERROR, "text": _(u"Received empty submission. " u"No instance was created")}
    except FormInactiveError:
        return {"code": SMS_SUBMISSION_REFUSED, "text": _(u"Form is not active")}
    except XForm.DoesNotExist:
        return {"code": SMS_SUBMISSION_REFUSED, "text": _(u"Form does not exist on this account")}
    except ExpatError:
        return {"code": SMS_INTERNAL_ERROR, "text": _(u"Improperly formatted XML.")}
    except DuplicateInstance:
        return {"code": SMS_SUBMISSION_REFUSED, "text": _(u"Duplicate submission")}

    if instance is None:
        return {"code": SMS_INTERNAL_ERROR, "text": _(u"Unable to create submission.")}

    user = User.objects.get(username=username)

    audit = {"xform": instance.xform.id_string}
    audit_log(
        Actions.SUBMISSION_CREATED,
        user,
        instance.xform.user,
        _("Created submission on form %(id_string)s.") % {"id_string": instance.xform.id_string},
        audit,
        HttpRequest(),
    )

    xml_file.close()
    if len(media_files):
        [_file.close() for _file in media_files]

    return {
        "code": SMS_SUBMISSION_ACCEPTED,
        "text": _(u"[SUCCESS] Your submission has been accepted."),
        "id": get_sms_instance_id(instance),
    }
Exemplo n.º 36
0
def toggle_downloadable(request, username, id_string):
    xform = XForm.objects.get(user__username=username, id_string=id_string)
    xform.downloadable = not xform.downloadable
    xform.save()
    audit = {}
    audit_log(
        Actions.FORM_UPDATED, request.user, xform.user,
        _("Made form '%(id_string)s' %(downloadable)s.") % {
            'id_string':
            xform.id_string,
            'downloadable':
            _("downloadable") if xform.downloadable else _("un-downloadable")
        }, audit, request)
    return HttpResponseRedirect("/%s" % username)
Exemplo n.º 37
0
def map_view(request, username, id_string, template='map.html'):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    context = RequestContext(request)
    context.content_user = owner
    context.xform = xform
    context.profile, created = UserProfile.objects.get_or_create(user=owner)

    context.form_view = True
    context.jsonform_url = reverse(download_jsonform,
                                   kwargs={
                                       "username": username,
                                       "id_string": id_string
                                   })
    context.enketo_edit_url = reverse('edit_data',
                                      kwargs={
                                          "username": username,
                                          "id_string": id_string,
                                          "data_id": 0
                                      })
    context.enketo_add_url = reverse('enter_data',
                                     kwargs={
                                         "username": username,
                                         "id_string": id_string
                                     })

    context.enketo_add_with_url = reverse('add_submission_with',
                                          kwargs={
                                              "username": username,
                                              "id_string": id_string
                                          })
    context.mongo_api_url = reverse('mongo_view_api',
                                    kwargs={
                                        "username": username,
                                        "id_string": id_string
                                    })
    context.delete_data_url = reverse('delete_data',
                                      kwargs={
                                          "username": username,
                                          "id_string": id_string
                                      })
    context.mapbox_layer = MetaData.mapbox_layer_upload(xform)
    audit = {"xform": xform.id_string}
    audit_log(
        Actions.FORM_MAP_VIEWED, request.user, owner,
        _("Requested map on '%(id_string)s'.") %
        {'id_string': xform.id_string}, audit, request)
    return render_to_response(template, context_instance=context)
Exemplo n.º 38
0
Arquivo: views.py Projeto: smn/formhub
def create_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    query = request.POST.get("query")
    force_xlsx = request.POST.get('xls') != 'true'

    # export options
    group_delimiter = request.POST.get("options[group_delimiter]", '/')
    if group_delimiter not in ['.', '/']:
        return HttpResponseBadRequest(
            _("%s is not a valid delimiter" % group_delimiter))

    # default is True, so when dont_.. is yes
    # split_select_multiples becomes False
    split_select_multiples = request.POST.get(
        "options[dont_split_select_multiples]", "no") == "no"

    options = {
        'group_delimiter': group_delimiter,
        'split_select_multiples': split_select_multiples
    }

    try:
        create_async_export(xform, export_type, query, force_xlsx, options)
    except Export.ExportTypeError:
        return HttpResponseBadRequest(
            _("%s is not a valid export type" % export_type))
    else:
        audit = {
            "xform": xform.id_string,
            "export_type": export_type
        }
        audit_log(
            Actions.EXPORT_CREATED, request.user, owner,
            _("Created %(export_type)s export on '%(id_string)s'.") %
            {
                'export_type': export_type.upper(),
                'id_string': xform.id_string,
            }, audit, request)
        return HttpResponseRedirect(reverse(
            export_list,
            kwargs={
                "username": username,
                "id_string": id_string,
                "export_type": export_type
            })
        )
Exemplo n.º 39
0
def toggle_form_active(request, username, id_string):
    xform = XForm.objects.get(user__username=username, id_string=id_string)
    xform.form_active = not xform.form_active
    xform.save()
    audit = {}
    audit_log(
        Actions.FORM_UPDATED, request.user, xform.user,
        _("Made form '%(id_string)s' %(form_active)s.") %
        {
            'id_string': xform.id_string,
            'form_active':
            _("form_active") if xform.form_active else _("form_inactive")
        }, audit, request)
    return HttpResponseRedirect("/%s" % username)
Exemplo n.º 40
0
def create_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    query = request.POST.get("query")
    force_xlsx = request.POST.get('xls') != 'true'

    # export options
    group_delimiter = request.POST.get("options[group_delimiter]", '/')
    if group_delimiter not in ['.', '/']:
        return HttpResponseBadRequest(
            _("%s is not a valid delimiter" % group_delimiter))

    # default is True, so when dont_.. is yes
    # split_select_multiples becomes False
    split_select_multiples = request.POST.get(
        "options[dont_split_select_multiples]", "no") == "no"

    options = {
        'group_delimiter': group_delimiter,
        'split_select_multiples': split_select_multiples
    }

    try:
        create_async_export(xform, export_type, query, force_xlsx, options)
    except Export.ExportTypeError:
        return HttpResponseBadRequest(
            _("%s is not a valid export type" % export_type))
    else:
        audit = {
            "xform": xform.id_string,
            "export_type": export_type
        }
        audit_log(
            Actions.EXPORT_CREATED, request.user, owner,
            _("Created %(export_type)s export on '%(id_string)s'.") %
            {
                'export_type': export_type.upper(),
                'id_string': xform.id_string,
            }, audit, request)
        return HttpResponseRedirect(reverse(
            export_list,
            kwargs={
                "username": username,
                "id_string": id_string,
                "export_type": export_type
            })
        )
Exemplo n.º 41
0
def delete_xform(request, username, id_string):
    xform = get_object_or_404(XForm,
                              user__username=username,
                              id_string=id_string)

    # delete xform and submissions
    remove_xform(xform)

    audit = {}
    audit_log(
        Actions.FORM_DELETED, request.user, xform.user,
        _("Deleted form '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    return HttpResponseRedirect('/')
Exemplo n.º 42
0
def delete_data(request, username=None, id_string=None):
    query = request.POST.get('query', None)
    if query is None:
        return HttpResponseBadRequest(_(u"Invalid query parameter"))

    try:
        simplejson.loads(query)
    except ValueError:
        return HttpResponseBadRequest(_(u"Invalid query parameter"))

    xform, owner = check_and_set_user_and_form(username, id_string, request)
    response_text = u''
    if not xform:
        return HttpResponseForbidden(_(u'Not shared.'))
    try:
        query_args = {
            "username": username, "id_string": id_string,
            "query": query,
            "fields": request.POST.get('fields', None),
            "sort": request.POST.get('sort', None),
            "limit": 1
        }

        if 'limit' in request.GET:
            query_args["limit"] = int(request.GET.get('limit'))
        cursor = ParsedInstance.query_mongo(**query_args)
    except ValueError as e:
        return HttpResponseBadRequest(e)
    else:
        records = list(record for record in cursor)
        if records.__len__():
            for record in records:
                Instance.delete_by_uuid(
                    username, id_string, uuid=record['_uuid'])
                audit = {
                    'xform': xform.id_string
                }
                audit_log(Actions.SUBMISSION_DELETED, request.user, owner,
                    _("Deleted submission with id '%(record_id)s' on '%(id_string)s'.") %\
                    {
                        'id_string': xform.id_string,
                        'record_id': record['_id']
                    }, audit, request)
            response_text = simplejson.dumps(records)
    if 'callback' in request.GET and request.GET.get('callback') != '':
        callback = request.GET.get('callback')
        response_text = ("%s(%s)" % (callback, response_text))
    return HttpResponse(response_text, mimetype='application/json')
Exemplo n.º 43
0
def formList(request, username):
    """
    This is where ODK Collect gets its download list.
    """
    if username.lower() == 'crowdforms':
        xforms = XForm.objects.filter(is_crowd_form=True)\
            .exclude(user__username=username)
    else:
        formlist_user = get_object_or_404(User, username=username)
        profile, created = \
            UserProfile.objects.get_or_create(user=formlist_user)

        if profile.require_auth:
            authenticator = HttpDigestAuthenticator()
            if not authenticator.authenticate(request):
                return authenticator.build_challenge_response()

            # unauthorized if user in auth request does not match user in path
            # unauthorized if user not active
            if formlist_user.username != request.user.username or\
                    not request.user.is_active:
                return HttpResponseNotAuthorized()

        xforms = \
            XForm.objects.filter(downloadable=True, user__username=username)
        # retrieve crowd_forms for this user
        crowdforms = XForm.objects.filter(
            metadata__data_type=MetaData.CROWDFORM_USERS,
            metadata__data_value=username)
        xforms = chain(xforms, crowdforms)
        audit = {}
        audit_log(Actions.USER_FORMLIST_REQUESTED, request.user, formlist_user,
                  _("Requested forms list."), audit, request)
    response = render_to_response(
        "xformsList.xml",
        {
            #'urls': urls,
            'host':
            request.build_absolute_uri().replace(request.get_full_path(), ''),
            'xforms':
            xforms
        },
        mimetype="text/xml; charset=utf-8")
    response['X-OpenRosa-Version'] = '1.0'
    tz = pytz.timezone(settings.TIME_ZONE)
    dt = datetime.now(tz).strftime('%a, %d %b %Y %H:%M:%S %Z')
    response['Date'] = dt
    return response
Exemplo n.º 44
0
 def test_audit_log_call(self):
     account_user = self._create_user("alice", "alice")
     self._create_user_and_login("bob", "bob")
     request = RequestFactory().get("/")
     # create a log
     audit = {}
     audit_log(Actions.FORM_PUBLISHED, self.user, account_user,
               "Form published", audit, request)
     # function should just run without exception so we are good at this point
     # query for this log entry
     sort = {"created_on": -1}
     cursor = AuditLog.query_mongo(account_user.username, None, None, sort,
                                   0, 1)
     record = cursor.next()
     self.assertEqual(record['account'], "alice")
     self.assertEqual(record['user'], "bob")
     self.assertEqual(record['action'], Actions.FORM_PUBLISHED)
Exemplo n.º 45
0
def data_view(request, username, id_string):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    context = RequestContext(request)
    context.owner = owner
    context.xform = xform
    audit = {
        "xform": xform.id_string,
    }
    audit_log(
        Actions.FORM_DATA_VIEWED, request.user, owner,
        _("Requested data view for '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    return render_to_response("data_view.html", context_instance=context)
Exemplo n.º 46
0
def google_xls_export(request, username, id_string):
    token = None
    if request.user.is_authenticated():
        try:
            ts = TokenStorageModel.objects.get(id=request.user)
        except TokenStorageModel.DoesNotExist:
            pass
        else:
            token = ts.token
    elif request.session.get('access_token'):
        token = request.session.get('access_token')
    if token is None:
        request.session["google_redirect_url"] = reverse(google_xls_export,
                                                         kwargs={
                                                             'username':
                                                             username,
                                                             'id_string':
                                                             id_string
                                                         })
        return HttpResponseRedirect(redirect_uri)
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    valid, dd = dd_for_params(id_string, owner, request)
    if not valid:
        return dd
    ddw = XlsWriter()
    tmp = NamedTemporaryFile(delete=False)
    ddw.set_file(tmp)
    ddw.set_data_dictionary(dd)
    temp_file = ddw.save_workbook_to_file()
    temp_file.close()
    url = google_export_xls(tmp.name, xform.title, token, blob=True)
    os.unlink(tmp.name)
    audit = {"xform": xform.id_string, "export_type": "google"}
    audit_log(
        Actions.EXPORT_CREATED, request.user, owner,
        _("Created Google Docs export on '%(id_string)s'.") % {
            'id_string': xform.id_string,
        }, audit, request)
    return HttpResponseRedirect(url)
Exemplo n.º 47
0
def download_xform(request, username, id_string):
    user = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, user=user, id_string=id_string)
    profile, created =\
        UserProfile.objects.get_or_create(user=user)

    if profile.require_auth:
        authenticator = HttpDigestAuthenticator()
        if not authenticator.authenticate(request):
            return authenticator.build_challenge_response()
    audit = {"xform": xform.id_string}
    audit_log(
        Actions.FORM_XML_DOWNLOADED, request.user, xform.user,
        _("Downloaded XML for form '%(id_string)s'.") %
        {"id_string": xform.id_string}, audit, request)
    response = response_with_mimetype_and_name('xml',
                                               id_string,
                                               show_date=False)
    response.content = xform.xml
    return response
Exemplo n.º 48
0
Arquivo: views.py Projeto: smn/formhub
def survey_responses(request, instance_id):
    pi = get_object_or_404(ParsedInstance, instance=instance_id)
    xform, is_owner, can_edit, can_view = \
        get_xform_and_perms(pi.instance.user.username,
                            pi.instance.xform.id_string, request)
    # no access
    if not (xform.shared_data or can_view or
            request.session.get('public_link') == xform.uuid):
        return HttpResponseRedirect('/')
    data = pi.to_dict()

    # get rid of keys with leading underscores
    data_for_display = {}
    for k, v in data.items():
        if not k.startswith(u"_"):
            data_for_display[k] = v

    xpaths = data_for_display.keys()
    xpaths.sort(cmp=pi.data_dictionary.get_xpath_cmp())
    label_value_pairs = [
        (parse_label_for_display(pi, xpath),
         data_for_display[xpath]) for xpath in xpaths
    ]
    languages = label_value_pairs[-1][0]
    audit = {
        "xform": xform.id_string,
        "instance_id": instance_id
    }
    audit_log(
        Actions.FORM_DATA_VIEWED, request.user, xform.user,
        _("Requested survey with id '%(instance_id)s' on '%(id_string)s'.") %
        {
            'id_string': xform.id_string,
            'instance_id': instance_id
        }, audit, request)
    return render_to_response('survey.html', {
        'label_value_pairs': label_value_pairs,
        'image_urls': image_urls(pi.instance),
        'languages': languages,
        'default_language': languages[0][0]
    })
Exemplo n.º 49
0
Arquivo: views.py Projeto: smn/formhub
def export_download(request, username, id_string, export_type, filename):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))

    # find the export entry in the db
    export = get_object_or_404(Export, xform=xform, filename=filename)

    if export_type == Export.GDOC_EXPORT and export.export_url is not None:
        return HttpResponseRedirect(export.export_url)

    ext, mime_type = export_def_from_filename(export.filename)

    audit = {
        "xform": xform.id_string,
        "export_type": export.export_type
    }
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded %(export_type)s export '%(filename)s' "
          "on '%(id_string)s'.") %
        {
            'export_type': export.export_type.upper(),
            'filename': export.filename,
            'id_string': xform.id_string,
        }, audit, request)
    if request.GET.get('raw'):
        id_string = None

    default_storage = get_storage_class()()
    if not isinstance(default_storage, FileSystemStorage):
        return HttpResponseRedirect(default_storage.url(export.filepath))
    basename = os.path.splitext(export.filename)[0]
    response = response_with_mimetype_and_name(
        mime_type, name=basename, extension=ext,
        file_path=export.filepath, show_date=False)
    return response
Exemplo n.º 50
0
def generate_instance(username, xml_file, media_files, uuid=None):
    ''' Process an XForm submission as if done via HTTP

        :param IO xml_file: file-like object containing XML XForm
        :param string username: username of the Form's owner
        :param list media_files: a list of UploadedFile objects
        :param string uuid: an optionnal uuid for the instance.

        :returns a (status, message) tuple. '''

    try:
        instance = create_instance(username, xml_file, media_files, uuid=uuid)
    except InstanceInvalidUserError:
        return {
            'code': SMS_SUBMISSION_REFUSED,
            'text': _(u"Username or ID required.")
        }
    except IsNotCrowdformError:
        return {
            'code': SMS_SUBMISSION_REFUSED,
            'text': _(u"Sorry but the crowd form you "
                      u"submitted to is closed.")
        }
    except InstanceEmptyError:
        return {
            'code': SMS_INTERNAL_ERROR,
            'text': _(u"Received empty submission. "
                      u"No instance was created")
        }
    except FormInactiveError:
        return {
            'code': SMS_SUBMISSION_REFUSED,
            'text': _(u"Form is not active")
        }
    except XForm.DoesNotExist:
        return {
            'code': SMS_SUBMISSION_REFUSED,
            'text': _(u"Form does not exist on this account")
        }
    except ExpatError:
        return {
            'code': SMS_INTERNAL_ERROR,
            'text': _(u"Improperly formatted XML.")
        }
    except DuplicateInstance:
        return {
            'code': SMS_SUBMISSION_REFUSED,
            'text': _(u"Duplicate submission")
        }

    if instance is None:
        return {
            'code': SMS_INTERNAL_ERROR,
            'text': _(u"Unable to create submission.")
        }

    user = User.objects.get(username=username)

    audit = {"xform": instance.xform.id_string}
    audit_log(
        Actions.SUBMISSION_CREATED, user, instance.xform.user,
        _("Created submission on form %(id_string)s.") %
        {"id_string": instance.xform.id_string}, audit, HttpRequest())

    xml_file.close()
    if len(media_files):
        [_file.close() for _file in media_files]

    return {
        'code': SMS_SUBMISSION_ACCEPTED,
        'text': _(u"[SUCCESS] Your submission has been accepted."),
        'id': get_sms_instance_id(instance)
    }
Exemplo n.º 51
0
def enter_data(request, username, id_string):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm,
                              user__username=username,
                              id_string=id_string)
    if not has_edit_permission(xform, owner, request, xform.shared):
        return HttpResponseForbidden(_(u'Not shared.'))
    if not hasattr(settings, 'ENKETO_URL'):
        return HttpResponseRedirect(
            reverse('main.views.show',
                    kwargs={
                        'username': username,
                        'id_string': id_string
                    }))
    url = '%slaunch/launchSurvey' % settings.ENKETO_URL
    register_openers()
    response = None
    # see commit 220f2dad0e for tmp file creation
    try:
        formhub_url = "http://%s/" % request.META['HTTP_HOST']
    except:
        formhub_url = "http://formhub.org/"
    values = {
        'format': 'json',
        'form_id': xform.id_string,
        'server_url': formhub_url + username
    }
    data, headers = multipart_encode(values)
    headers['User-Agent'] = 'formhub'
    req = urllib2.Request(url, data, headers)
    try:
        response = urllib2.urlopen(req)
        response = json.loads(response.read())
        context = RequestContext(request)
        owner = User.objects.get(username=username)
        context.profile, created = \
            UserProfile.objects.get_or_create(user=owner)
        context.xform = xform
        context.content_user = owner
        context.form_view = True
        if 'url' in response:
            audit = {"xform": xform.id_string}
            audit_log(
                Actions.FORM_ENTER_DATA_REQUESTED, request.user, owner,
                _("Requested enter data url for '%(id_string)s'.") % {
                    'id_string': xform.id_string,
                }, audit, request)
            context.enketo = response['url']
            #return render_to_response("form_entry.html",
            #                          context_instance=context)
            return HttpResponseRedirect(response['url'])
        else:
            json_msg = response['reason']
            """
            return HttpResponse("<script>$('body')</script>")
            """
            context.message = {
                'type':
                'alert-error',
                'text':
                "Enketo error, reason: " +
                (response['reason'] and "Server not found.")
            }
            messages.add_message(request, messages.WARNING, json_msg)
            return render_to_response("profile.html", context_instance=context)

    except urllib2.URLError:
        # this will happen if we could not connect to enketo
        messages.add_message(request, messages.WARNING,
                             _("Enketo error: Unable to open webform url."))
    except ValueError, e:
        messages.add_message(request, messages.WARNING,
                             _("Enketo error: enketo replied %s") % e)
Exemplo n.º 52
0
def edit_data(request, username, id_string, data_id):
    owner = User.objects.get(username=username)
    xform = get_object_or_404(XForm,
                              user__username=username,
                              id_string=id_string)
    instance = get_object_or_404(Instance, pk=data_id, xform=xform)
    if not has_edit_permission(xform, owner, request, xform.shared):
        return HttpResponseForbidden(_(u'Not shared.'))
    if not hasattr(settings, 'ENKETO_URL'):
        return HttpResponseRedirect(
            reverse('main.views.show',
                    kwargs={
                        'username': username,
                        'id_string': id_string
                    }))

    url = '%sdata/edit_url' % settings.ENKETO_URL
    register_openers()
    response = None
    # see commit 220f2dad0e for tmp file creation
    try:
        formhub_url = "http://%s/" % request.META['HTTP_HOST']
    except:
        formhub_url = "http://formhub.org/"
    injected_xml = inject_instanceid(instance.xml, instance.uuid)
    values = {
        'format':
        'json',
        'form_id':
        xform.id_string,
        'server_url':
        formhub_url + username,
        'instance':
        injected_xml,
        'instance_id':
        instance.uuid,
        'return_url':
        request.build_absolute_uri(
            reverse('odk_viewer.views.instance',
                    kwargs={
                        'username': username,
                        'id_string': id_string
                    }) + "#/" + str(instance.id))
    }
    data, headers = multipart_encode(values)
    headers['User-Agent'] = 'formhub'
    req = urllib2.Request(url, data, headers)
    try:
        response = urllib2.urlopen(req)
        response = json.loads(response.read())
        context = RequestContext(request)
        owner = User.objects.get(username=username)
        context.profile, created = \
            UserProfile.objects.get_or_create(user=owner)
        context.xform = xform
        context.content_user = owner
        context.form_view = True
        if 'edit_url' in response:
            audit = {"xform": xform.id_string, "data_id": data_id}
            audit_log(
                Actions.SUBMISSION_EDIT_REQUESTED, request.user, owner,
                _("Requested to edit data with id "
                  "'%(data_id)s' on '%(id_string)s'.") % {
                      'id_string': xform.id_string,
                      'data_id': data_id
                  }, audit, request)
            context.enketo = response['edit_url']
            return HttpResponseRedirect(response['edit_url'])
        else:
            json_msg = response['reason']
            """
            return HttpResponse("<script>$('body')</script>")
            """
            context.message = {
                'type':
                'alert-error',
                'text':
                "Enketo error, reason: " +
                (response['reason'] and "Server not found.")
            }
            messages.add_message(request, messages.WARNING, json_msg)
            return render_to_response("profile.html", context_instance=context)

    except urllib2.URLError:
        # this will happen if we could not connect to enketo
        messages.add_message(request, messages.WARNING,
                             _("Enketo error: Unable to open webform url."))
    except ValueError, e:
        messages.add_message(request, messages.WARNING,
                             _("Enketo error: enketo replied %s") % e)
Exemplo n.º 53
0
def data_export(request, username, id_string, export_type):
    owner = get_object_or_404(User, username=username)
    xform = get_object_or_404(XForm, id_string=id_string, user=owner)
    helper_auth_helper(request)
    if not has_permission(xform, owner, request):
        return HttpResponseForbidden(_(u'Not shared.'))
    query = request.GET.get("query")
    extension = export_type

    # check if we should force xlsx
    force_xlsx = request.GET.get('xls') != 'true'
    if export_type == Export.XLS_EXPORT and force_xlsx:
        extension = 'xlsx'
    elif export_type == Export.CSV_ZIP_EXPORT:
        extension = 'zip'

    audit = {"xform": xform.id_string, "export_type": export_type}
    # check if we need to re-generate,
    # we always re-generate if a filter is specified
    if should_create_new_export(xform, export_type) or query or\
                    'start' in request.GET or 'end' in request.GET:
        format_date_for_mongo = lambda x, datetime: datetime.strptime(
            x, '%y_%m_%d_%H_%M_%S').strftime('%Y-%m-%dT%H:%M:%S')
        # check for start and end params
        if 'start' in request.GET or 'end' in request.GET:
            if not query:
                query = '{}'
            query = json.loads(query)
            query[SUBMISSION_TIME] = {}
            try:
                if request.GET.get('start'):
                    query[SUBMISSION_TIME]['$gte'] = format_date_for_mongo(
                        request.GET['start'], datetime)
                if request.GET.get('end'):
                    query[SUBMISSION_TIME]['$lte'] = format_date_for_mongo(
                        request.GET['end'], datetime)
            except ValueError:
                return HttpResponseBadRequest(
                    _("Dates must be in the format YY_MM_DD_hh_mm_ss"))
            else:
                query = json.dumps(query)
        try:
            export = generate_export(export_type, extension, username,
                                     id_string, None, query)
            audit_log(
                Actions.EXPORT_CREATED, request.user, owner,
                _("Created %(export_type)s export on '%(id_string)s'.") % {
                    'id_string': xform.id_string,
                    'export_type': export_type.upper()
                }, audit, request)
        except NoRecordsFoundError:
            return HttpResponseNotFound(_("No records found to export"))
    else:
        export = newset_export_for(xform, export_type)

    # log download as well
    audit_log(
        Actions.EXPORT_DOWNLOADED, request.user, owner,
        _("Downloaded %(export_type)s export on '%(id_string)s'.") % {
            'id_string': xform.id_string,
            'export_type': export_type.upper()
        }, audit, request)

    if not export.filename:
        # tends to happen when using newset_export_for.
        return HttpResponseNotFound("File does not exist!")
    # get extension from file_path, exporter could modify to
    # xlsx if it exceeds limits
    path, ext = os.path.splitext(export.filename)
    ext = ext[1:]
    if request.GET.get('raw'):
        id_string = None
    response = response_with_mimetype_and_name(Export.EXPORT_MIMES[ext],
                                               id_string,
                                               extension=ext,
                                               file_path=export.filepath)
    return response
Exemplo n.º 54
0
            response = OpenRosaResponse(_(u"Duplicate submission"))
            response.status_code = 202
            response['Location'] = request.build_absolute_uri(request.path)
            return response
        except PermissionDenied, e:
            return OpenRosaResponseNotAllowed(e.message)
        except Exception, e:
            raise

        if instance is None:
            return OpenRosaResponseBadRequest(
                _(u"Unable to create submission."))

        audit = {"xform": instance.xform.id_string}
        audit_log(
            Actions.SUBMISSION_CREATED, request.user, instance.xform.user,
            _("Created submission on form %(id_string)s.") %
            {"id_string": instance.xform.id_string}, audit, request)
        # ODK needs two things for a form to be considered successful
        # 1) the status code needs to be 201 (created)
        # 2) The location header needs to be set to the host it posted to
        if html_response:
            context.username = instance.user.username
            context.id_string = instance.xform.id_string
            context.domain = Site.objects.get(id=settings.SITE_ID).domain
            response = render_to_response("submission.html",
                                          context_instance=context)
        else:
            context.message = _("Successful submission.")
            context.formid = instance.xform.id_string
            context.encrypted = instance.xform.encrypted
            context.instanceID = u'uuid:%s' % instance.uuid