def update(self, instance, validated_data):
metadata = JsonField.to_json(validated_data.get('metadata'))
if metadata is None:
metadata = dict()
owner = validated_data.get('organization')
if self.partial and metadata:
if not isinstance(instance.metadata, dict):
instance.metadata = {}
instance.metadata.update(metadata)
validated_data['metadata'] = instance.metadata
if self.partial and owner:
# give the new owner permissions
set_owners_permission(owner, instance)
if is_organization(owner.profile):
owners_team = get_organization_owners_team(owner.profile)
members_team = get_organization_members_team(owner.profile)
OwnerRole.add(owners_team, instance)
ReadOnlyRole.add(members_team, instance)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, instance.pk))
project = super(ProjectSerializer, self)\
.update(instance, validated_data)
project.xform_set.exclude(shared=project.shared)\
.update(shared=project.shared, shared_data=project.shared)
return instance
def test_widget_permission_change(self):
self._create_widget()
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(alice_data)
data = {
'title': "Widget those",
}
OwnerRole.add(self.user, self.project)
OwnerRole.add(self.user, self.xform)
request = self.factory.patch('/', data=data, **self.extra)
response = self.view(request, pk=self.widget.pk)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.data['title'], 'Widget those')
ReadOnlyRole.add(self.user, self.project)
ReadOnlyRole.add(self.user, self.xform)
request = self.factory.patch('/', data=data, **self.extra)
response = self.view(request, pk=self.widget.pk)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.data['title'], 'Widget those')
def set_object_permissions(sender, instance=None, created=False, **kwargs):
# seems the super is not called, have to get xform from here
xform = XForm.objects.get(pk=instance.pk)
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, xform)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, xform)
from onadata.libs.utils.project_utils import set_project_perms_to_xform
set_project_perms_to_xform(xform, instance.project)
if hasattr(instance, 'has_external_choices') \
and instance.has_external_choices:
instance.xls.seek(0)
f = sheet_to_csv(instance.xls.read(), 'external_choices')
f.seek(0, os.SEEK_END)
size = f.tell()
f.seek(0)
from onadata.apps.main.models.meta_data import MetaData
data_file = InMemoryUploadedFile(file=f,
field_name='data_file',
name='itemsets.csv',
content_type='text/csv',
size=size,
charset=None)
MetaData.media_upload(xform, data_file)
def test_widget_permission_change(self):
self._create_widget()
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(alice_data)
data = {
'title': "Widget those",
}
OwnerRole.add(self.user, self.project)
OwnerRole.add(self.user, self.xform)
request = self.factory.patch('/', data=data, **self.extra)
response = self.view(request, pk=self.widget.pk)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.data['title'], 'Widget those')
ReadOnlyRole.add(self.user, self.project)
ReadOnlyRole.add(self.user, self.xform)
request = self.factory.patch('/', data=data, **self.extra)
response = self.view(request, pk=self.widget.pk)
self.assertEquals(response.status_code, 200)
self.assertEquals(response.data['title'], 'Widget those')
def add_xform_to_project(xform, project, creator):
"""Adds an xform to a project"""
# remove xform from any previous relation to a project
xform.projectxform_set.all().delete()
# make new connection
instance = ProjectXForm.objects.create(xform=xform,
project=project,
created_by=creator)
instance.save()
# check if the project is a public and make the form public
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
if user != creator:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
return instance
def update(self, instance, validated_data):
metadata = JsonField.to_json(validated_data.get('metadata'))
if metadata is None:
metadata = dict()
owner = validated_data.get('organization')
if self.partial and metadata:
if not isinstance(instance.metadata, dict):
instance.metadata = {}
instance.metadata.update(metadata)
validated_data['metadata'] = instance.metadata
if self.partial and owner:
# give the new owner permissions
set_owners_permission(owner, instance)
if is_organization(owner.profile):
owners_team = get_or_create_organization_owners_team(
owner.profile)
members_team = get_organization_members_team(owner.profile)
OwnerRole.add(owners_team, instance)
ReadOnlyRole.add(members_team, instance)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, instance.pk))
project = super(ProjectSerializer, self)\
.update(instance, validated_data)
project.xform_set.exclude(shared=project.shared)\
.update(shared=project.shared, shared_data=project.shared)
return instance
def set_object_permissions(sender, instance=None, created=False, **kwargs):
# seems the super is not called, have to get xform from here
xform = XForm.objects.get(pk=instance.pk)
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, xform)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, xform)
from onadata.libs.utils.project_utils import set_project_perms_to_xform
set_project_perms_to_xform(xform, instance.project)
if hasattr(instance, 'has_external_choices') \
and instance.has_external_choices:
instance.xls.seek(0)
f = sheet_to_csv(instance.xls.read(), 'external_choices')
f.seek(0, os.SEEK_END)
size = f.tell()
f.seek(0)
from onadata.apps.main.models.meta_data import MetaData
data_file = InMemoryUploadedFile(
file=f,
field_name='data_file',
name='itemsets.csv',
content_type='text/csv',
size=size,
charset=None
)
MetaData.media_upload(xform, data_file)
def add_xform_to_project(xform, project, creator):
"""Adds an xform to a project"""
# remove xform from any previous relation to a project
xform.projectxform_set.all().delete()
# make new connection
instance = ProjectXForm.objects.create(
xform=xform, project=project, created_by=creator)
instance.save()
# check if the project is a public and make the form public
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
if user != creator:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
return instance
def set_project_perms_to_xform(xform, project):
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(project,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user != xform.created_by:
role.add(user, xform)
else:
OwnerRole.add(user, xform)
def test_owner_cannot_remove_self_if_no_other_owner(self):
self._project_create()
view = ProjectViewSet.as_view({'put': 'share'})
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 400)
error = {'remove': [u"Project requires at least one owner"]}
self.assertEquals(response.data, error)
self.assertTrue(OwnerRole.user_has_role(self.user, self.project))
alice_data = {'username': '******', 'email': '*****@*****.**'}
profile = self._create_user_profile(alice_data)
OwnerRole.add(profile.user, self.project)
view = ProjectViewSet.as_view({'put': 'share'})
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 204)
self.assertFalse(OwnerRole.user_has_role(self.user, self.project))
def set_object_permissions(sender, instance=None, created=False, **kwargs):
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, instance)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, instance)
from onadata.libs.utils.project_utils import set_project_perms_to_xform
set_project_perms_to_xform(instance, instance.project)
def set_object_permissions(sender, instance=None, created=False, **kwargs):
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, instance)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, instance)
from onadata.libs.utils.project_utils import set_project_perms_to_xform
set_project_perms_to_xform(instance, instance.project)
def test_widget_permission_create(self):
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(alice_data)
view = WidgetViewSet.as_view({'post': 'create'})
data = {
'title': "Widget that",
'content_object':
'http://testserver/api/v1/forms/%s' % self.xform.pk,
'description': "Test widget",
'aggregation': "Sum",
'widget_type': "charts",
'view_type': "horizontal-bar",
'column': "age",
'group_by': ''
}
# to do: test random user with auth but no perms
request = self.factory.post('/',
data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 400)
# owner
OwnerRole.add(self.user, self.project)
request = self.factory.post('/',
data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 201)
# readonly
ReadOnlyRole.add(self.user, self.project)
request = self.factory.post('/',
data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 201)
# dataentryonlyrole
DataEntryOnlyRole.add(self.user, self.project)
request = self.factory.post('/',
data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 201)
def test_widget_permission_create(self):
alice_data = {'username': '******', 'email': '*****@*****.**'}
self._login_user_and_profile(alice_data)
view = WidgetViewSet.as_view({
'post': 'create'
})
data = {
'title': "Widget that",
'content_object': 'http://testserver/api/v1/forms/%s' %
self.xform.pk,
'description': "Test widget",
'aggregation': "Sum",
'widget_type': "charts",
'view_type': "horizontal-bar",
'column': "age",
'group_by': ''
}
# to do: test random user with auth but no perms
request = self.factory.post('/', data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 400)
# owner
OwnerRole.add(self.user, self.project)
request = self.factory.post('/', data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 201)
# readonly
ReadOnlyRole.add(self.user, self.project)
request = self.factory.post('/', data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 201)
# dataentryonlyrole
DataEntryOnlyRole.add(self.user, self.project)
request = self.factory.post('/', data=json.dumps(data),
content_type="application/json",
**self.extra)
response = view(request)
self.assertEquals(response.status_code, 201)
def set_project_perms_to_xform(xform, project):
if project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm["user"]
if user != xform.created_by:
ReadOnlyRole.add(user, xform)
else:
OwnerRole.add(user, xform)
def set_object_permissions(sender, instance=None, created=False, **kwargs):
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, instance)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, instance)
from onadata.libs.utils.project_utils import set_project_perms_to_xform
set_project_perms_to_xform(instance, instance.project)
# clear cache
safe_delete('{}{}'.format(PROJ_FORMS_CACHE, instance.project.pk))
safe_delete('{}{}'.format(IS_ORG, instance.pk))
def test_reassign_role_owner_to_editor(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.has_role(alice, self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.has_role(alice, self.xform))
self.assertTrue(EditorRole.has_role(alice, self.xform))
def set_object_permissions(sender, instance=None, created=False, **kwargs):
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, instance)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, instance)
from onadata.libs.utils.project_utils import set_project_perms_to_xform
set_project_perms_to_xform(instance, instance.project)
# clear cache
safe_delete('{}{}'.format(PROJ_FORMS_CACHE, instance.project.pk))
safe_delete('{}{}'.format(IS_ORG, instance.pk))
def set_object_permissions(sender, instance=None, created=False, **kwargs):
"""
Apply the relevant object permissions for the form to all users who should
have access to it.
"""
if instance.project:
# clear cache
safe_delete('{}{}'.format(PROJ_FORMS_CACHE, instance.project.pk))
safe_delete('{}{}'.format(PROJ_BASE_FORMS_CACHE, instance.project.pk))
# seems the super is not called, have to get xform from here
xform = XForm.objects.get(pk=instance.pk)
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, xform)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, xform)
from onadata.libs.utils.project_utils import set_project_perms_to_xform_async # noqa
try:
set_project_perms_to_xform_async.delay(xform.pk,
instance.project.pk)
except OperationalError:
from onadata.libs.utils.project_utils import set_project_perms_to_xform # noqa
set_project_perms_to_xform(xform, instance.project)
if hasattr(instance, 'has_external_choices') \
and instance.has_external_choices:
instance.xls.seek(0)
f = sheet_to_csv(instance.xls.read(), 'external_choices')
f.seek(0, os.SEEK_END)
size = f.tell()
f.seek(0)
from onadata.apps.main.models.meta_data import MetaData
data_file = InMemoryUploadedFile(
file=f,
field_name='data_file',
name='itemsets.csv',
content_type='text/csv',
size=size,
charset=None
)
MetaData.media_upload(xform, data_file)
def set_object_permissions(sender, instance=None, created=False, **kwargs):
"""
Apply the relevant object permissions for the form to all users who should
have access to it.
"""
if instance.project:
# clear cache
safe_delete('{}{}'.format(PROJ_FORMS_CACHE, instance.project.pk))
safe_delete('{}{}'.format(PROJ_BASE_FORMS_CACHE, instance.project.pk))
# seems the super is not called, have to get xform from here
xform = XForm.objects.get(pk=instance.pk)
if created:
from onadata.libs.permissions import OwnerRole
OwnerRole.add(instance.user, xform)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, xform)
from onadata.libs.utils.project_utils import set_project_perms_to_xform_async # noqa
try:
set_project_perms_to_xform_async.delay(xform.pk,
instance.project.pk)
except OperationalError:
from onadata.libs.utils.project_utils import set_project_perms_to_xform # noqa
set_project_perms_to_xform(xform, instance.project)
if hasattr(instance, 'has_external_choices') \
and instance.has_external_choices:
instance.xls.seek(0)
f = sheet_to_csv(instance.xls.read(), 'external_choices')
f.seek(0, os.SEEK_END)
size = f.tell()
f.seek(0)
from onadata.apps.main.models.meta_data import MetaData
data_file = InMemoryUploadedFile(
file=f,
field_name='data_file',
name='itemsets.csv',
content_type='text/csv',
size=size,
charset=None
)
MetaData.media_upload(xform, data_file)
def set_project_perms_to_xform(xform, project):
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user != xform.created_by:
role.add(user, xform)
else:
OwnerRole.add(user, xform)
def set_object_permissions(sender, instance=None, created=False, **kwargs):
if created:
OwnerRole.add(instance.user, instance)
OwnerRole.add(instance.user, instance.xform_ptr)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, instance)
OwnerRole.add(instance.created_by, instance.xform_ptr)
set_project_perms_to_xform(instance, instance.project)
set_project_perms_to_xform(instance.xform_ptr, instance.project)
def set_object_permissions(sender, instance=None, created=False, **kwargs):
if created:
OwnerRole.add(instance.user, instance)
OwnerRole.add(instance.user, instance.xform_ptr)
if instance.created_by and instance.user != instance.created_by:
OwnerRole.add(instance.created_by, instance)
OwnerRole.add(instance.created_by, instance.xform_ptr)
set_project_perms_to_xform(instance, instance.project)
set_project_perms_to_xform(instance.xform_ptr, instance.project)
def test_owner_cannot_remove_self_if_no_other_owner(self):
self._project_create()
view = ProjectViewSet.as_view({
'put': 'share'
})
ManagerRole.add(self.user, self.project)
tom_data = {'username': '******', 'email': '*****@*****.**'}
bob_profile = self._create_user_profile(tom_data)
OwnerRole.add(bob_profile.user, self.project)
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 400)
error = {'remove': [u"Project requires at least one owner"]}
self.assertEquals(response.data, error)
self.assertTrue(OwnerRole.user_has_role(bob_profile.user,
self.project))
alice_data = {'username': '******', 'email': '*****@*****.**'}
profile = self._create_user_profile(alice_data)
OwnerRole.add(profile.user, self.project)
view = ProjectViewSet.as_view({
'put': 'share'
})
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 204)
self.assertFalse(OwnerRole.user_has_role(bob_profile.user,
self.project))
def test_reassign_role_owner_to_editor(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(EditorRole.user_has_role(alice, self.xform))
self.assertFalse(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
self.assertTrue(
EditorRole.has_role(perms_for(alice, self.xform), self.xform))
def set_project_perms_to_xform(xform, project):
"""
Apply project permissions to a form, this usually happens when a new form
is being published or it is being moved to a new project.
"""
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
# clear existing permissions
for perm in get_object_users_with_permissions(xform,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if role and (user != xform.user and project.user != user
and project.created_by != user):
role.remove_obj_permissions(user, xform)
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(project,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user == xform.created_by:
OwnerRole.add(user, xform)
else:
if role:
role.add(user, xform)
def set_project_perms_to_xform(xform, project):
"""
Apply project permissions to a form, this usually happens when a new form
is being published or it is being moved to a new project.
"""
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
# clear existing permissions
for perm in get_object_users_with_permissions(
xform, with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if role and (user != xform.user and project.user != user and
project.created_by != user):
role.remove_obj_permissions(user, xform)
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(
project, with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user == xform.created_by:
OwnerRole.add(user, xform)
else:
if role:
role.add(user, xform)
def test_reassign_role_owner_to_editor(self):
"""
Test role reassignment owner to editor.
"""
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(EditorRole.user_has_role(alice, self.xform))
self.assertFalse(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
self.assertTrue(
EditorRole.has_role(perms_for(alice, self.xform), self.xform))
def test_submission_review_created_by_filter(self):
"""
Test we can filter by created_by
"""
review_one_data = self._create_submission_review()
submission_review = SubmissionReview.objects.get(
id=review_one_data['id'])
self._create_user_and_login('dave', '1234')
extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
# Ensure user is an Admin
OwnerRole.add(self.user, submission_review.instance.xform)
review_two_data = {
'note': "Sup ?",
'instance': review_one_data['instance'],
'status': SubmissionReview.APPROVED
}
view = SubmissionReviewViewSet.as_view({
'post': 'create',
'get': 'list'
})
request = self.factory.post('/', data=review_two_data, **extra)
response = view(request=request)
self.assertEqual(201, response.status_code)
review_two_data = response.data
self.assertEqual(2, len(SubmissionReview.objects.all()))
# Can filter submission review list by created_by
request = self.factory.get('/', {'created_by': self.user.id},
**self.extra)
response = view(request=request)
self.assertEqual(200, response.status_code)
self.assertEqual(1, len(response.data))
self.assertEqual(review_two_data['id'], response.data[0]['id'])
def handle(self, *args, **options):
# XForms
for xform in queryset_iterator(XForm.objects.all()):
OwnerRole.add(xform.user, xform)
# UserProfile
for profile in queryset_iterator(UserProfile.objects.all()):
set_api_permissions_for_user(profile.user)
OwnerRole.add(profile.user, profile)
if profile.created_by is not None:
OwnerRole.add(profile.created_by, profile)
# OrganizationProfile
for profile in queryset_iterator(OrganizationProfile.objects.all()):
OwnerRole.add(profile.user, profile)
if profile.created_by is not None:
OwnerRole.add(profile.created_by, profile)
if profile.creator is not None:
OwnerRole.add(profile.creator, profile)
# Project
for project in queryset_iterator(Project.objects.all()):
OwnerRole.add(project.organization, project)
OwnerRole.add(project.created_by, project)
def publish_project_xform(request, project):
"""
Publish XLSForm to a project given a request.
"""
def set_form():
"""
Instantiates QuickConverter form to publish a form.
"""
props = {
'project': project.pk,
'dropbox_xls_url': request.data.get('dropbox_xls_url'),
'xls_url': request.data.get('xls_url'),
'csv_url': request.data.get('csv_url'),
'text_xls_form': request.data.get('text_xls_form')
}
form = QuickConverter(props, request.FILES)
return form.publish(project.organization, created_by=request.user)
xform = None
def id_string_exists_in_account():
"""
Checks if an id_string exists in an account, returns True if it exists
otherwise returns False.
"""
try:
XForm.objects.get(
user=project.organization, id_string=xform.id_string)
except XForm.DoesNotExist:
return False
return True
if 'formid' in request.data:
xform = get_object_or_404(XForm, pk=request.data.get('formid'))
safe_delete('{}{}'.format(PROJ_FORMS_CACHE, xform.project.pk))
safe_delete('{}{}'.format(PROJ_BASE_FORMS_CACHE, xform.project.pk))
if not ManagerRole.user_has_role(request.user, xform):
raise exceptions.PermissionDenied(
_("{} has no manager/owner role to the form {}".format(
request.user, xform)))
msg = 'Form with the same id_string already exists in this account'
# Without this check, a user can't transfer a form to projects that
# he/she owns because `id_string_exists_in_account` will always
# return true
if project.organization != xform.user and \
id_string_exists_in_account():
raise exceptions.ParseError(_(msg))
xform.user = project.organization
xform.project = project
try:
with transaction.atomic():
xform.save()
except IntegrityError:
raise exceptions.ParseError(_(msg))
else:
# First assign permissions to the person who uploaded the form
OwnerRole.add(request.user, xform)
try:
# Next run async task to apply all other perms
set_project_perms_to_xform_async.delay(xform.pk, project.pk)
except OperationalError:
# Apply permissions synchrounously
set_project_perms_to_xform(xform, project)
else:
xform = publish_form(set_form)
return xform
def publish_project_xform(request, project):
"""
Publish XLSForm to a project given a request.
"""
def set_form():
"""
Instantiates QuickConverter form to publish a form.
"""
props = {
'project': project.pk,
'dropbox_xls_url': request.data.get('dropbox_xls_url'),
'xls_url': request.data.get('xls_url'),
'csv_url': request.data.get('csv_url'),
'text_xls_form': request.data.get('text_xls_form')
}
form = QuickConverter(props, request.FILES)
return form.publish(project.organization, created_by=request.user)
xform = None
def id_string_exists_in_account():
"""
Checks if an id_string exists in an account, returns True if it exists
otherwise returns False.
"""
try:
XForm.objects.get(user=project.organization,
id_string=xform.id_string)
except XForm.DoesNotExist:
return False
return True
if 'formid' in request.data:
xform = get_object_or_404(XForm, pk=request.data.get('formid'))
safe_delete('{}{}'.format(PROJ_FORMS_CACHE, xform.project.pk))
safe_delete('{}{}'.format(PROJ_BASE_FORMS_CACHE, xform.project.pk))
if not ManagerRole.user_has_role(request.user, xform):
raise exceptions.PermissionDenied(
_("{} has no manager/owner role to the form {}".format(
request.user, xform)))
msg = 'Form with the same id_string already exists in this account'
# Without this check, a user can't transfer a form to projects that
# he/she owns because `id_string_exists_in_account` will always
# return true
if project.organization != xform.user and \
id_string_exists_in_account():
raise exceptions.ParseError(_(msg))
xform.user = project.organization
xform.project = project
try:
with transaction.atomic():
xform.save()
except IntegrityError:
raise exceptions.ParseError(_(msg))
else:
# First assign permissions to the person who uploaded the form
OwnerRole.add(request.user, xform)
try:
# Next run async task to apply all other perms
set_project_perms_to_xform_async.delay(xform.pk, project.pk)
except OperationalError:
# Apply permissions synchrounously
set_project_perms_to_xform(xform, project)
else:
xform = publish_form(set_form)
return xform
def set_owners_permission(user, project):
"""Give the user owner permission"""
OwnerRole.add(user, project)
def set_owners_permission(user, project):
"""Give the user owner permission"""
OwnerRole.add(user, project)
