def feed_entries(request, form_code): user = request.user try: if not settings.FEEDS_ENABLED: return HttpResponse(404) if invalid_date(request.GET.get('start_date')): return convert_to_json_response( {"ERROR_CODE": 102, "ERROR_MESSAGE": 'Invalid Start Date provided'}, 400) if invalid_date(request.GET.get('end_date')): return convert_to_json_response( {"ERROR_CODE": 102, "ERROR_MESSAGE": 'Invalid End Date provided'}, 400) if lesser_end_date(request.GET.get('end_date'), request.GET.get('start_date')): return convert_to_json_response( {"ERROR_CODE": 103, "ERROR_MESSAGE": 'End Date provided is less than Start Date'}, 400) if _invalid_form_code(request, form_code): return convert_to_json_response({"ERROR_CODE": 101, "ERROR_MESSAGE": 'Invalid form code provided'}, 400) dbm = get_database_manager(user) form_model = get_form_model_by_code(dbm, form_code) questionnaire_id = form_model.id if user.is_ngo_admin() or user.is_extended_user() or \ (user.is_project_manager() and has_permission(dbm, user.id, questionnaire_id)): feed_dbm = get_feeds_database(request.user) start_date = _parse_date(request.GET['start_date']) end_date = _parse_date(request.GET['end_date']) return HttpResponse(stream_feeds(feed_dbm, startkey=[form_code, start_date], endkey=[form_code, end_date]), content_type='application/json; charset=utf-8') return convert_to_json_response({"ERROR_CODE": 104, "ERROR_MESSAGE": "You don't have access to this feed"}, 403) except Exception as e: logger = logging.getLogger('datawinners') logger.exception(e) return HttpResponse(content='Internal Server Error', status=500)
def get_unique_ids_for_form_code(request, form_code): if request.method == 'GET': user = request.user dbm = get_database_manager(user) response_limit = request.GET.get('limit', 15000) try: questionnaire_id = get_form_model_by_code(dbm, form_code).id except FormModelDoesNotExistsException: return HttpResponse(status=404) if user.is_ngo_admin() or user.is_extended_user() or \ (user.is_project_manager() and has_permission(dbm, user.id, questionnaire_id)): unique_ids, questionnaire_dict = _get_response( dbm, form_code, user, response_limit) if unique_ids is None: return HttpResponse(status=404) return HttpResponse(json.dumps({ 'unique-ids': unique_ids, 'questionnaire': questionnaire_dict }), content_type='application/json; charset=UTF-8') return HttpResponse( content="Error: You don't have access to the information", status=403)
def test_should_check_user_has_permission(self): form_model_id = self._create_sample_questionnaire() user_permission = UserPermission(self.manager, 1, [form_model_id]) user_permission.save() self.assertTrue(has_permission(self.manager, 1, form_model_id)) self.assertFalse(has_permission(self.manager, 1, 'some_other_project'))
def wrapper(request, project_id, *args, **kw): user = request.user if (user.is_project_manager() or user.is_no_delete_pm()) and not has_permission(get_database_manager(user), user.id, project_id): return HttpResponseRedirect(django_settings.ACCESS_DENIED_PAGE) return f(request, project_id, *args, **kw)