def set_object_permissions(sender, instance=None, created=False, **kwargs): # seems the super is not called, have to get xform from here xform = XForm.objects.get(pk=instance.pk) if created: from formshare.libs.permissions import OwnerRole OwnerRole.add(instance.user, xform) if instance.created_by and instance.user != instance.created_by: OwnerRole.add(instance.created_by, xform) from formshare.libs.utils.project_utils import set_project_perms_to_xform set_project_perms_to_xform(xform, instance.project) if hasattr(instance, 'has_external_choices') \ and instance.has_external_choices: instance.xls.seek(0) f = sheet_to_csv(instance.xls.read(), 'external_choices') f.seek(0, os.SEEK_END) size = f.tell() f.seek(0) from formshare.apps.main.models.meta_data import MetaData data_file = InMemoryUploadedFile( file=f, field_name='data_file', name='itemsets.csv', content_type='text/csv', size=size, charset=None ) MetaData.media_upload(xform, data_file)
def set_object_permissions(sender, instance=None, created=False, **kwargs): if created: from formshare.libs.permissions import OwnerRole OwnerRole.add(instance.user, instance) if instance.created_by and instance.user != instance.created_by: OwnerRole.add(instance.created_by, instance) from formshare.libs.utils.project_utils import set_project_perms_to_xform set_project_perms_to_xform(instance, instance.project)
def set_project_perms_to_xform(xform, project): if project.shared != xform.shared: xform.shared = project.shared xform.shared_data = project.shared xform.save() for perm in get_object_users_with_permissions(project): user = perm['user'] if user != xform.created_by: ReadOnlyRole.add(user, xform) else: OwnerRole.add(user, xform)
def test_publish_xlsform(self): view = XFormViewSet.as_view({ 'post': 'create' }) data = { 'owner': 'http://testserver/api/v1/users/bob', 'public': False, 'public_data': False, 'description': u'transportation_2011_07_25', 'downloadable': True, 'allows_sms': False, 'encrypted': False, 'sms_id_string': u'transportation_2011_07_25', 'id_string': u'transportation_2011_07_25', 'title': u'transportation_2011_07_25', 'bamboo_dataset': u'' } path = os.path.join( settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures", "transportation", "transportation.xls") with open(path) as xls_file: post_data = {'xls_file': xls_file} request = self.factory.post('/', data=post_data, **self.extra) response = view(request) self.assertEqual(response.status_code, 201) xform = self.user.xforms.all()[0] data.update({ 'url': 'http://testserver/api/v1/forms/%s' % xform.pk }) self.assertDictContainsSubset(data, response.data) self.assertTrue(OwnerRole.user_has_role(self.user, xform)) self.assertEquals("owner", response.data['users'][0]['role'])
def test_publish_xlsform(self): view = XFormViewSet.as_view({'post': 'create'}) data = { 'owner': 'http://testserver/api/v1/users/bob', 'public': False, 'public_data': False, 'description': u'transportation_2011_07_25', 'downloadable': True, 'allows_sms': False, 'encrypted': False, 'sms_id_string': u'transportation_2011_07_25', 'id_string': u'transportation_2011_07_25', 'title': u'transportation_2011_07_25', 'bamboo_dataset': u'' } path = os.path.join(settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures", "transportation", "transportation.xls") with open(path) as xls_file: post_data = {'xls_file': xls_file} request = self.factory.post('/', data=post_data, **self.extra) response = view(request) self.assertEqual(response.status_code, 201) xform = self.user.xforms.all()[0] data.update( {'url': 'http://testserver/api/v1/forms/%s' % xform.pk}) self.assertDictContainsSubset(data, response.data) self.assertTrue(OwnerRole.user_has_role(self.user, xform)) self.assertEquals("owner", response.data['users'][0]['role'])
def test_publish_xls_form_to_organization_project(self): self._org_create() project_data = { 'owner': self.company_data['user'] } self._project_create(project_data) self._publish_xls_form_to_project() self.assertTrue(OwnerRole.user_has_role(self.user, self.xform))
def test_publish_select_external_xlsform(self): view = XFormViewSet.as_view({'post': 'create'}) path = os.path.join(settings.PROJECT_ROOT, "apps", "api", "tests", "fixtures", "select_one_external.xlsx") with open(path) as xls_file: meta_count = MetaData.objects.count() post_data = {'xls_file': xls_file} request = self.factory.post('/', data=post_data, **self.extra) response = view(request) self.assertEqual(response.status_code, 201) self.assertEqual(meta_count + 1, MetaData.objects.count()) xform = self.user.xforms.all()[0] metadata = xform.metadata_set.all()[0] self.assertEqual('itemsets.csv', metadata.data_value) self.assertTrue(OwnerRole.user_has_role(self.user, xform)) self.assertTrue(OwnerRole.user_has_role(self.user, metadata)) self.assertEquals("owner", response.data['users'][0]['role'])
def test_publish_select_external_xlsform(self): view = XFormViewSet.as_view({ 'post': 'create' }) path = os.path.join( settings.PROJECT_ROOT, "apps", "api", "tests", "fixtures", "select_one_external.xlsx") with open(path) as xls_file: meta_count = MetaData.objects.count() post_data = {'xls_file': xls_file} request = self.factory.post('/', data=post_data, **self.extra) response = view(request) self.assertEqual(response.status_code, 201) self.assertEqual(meta_count + 1, MetaData.objects.count()) xform = self.user.xforms.all()[0] metadata = xform.metadata_set.all()[0] self.assertEqual('itemsets.csv', metadata.data_value) self.assertTrue(OwnerRole.user_has_role(self.user, xform)) self.assertTrue(OwnerRole.user_has_role(self.user, metadata)) self.assertEquals("owner", response.data['users'][0]['role'])
def test_project_users_get_readonly_role_on_add_form(self): self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) ReadOnlyRole.add(alice_profile.user, self.project) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) self._publish_xls_form_to_project() self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.xform)) self.assertFalse(OwnerRole.user_has_role(alice_profile.user, self.xform))
def test_owner_cannot_remove_self_if_no_other_owner(self): self._project_create() view = ProjectViewSet.as_view({ 'put': 'share' }) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 400) error = {'remove': [u"Project requires at least one owner"]} self.assertEquals(response.data, error) self.assertTrue(OwnerRole.user_has_role(self.user, self.project)) alice_data = {'username': '******', 'email': '*****@*****.**'} profile = self._create_user_profile(alice_data) OwnerRole.add(profile.user, self.project) view = ProjectViewSet.as_view({ 'put': 'share' }) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 204) self.assertFalse(OwnerRole.user_has_role(self.user, self.project))
def test_reassign_role_owner_to_editor(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(OwnerRole.user_has_role(alice, self.xform)) OwnerRole.add(alice, self.xform) self.assertTrue(OwnerRole.user_has_role(alice, self.xform)) self.assertTrue( OwnerRole.has_role(perms_for(alice, self.xform), self.xform)) EditorRole.add(alice, self.xform) self.assertFalse(OwnerRole.user_has_role(alice, self.xform)) self.assertTrue(EditorRole.user_has_role(alice, self.xform)) self.assertFalse( OwnerRole.has_role(perms_for(alice, self.xform), self.xform)) self.assertTrue( EditorRole.has_role(perms_for(alice, self.xform), self.xform))
def test_reassign_role_owner_to_editor(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(OwnerRole.user_has_role(alice, self.xform)) OwnerRole.add(alice, self.xform) self.assertTrue(OwnerRole.user_has_role(alice, self.xform)) self.assertTrue(OwnerRole.has_role( perms_for(alice, self.xform), self.xform)) EditorRole.add(alice, self.xform) self.assertFalse(OwnerRole.user_has_role(alice, self.xform)) self.assertTrue(EditorRole.user_has_role(alice, self.xform)) self.assertFalse(OwnerRole.has_role( perms_for(alice, self.xform), self.xform)) self.assertTrue(EditorRole.has_role( perms_for(alice, self.xform), self.xform))
def handle(self, *args, **options): # XForms for xform in queryset_iterator(XForm.objects.all()): OwnerRole.add(xform.user, xform) # UserProfile for profile in queryset_iterator(UserProfile.objects.all()): set_api_permissions_for_user(profile.user) OwnerRole.add(profile.user, profile) if profile.created_by is not None: OwnerRole.add(profile.created_by, profile) # OrganizationProfile for profile in queryset_iterator(OrganizationProfile.objects.all()): OwnerRole.add(profile.user, profile) if profile.created_by is not None: OwnerRole.add(profile.created_by, profile) if profile.creator is not None: OwnerRole.add(profile.creator, profile) # Project for project in queryset_iterator(Project.objects.all()): OwnerRole.add(project.organization, project) OwnerRole.add(project.created_by, project)