def modify_org(self, user_email, org_name, code, reason):
with model.session_scope() as session:
org = session.query(model.Organisation).\
filter(func.lower(model.Organisation.name) ==
func.lower(org_name)).one()
to_son = ToSon(
r'/id$',
r'/name$',
r'/title$',
r'/locations.*$',
r'/meta.*$',
r'/surveygroups$',
r'/[0-9]+$',
)
to_son.exclude(
r'/locations/[0-9]+/id$',
r'/locations/[0-9]+/organisation.*$',
r'/meta/id$',
r'/meta/organisation.*$',
)
org_son = to_son(org)
with base.mock_user(user_email):
post_data = org_son.copy()
response = self.fetch("/organisation/%s.json" % org_son['id'],
method='PUT',
body=json_encode(post_data),
expected=code)
self.assertIn(reason, response.reason,
"%s operating on %s" % (user_email, org_name))
def get(self, user_id):
'''
Get a single user.
'''
if not user_id:
self.query()
return
with model.session_scope() as session:
user_session = self.get_user_session(session)
if user_id == 'current':
user = user_session.user
else:
user = (
session.query(model.AppUser)
.options(joinedload('organisation'))
.options(joinedload('surveygroups'))
.get(user_id))
if not user:
raise errors.MissingDocError("No such user")
policy = user_session.policy.derive({
'user': user,
'surveygroups': user.surveygroups,
})
policy.verify('user_view')
# Check that user shares a common surveygroup with the requesting
# user.
# Allow admins to access users outside their surveygroups though.
if not policy.check('admin'):
policy.verify('surveygroup_interact')
to_son = ToSon(
r'/id$',
r'/name$',
r'/title$',
r'/email$',
r'/email_interval$',
r'/role$',
r'/deleted$',
# Descend into nested objects
r'/organisation$',
r'/[0-9+]$',
# Exclude password from response. Not really necessary because
# 1. it's hashed and 2. it's not in the list above. But just to
# be safe.
r'!password',
)
if policy.check('surveygroup_browse'):
to_son.add(r'^/surveygroups$')
son = to_son(user)
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def test_son_node(self):
input = TestNode(id_col=uuid.uuid4(),
int_col=1,
bool_col=True,
string_col="foo",
float_col=0.5,
date_col=datetime.date(2015, 1, 1))
input.parent = TestNode(int_col=2, string_col="bar")
output = {
'idCol': str(input.id_col),
'intCol': 1,
'boolCol': True,
'stringCol': "foo",
'floatCol': 0.5,
'parent': {
'intCol': 2,
'stringCol': "bar"
},
'dateCol': time.mktime(input.date_col.timetuple()),
}
to_son = ToSon(omit=True)
self.assertEqual(output, to_son(input))
output = {
'idCol': str(input.id_col),
'intCol': 1,
'boolCol': True,
'floatCol': 0.5,
'parent': {
'stringCol': "bar"
},
'dateCol': time.mktime(input.date_col.timetuple()),
}
to_son = ToSon(r'!^/string_col', r'!parent/int_col', omit=True)
self.assertEqual(output, to_son(input))
output = {'idCol': str(input.id_col), 'parent': {'stringCol': "bar"}}
to_son = ToSon(r'^/id_col', r'^/parent$', r'parent/string_col')
self.assertEqual(output, to_son(input))
output = {
'idCol': str(input.id_col),
'parent': {
'intCol': 2,
}
}
to_son = ToSon(r'^/id_col', r'^/parent', r'!string_col', omit=True)
self.assertEqual(output, to_son(input))
input.parent.parent = input
to_son = ToSon()
with self.assertRaises(UtilException):
to_son(input)
def query(self, submission_id):
'''Get a list.'''
qnode_id = self.get_argument('qnodeId', '')
if not qnode_id:
raise errors.ModelError("qnode ID required")
with model.session_scope() as session:
user_session = self.get_user_session(session)
submission = (session.query(model.Submission).options(
joinedload('organisation')).filter_by(
id=submission_id).first())
if not submission:
raise errors.MissingDocError("No such submission")
policy = user_session.policy.derive({
'org':
submission.organisation,
'submission':
submission,
'surveygroups':
submission.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('response_view')
rnode = (session.query(model.ResponseNode).get(
(submission_id, qnode_id)))
if not rnode:
responses = []
else:
responses = rnode.responses
to_son = ToSon(
# Fields to match from any visited object
r'/id$',
r'/score$',
r'/approval$',
r'/modified$',
r'/not_relevant$',
r'^/[0-9]+/error$',
# Descend into nested objects
r'/[0-9]+$',
r'/measure$',
)
if user_session.user.role == 'clerk':
to_son.exclude(r'/score$')
sons = to_son(responses)
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def get(self, ob_type, ids):
if ob_type:
self.query(ob_type, ids.split(','))
return
subscription_id = ids
with model.session_scope() as session:
subscription = (session.query(
model.Subscription).get(subscription_id))
if not subscription:
raise errors.MissingDocError("No such subscription")
user_session = self.get_user_session(session)
policy = user_session.policy.derive({
'user': subscription.user,
})
policy.verify('subscription_view')
to_son = ToSon(
r'/created$',
r'/user_id$',
r'/subscribed$',
r'/ob_type$',
r'/ob_refs/?.*$',
)
son = to_son(subscription)
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def test_son(self):
date = datetime.date(2015, 1, 1)
id_ = uuid.uuid4()
input = {
'a_string': "foo",
'a_date': date,
'a_uuid': id_,
'a_list': [1, id_, {
'3': date
}],
'a_dict': {
'a_nested_item': "bar"
}
}
output = {
'aString': "foo",
'aDate': time.mktime(date.timetuple()),
'aUuid': str(id_),
'aList': [1, str(id_), {
'3': time.mktime(date.timetuple())
}],
'aDict': {
'aNestedItem': "bar"
}
}
to_son = ToSon()
self.assertEqual(output, to_son(input))
def test_son_sanitise(self):
input = {
'safe_html': '<script>foo</script> '
'<a href="http://bar">bar</a> '
'<a href="javascript:fn()">baz</a>',
'strip_script': '<script>foo</script>',
'strip_protocol': '<a href="http://bar">bar</a> '
'<a href="javascript:fn()">baz</a>',
'strip_click': '<span onclick="fn()">bar</span> '
'<a onclick="fn()">baz</a>',
'a_dict': {
'strip_script': '<script>foo</script>',
}
}
output = {
'safeHtml': '<script>foo</script> '
'<a href="http://bar">bar</a> '
'<a href="javascript:fn()">baz</a>',
'stripScript': 'foo',
'stripProtocol': '<a href="http://bar">bar</a> <a>baz</a>',
'stripClick': 'bar <a>baz</a>',
'aDict': {
'stripScript': 'foo',
}
}
to_son = ToSon(r'/safe_html$', r'</strip.*$', r'^/a_dict$')
self.assertEqual(output, to_son(input))
def modify_org_in_user(self, user_email, old_org_name, new_org_name, code,
reason):
with model.session_scope() as session:
org = (session.query(model.Organisation).filter(
func.lower(model.Organisation.name) == func.lower(
new_org_name)).one())
to_son = ToSon(
r'/id$',
r'/name$',
r'/surveygroups$',
r'/[0-9]+$',
)
org_son = to_son(org)
user = (session.query(model.AppUser).filter(
func.lower(model.AppUser.email) == func.lower(
user_email)).one())
user_son = to_son(user)
user_son['organisation'] = org_son
with base.mock_user(user_email):
response = self.fetch("/user/%s.json" % user_son['id'],
method='PUT',
body=json_encode(user_son),
expected=code)
self.assertIn(reason, response.reason, msg=user_email)
def get(self, path):
if path == '':
path = 'index.html'
template = os.path.join(self.path, path)
with model.session_scope() as session:
if self.uses_old_url(session):
self.redirect_to_canonical(session)
return
user_session = self.get_user_session(session)
params = TemplateParams(session)
theme_params = theme.ThemeParams(session)
to_son = ToSon(
r'/id$',
r'/name$',
r'/title$',
r'/email$',
r'/role$',
r'/deleted$',
r'/organisation$',
r'!password',
r'^/surveygroups$',
r'/[0-9+]$',
)
user_son = json_encode(to_son(user_session.user))
self.render(
template, params=params, theme=theme_params,
user=user_session.user, organisation=user_session.org,
user_son=user_son)
def get(self, submission_id, measure_id, submeasure_id):
with model.session_scope() as session:
user_session = self.get_user_session(session)
response = (
session.query(model.Response)
.get((submission_id, measure_id)))
if response is None:
raise errors.MissingDocError("No such response")
org = response.submission.organisation
policy = user_session.policy.derive({
'org': org,
'surveygroups': org.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('attachment_view')
query = (
session.query(model.Attachment)
.filter(model.Attachment.response == response))
to_son = ToSon(
r'/id$',
r'/file_name$',
r'/url$'
)
# Don't send internal URLs to client
to_son_internal = ToSon(
r'/id$',
r'/file_name$'
)
sons = []
for attachment in query.all():
if measure_id==submeasure_id or str(attachment.submeasure_id) == submeasure_id:
assert (attachment.organisation_id == org.id)
if attachment.storage == 'external':
sons.append(to_son(attachment))
else:
sons.append(to_son_internal(attachment))
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def write(self, session, resultset, path, query):
with open(path, 'w', encoding='utf-8') as f:
log.debug("Writing result as JSON")
to_son = ToSon(
r'/[0-9]+$',
r'/[0-9]+/[^/]+$',
)
f.write('{"cols": %s, "rows": [' %
json_encode(to_son(resultset.cols)))
to_son = ToSon(r'/[0-9]+$', )
for i, row in enumerate(resultset.rows):
if i > 0:
f.write(', ')
f.write(json_encode(to_son(row)))
f.write(']}')
def get(self, submission_id, measure_id):
'''Get a list of versions of a response.'''
with model.session_scope() as session:
user_session = self.get_user_session(session)
submission = session.query(model.Submission).get(submission_id)
if not submission:
raise errors.MissingDocError("No such submission")
policy = user_session.policy.derive({
'org':
submission.organisation,
'submission':
submission,
'surveygroups':
submission.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('response_view')
# Current version
versions = (session.query(model.Response).filter_by(
submission_id=submission_id, measure_id=measure_id).all())
# Other versions
query = (session.query(model.ResponseHistory).filter_by(
submission_id=submission_id, measure_id=measure_id).order_by(
model.ResponseHistory.version.desc()))
query = self.paginate(query)
versions += query.all()
# Important! If you're going to include the comment field here,
# make sure it is cleaned first to prevent XSS attacks.
to_son = ToSon(
r'/id$',
r'/name$',
r'/approval$',
r'/version$',
r'/modified$',
# Descend
r'/[0-9]+$',
r'/user$',
r'/organisation$',
# The IDs of rnodes and responses are not part of the API
r'!^/[0-9]+/id$',
)
sons = to_son(versions)
for son, version in zip(sons, versions):
user = session.query(model.AppUser).get(version.user_id)
if user is not None:
son['user'] = to_son(user)
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def get_groups_son(self, session, *group_names):
surveygroups = (session.query(model.SurveyGroup).filter(
model.SurveyGroup.title.in_(group_names)).all())
to_son = ToSon(
r'/id$',
r'/title$',
r'/[0-9]+$',
)
return to_son(surveygroups)
def get(self, submission_id):
if submission_id == '':
self.query()
return
with model.session_scope() as session:
user_session = self.get_user_session(session)
submission = session.query(model.Submission).get(submission_id)
if not submission:
raise errors.MissingDocError("No such submission")
policy = user_session.policy.derive({
'org':
submission.organisation,
'surveygroups':
submission.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('submission_view')
to_son = ToSon(
# Any
r'/ob_type$',
r'/id$',
r'/title$',
r'/name$',
r'</description$',
r'/approval$',
r'/created$',
r'/deleted$',
r'/n_measures$',
r'^/error$',
r'^/survey/error$',
r'/program/tracking_id$',
# Nested
r'/program$',
r'/program/tracking_id$',
r'/organisation$',
r'/survey$',
r'/survey/structure.*$',
r'/survey/min_stats_approval$',
r'/program/hide_aggregate$',
)
son = to_son(submission)
# menu for export asset management show if asset management template exist src/app/client/report
# local path "src/app/client/report/" + submission.survey.title + ' Template.xlsx"
# templateFile = "src/app/client/report/" + submission.survey.title + ' Template.xlsx'
# local path "app/client/report/" + submission.survey.title + ' Template.xlsx" for develop
# production path "client/report/" + submission.survey.title + ' Template.xlsx' for deploy
templateFile = "client/report/" + submission.survey.title + ' Template.xlsx'
if os.path.isfile(templateFile):
son["showCreateAssetReport"] = True
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def query(self, organisation_id):
deleted = self.get_argument('deleted', '')
with model.session_scope() as session:
user_session = self.get_user_session(session)
org = session.query(model.Organisation).get(organisation_id)
if not org:
raise errors.MissingDocError("No such organisation")
policy = user_session.policy.derive({
'org':
org,
'surveygroups':
org.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('submission_browse')
query = (session.query(model.Survey).join(
model.PurchasedSurvey).filter(
model.PurchasedSurvey.organisation_id == organisation_id))
if deleted:
deleted = truthy(deleted)
if deleted:
del_filter = ((model.Survey.deleted == True) |
(model.Program.deleted == True))
else:
del_filter = ((model.Survey.deleted == False) &
(model.Program.deleted == False))
query = query.join(model.Program).filter(del_filter)
if not policy.check('surveygroup_interact_all'):
query = filter_surveygroups(session, query,
user_session.user.id,
[model.Program],
[model.program_surveygroup])
surveys = query.all()
to_son = ToSon(
r'/id$',
r'/title$',
r'/deleted$',
r'/n_measures$',
r'/program/tracking_id$',
# Descend into list
r'/[0-9]+$',
r'/program$')
sons = to_son(surveys)
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def query(self):
sons = []
with model.session_scope() as session:
user_session = self.get_user_session(session)
policy = user_session.policy.derive({})
policy.verify('org_browse')
query = session.query(model.Organisation)
# Filter out orgs that don't share a surveygroup with this user.
# Admins need access to orgs outside their surveygroups though.
if not policy.check('admin'):
query = filter_surveygroups(session, query,
user_session.user.id, [],
[model.organisation_surveygroup])
# Filter down to just organisations in a particular survey group
surveygroup_id = self.get_argument("surveyGroupId", None)
if surveygroup_id:
query = (query.join(
model.SurveyGroup, model.Organisation.surveygroups).filter(
model.SurveyGroup.id == surveygroup_id))
term = self.get_argument('term', None)
if term is not None:
query = query.filter(
model.Organisation.name.ilike(r'%{}%'.format(term)))
deleted = self.get_argument('deleted', '')
if deleted != '':
deleted = truthy(deleted)
query = query.filter(model.Organisation.deleted == deleted)
query = query.order_by(model.Organisation.name)
query = self.paginate(query)
to_son = ToSon(
r'^/[0-9]+/id$',
r'/name$',
r'/deleted$',
r'/locations$',
r'/locations/0/description$',
r'/meta$',
r'/meta/asset_types.*$',
# Descend into list
r'/[0-9]+$')
sons = to_son(query.all())
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def get(self, query_id):
if not query_id:
self.query()
return
version = self.get_argument('version', '')
with model.session_scope() as session:
custom_query = session.query(model.CustomQuery).get(query_id)
if custom_query is None:
raise errors.MissingDocError("No such query")
user_session = self.get_user_session(session)
policy = user_session.policy.derive({
'custom_query': custom_query,
})
policy.verify('custom_query_view')
old_version = self.get_version(session, custom_query, version)
to_son = ToSon(
r'/id$',
r'/deleted$',
r'/modified$',
r'/latest_modified$',
r'/user$',
r'/title$',
r'</description$',
r'/name$',
r'/text$',
r'/version$',
)
if not old_version:
son = to_son(custom_query)
else:
son = to_son(old_version)
user = session.query(model.AppUser).get(old_version.user_id)
if user:
son.user = to_son(user)
# Always include the mtime of the most recent version. This is used
# to avoid edit conflicts.
dummy_relations = {
'latest_modified': custom_query.modified,
}
son.update(to_son(dummy_relations))
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def get(self, program_id):
'''
Get a list of programs that share the same lineage.
'''
if program_id == '':
raise errors.MethodError("Program ID is required")
with model.session_scope() as session:
user_session = self.get_user_session(session)
program = session.query(model.Program).get(program_id)
if not program:
raise errors.MissingDocError("No such program")
policy = user_session.policy.derive({
'program':
program,
'surveygroups':
program.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('program_view')
query = (session.query(model.Program).filter(
model.Program.tracking_id == program.tracking_id).order_by(
model.Program.created))
if not policy.check('surveygroup_interact_all'):
query = filter_surveygroups(session, query,
user_session.user.id, [],
[model.program_surveygroup])
deleted = self.get_argument('deleted', '')
if deleted != '':
deleted = truthy(deleted)
query = query.filter(model.Program.deleted == deleted)
to_son = ToSon(
r'/id$',
r'/title$',
r'/is_editable$',
r'/deleted$',
# Descend
r'/[0-9]+$',
)
sons = to_son(query.all())
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def query(self):
'''
Get a list of programs.
'''
term = self.get_argument('term', '')
is_editable = truthy(self.get_argument('editable', ''))
sons = []
with model.session_scope() as session:
user_session = self.get_user_session(session)
query = session.query(model.Program)
policy = user_session.policy.derive({})
if not policy.check('surveygroup_interact_all'):
query = filter_surveygroups(session, query,
user_session.user.id, [],
[model.program_surveygroup])
# Get all programs for a survey group
surveygroup_id = self.get_argument("surveyGroupId", None)
if surveygroup_id:
query = (query.join(
model.SurveyGroup, model.Program.surveygroups).filter(
model.SurveyGroup.id == surveygroup_id))
if term != '':
query = query.filter(
model.Program.title.ilike(r'%{}%'.format(term)))
if is_editable:
query = query.filter(model.Program.finalised_date == None)
deleted = self.get_argument('deleted', '')
if deleted != '':
deleted = truthy(deleted)
query = query.filter(model.Program.deleted == deleted)
query = query.order_by(model.Program.created.desc())
query = self.paginate(query)
to_son = ToSon(r'/id$', r'/title$', r'</description$',
r'/deleted$', r'^/[0-9]+/error$', r'/[0-9]+$')
sons = to_son(query.all())
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def get(self):
with model.session_scope() as session:
user_session = self.get_user_session(session)
policy = user_session.policy.derive({})
policy.verify('custom_query_view')
to_son = ToSon(r'.*')
self.set_header("Content-Type", "application/json")
wall_time = config.get_setting(session, 'custom_timeout') * 1000
max_limit = config.get_setting(session, 'custom_max_limit')
conf = {'wall_time': wall_time, 'max_limit': max_limit}
self.write(json_encode(to_son(conf)))
self.finish()
def get(self, survey_id):
if not survey_id:
self.query()
return
program_id = self.get_argument('programId', '')
with model.session_scope() as session:
user_session = self.get_user_session(session)
survey = (session.query(model.Survey).options(
joinedload('program.surveygroups')).get(
(survey_id, program_id)))
if not survey:
raise errors.MissingDocError("No such survey")
policy = user_session.policy.derive({
'survey':
survey,
'surveygroups':
survey.program.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('survey_view')
to_son = ToSon(
# Any
r'/ob_type$',
r'/id$',
r'/title$',
r'/seq$',
r'/created$',
r'/deleted$',
r'/is_editable$',
r'/n_measures$',
r'^/error$',
r'/program/tracking_id$',
# Root-only
r'<^/description$',
r'^/structure.*',
# Nested
r'/program$',
)
son = to_son(survey)
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def test_modify_user(self):
with model.session_scope() as session:
# TODO: Refactor this to make it reusable.
user = (session.query(
model.AppUser).filter(model.AppUser.email == 'clerk').one())
to_son = ToSon(
r'/id$',
r'/title$',
r'/name$',
r'/surveygroups$',
r'/organisation$',
r'/[0-9]+$',
# Exclude password
r'!/password$',
)
user_son = to_son(user)
users = [('consultant', 403, "are not the owner"),
('authority', 403, "are not the owner"),
('author', 403, "are not the owner"), ('clerk', 200, 'OK'),
('org_admin', 200, 'OK'), ('admin', 200, 'OK')]
for user_email, code, reason in users:
post_data = user_son.copy()
post_data['organisation'] = post_data['organisation'].copy()
with base.mock_user(user_email):
response = self.fetch("/user/%s.json" % user_son['id'],
method='PUT',
body=json_encode(post_data))
self.assertIn(reason, response.reason, msg=user_email)
self.assertEqual(code, response.code, msg=user_email)
users = [
('clerk', 403, "can't add that user"),
('org_admin', 200, 'OK'),
]
for user_email, code, reason in users:
post_data = user_son.copy()
post_data['organisation'] = post_data['organisation'].copy()
post_data['deleted'] = True
with base.mock_user(user_email):
response = self.fetch("/user/%s.json" % user_son['id'],
method='PUT',
body=json_encode(post_data))
self.assertIn(reason, response.reason, msg=user_email)
self.assertEqual(code, response.code, msg=user_email)
def query(self):
with model.session_scope() as session:
user_session = self.get_user_session(session)
policy = user_session.policy.derive({})
policy.verify('custom_query_browse')
query = session.query(model.CustomQuery)
term = self.get_argument('term', None)
if term is not None:
query = query.filter(
model.CustomQuery.title.ilike(r'%{}%'.format(term)))
deleted = self.get_argument('deleted', '')
if deleted != '':
deleted = truthy(deleted)
query = query.filter(model.CustomQuery.deleted == deleted)
order_by = self.get_argument('order', 'title')
if order_by == 'title':
order_field = model.CustomQuery.title
elif order_by == 'modified':
order_field = model.CustomQuery.modified
else:
order_field = None
if order_field:
if self.get_argument('desc', ''):
order_field = order_field.desc()
query = query.order_by(order_field)
query = self.paginate(query)
to_son = ToSon(
r'^/[0-9]+/id$',
r'/deleted$',
r'/title$',
r'/description$',
r'/modified$',
# Descend into list
r'/[0-9]+$',
)
sons = to_son(query.all())
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def query(self, ob_type, object_ids):
with model.session_scope() as session:
ob = get_ob(session, ob_type, object_ids)
if not ob:
raise errors.MissingDocError("No such object")
user_session = self.get_user_session(session)
act = Activities(session)
subscription_map = {
tuple(sub.ob_refs): sub.subscribed
for sub in act.subscriptions(user_session.user, ob)
}
subscription_id_map = {
tuple(sub.ob_refs): sub.id
for sub in act.subscriptions(user_session.user, ob)
}
lineage = [{
'id':
subscription_id_map.get(tuple(item.ob_ids), None),
'title':
item.ob_title,
'ob_type':
item.ob_type,
'ob_ids':
item.ob_ids,
'subscribed':
subscription_map.get(tuple(item.ob_ids), None)
} for item in ob.action_lineage]
to_son = ToSon(
r'/id$',
r'/title$',
r'/subscribed$',
r'/ob_type$',
r'/ob_ids/?.*$',
r'/[0-9]+$',
)
sons = to_son(lineage)
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def get(self, entity_id):
'''
Get a list of programs that some entity belongs to. For example,
a single survey may be present in multiple programs.
'''
with model.session_scope() as session:
user_session = self.get_user_session(session)
query = (session.query(model.Program).join(self.mapper).filter(
self.mapper.id == entity_id).order_by(model.Program.created))
policy = user_session.policy.derive({})
if not policy.check('surveygroup_interact_all'):
query = filter_surveygroups(session, query,
user_session.user.id, [],
[model.program_surveygroup])
deleted = self.get_argument('deleted', '')
if deleted != '':
deleted = truthy(deleted)
query = query.filter(model.Program.deleted == deleted)
programs = [
program for program in query.all()
if user_session.policy.derive({
'program': program,
}).check('program_view')
]
to_son = ToSon(
r'/id$',
r'/title$',
r'/is_editable$',
r'/created$',
r'/deleted$',
# Descend
r'/[0-9]+$',
)
sons = to_son(programs)
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
def get(self, program_id):
'''
Get a single program.
'''
if program_id == "":
self.query()
return
with model.session_scope() as session:
user_session = self.get_user_session(session)
program = (session.query(model.Program).options(
joinedload('surveygroups')).get(program_id))
if not program:
raise errors.MissingDocError("No such program")
policy = user_session.policy.derive({
'program':
program,
'surveygroups':
program.surveygroups,
})
policy.verify('surveygroup_interact')
policy.verify('program_view')
to_son = ToSon(
r'/ob_type$',
r'/id$',
r'/tracking_id$',
r'/title$',
r'</description$',
r'/created$',
r'/deleted$',
r'/is_editable$',
r'^/error$',
r'/has_quality$',
r'/hide_aggregate$',
r'/[0-9+]$',
)
if policy.check('surveygroup_browse'):
to_son.add(r'^/surveygroups$')
if not policy.check('author'):
to_son.exclude(
r'/response_types.*score$',
r'/response_types.*formula$',
)
son = to_son(program)
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def get(self):
with model.session_scope() as session:
user_session = self.get_user_session(session)
user_session.policy.verify('conf_view')
settings = {}
for name, schema in config.SCHEMA.items():
if config.is_private(name, schema):
continue
s = schema.copy()
s['name'] = to_camel_case(name)
if 'default_file_path' in s:
del s['default_file_path']
s['value'] = config.get_setting(session, name)
settings[name] = s
self.set_header("Content-Type", "application/json")
self.write(json_encode(ToSon()(settings)))
self.finish()
def test_son_iter(self):
input = TestNode(id_col=uuid.uuid4(),
int_col=1,
bool_col=True,
string_col="foo",
float_col=0.5,
date_col=datetime.date(2015, 1, 1))
input.parent = TestNode(int_col=2, string_col="bar")
input.parent.parent = TestNode(int_col=3, string_col="baz")
output = {
'intCol': 1,
'stringCol': "foo",
'parent': {
'intCol': 2,
'stringCol': "bar",
'parent': {
'intCol': 3,
'stringCol': "baz"
}
}
}
outputs = [item for item in itertools.repeat(output, 3)]
to_son = ToSon(
# Fields to match in any visisted object
r'/int_col$',
r'/string_col$',
# Descend into nested objects
r'/[0-9]+$',
r'/parent$',
omit=True)
# List iteration
inputs = [item for item in itertools.repeat(input, 3)]
self.assertEqual(outputs, to_son(inputs))
# Generator iteration
inputs = (item for item in itertools.repeat(input, 3))
self.assertEqual(outputs, to_son(inputs))
def get(self, organisation_id):
if organisation_id == "":
self.query()
return
with model.session_scope() as session:
user_session = self.get_user_session(session)
org = (session.query(model.Organisation).options(
joinedload('surveygroups')).get(organisation_id))
if not org:
raise errors.MissingDocError("No such organisation")
policy = user_session.policy.derive({
'org':
org,
'surveygroups':
org.surveygroups,
})
policy.verify('org_view')
# Check that user shares a common surveygroup with this org.
# Admins need access to orgs outside their surveygroups though.
if not policy.check('admin'):
policy.verify('surveygroup_interact')
to_son = ToSon(
r'/id$',
r'/name$',
r'/title$',
r'/deleted$',
r'/url$',
r'/locations.*$',
r'/meta.*$',
r'/[0-9+]$',
)
to_son.exclude(
r'/locations/.*/organisation(_id)?$',
r'/locations/.*/id$',
r'/meta/organisation(_id)?$',
r'/meta/id$',
)
if policy.check('surveygroup_browse'):
to_son.add(r'^/surveygroups$')
son = to_son(org)
self.set_header("Content-Type", "application/json")
self.write(json_encode(son))
self.finish()
def get(self):
sons = []
to_son = ToSon(r'.*')
with model.session_scope() as session:
user_session = self.get_user_session(session)
org = user_session.org
sons.append(
to_son({
'title': org.name,
'created': org.created,
'ob_type': 'organisation',
'ob_ids': [org.id],
}))
if user_session.policy.check('author', 'consultant'):
programs = (session.query(model.Program).filter(
model.Program.finalised_date == None).order_by(
model.Program.created.desc()).limit(2).all())
sons += to_son([{
'title': s.title,
'created': s.created,
'ob_type': 'program',
'ob_ids': [s.id],
} for s in programs])
if user_session.policy.check('clerk'):
submissions = (session.query(model.Submission).filter(
model.Submission.organisation_id == org.id).order_by(
model.Submission.created.desc()).limit(2).all())
sons += to_son([{
'title': a.title,
'created': a.created,
'ob_type': 'submission',
'ob_ids': [a.id],
} for a in submissions])
self.set_header("Content-Type", "application/json")
self.write(json_encode(sons))
self.finish()
