Merge pull request #990 from onaio/odk-readonly-preview

drop check of submit permission from form list or xform download
onaio · Apr 6, 2017 · e348d6f · e348d6f
2 parents eb8fade + e87101b
commit e348d6f
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 64 deletions.
diff --git a/onadata/apps/api/tests/viewsets/test_xform_list_viewset.py b/onadata/apps/api/tests/viewsets/test_xform_list_viewset.py
@@ -12,8 +12,7 @@
     TestAbstractViewSet
 )
 from onadata.apps.api.viewsets.project_viewset import ProjectViewSet
-from onadata.apps.api.viewsets.xform_list_viewset import (
-    PreviewXFormListViewSet, XFormListViewSet)
+from onadata.apps.api.viewsets.xform_list_viewset import XFormListViewSet
 from onadata.apps.main.models import MetaData
 from onadata.libs.permissions import DataEntryRole, ReadOnlyRole
 from onadata.libs.utils.common_tags import GROUP_DELIMETER_TAG
@@ -110,62 +109,6 @@ def test_get_xform_list_with_malformed_cookie(self):
             response.data.get('detail'),
             u'JWT DecodeError: Not enough segments')
 
-    @patch('onadata.apps.api.viewsets.project_viewset.send_mail')
-    def test_read_only_users_get_non_empty_formlist_using_preview_formlist(
-            self, mock_send_mail):
-        alice_data = {
-            'username': 'alice',
-            'email': '[email protected]',
-            'password1': 'alice',
-            'password2': 'alice'
-        }
-        alice_profile = self._create_user_profile(alice_data)
-
-        self.assertFalse(
-            ReadOnlyRole.user_has_role(alice_profile.user, self.project))
-
-        # share bob's project with alice
-        data = {
-            'username': 'alice',
-            'role': ReadOnlyRole.name,
-            'email_msg': 'I have shared the project with you'
-        }
-        request = self.factory.post('/', data=data, **self.extra)
-        share_view = ProjectViewSet.as_view({'post': 'share'})
-        projectid = self.project.pk
-        response = share_view(request, pk=projectid)
-        self.assertEqual(response.status_code, 204)
-        self.assertTrue(mock_send_mail.called)
-        self.assertTrue(
-            ReadOnlyRole.user_has_role(alice_profile.user, self.project))
-
-        # check that she can authenticate successfully
-        request = self.factory.get('/')
-        response = self.view(request)
-        self.assertEqual(response.status_code, 401)
-        auth = DigestAuth('alice', 'alice')
-        request.META.update(auth(request.META, response))
-        response = self.view(request, username='bob')
-        self.assertEqual(response.status_code, 200)
-        # check that alice gets an empty response when requesting bob's
-        # formlist
-        self.assertEqual(response.data, [])
-
-        # set endpoint to preview formList
-        self.view = PreviewXFormListViewSet.as_view({"get": "list"})
-
-        request = self.factory.get('/')
-        response = self.view(request)
-        self.assertEqual(response.status_code, 401)
-        self.assertNotEqual(response.data, [])
-        auth = DigestAuth('alice', 'alice')
-        request.META.update(auth(request.META, response))
-        response = self.view(request, username='bob')
-        self.assertEqual(response.status_code, 200)
-        # check that alice does NOT get an empty response when requesting bob's
-        # formlist when using the preview formlist endpoint
-        self.assertNotEqual(response.data, [])
-
     @patch('onadata.apps.api.viewsets.project_viewset.send_mail')
     def test_get_xform_list_with_shared_forms(self, mock_send_mail):
         # create user alice
@@ -325,7 +268,7 @@ def test_get_xform_list_other_user_with_readonly_role(self):
         response = self.view(request)
         self.assertEqual(response.status_code, 200)
         content = response.render().content
-        self.assertNotIn(self.xform.id_string, content)
+        self.assertIn(self.xform.id_string, content)
         self.assertIn('<?xml version="1.0" encoding="utf-8"?>\n<xforms ',
                       content)
         self.assertTrue(response.has_header('X-OpenRosa-Version'))

diff --git a/onadata/apps/api/viewsets/xform_list_viewset.py b/onadata/apps/api/viewsets/xform_list_viewset.py
@@ -42,7 +42,7 @@ class XFormListViewSet(ETagsMixin, BaseViewset,
     authentication_classes = (DigestAuthentication,
                               EnketoTokenAuthentication,)
     content_negotiation_class = MediaFileContentNegotiation
-    filter_backends = (filters.XFormListObjectPermissionFilter,)
+    filter_backends = (filters.AnonDjangoObjectPermissionFilter,)
     queryset = XForm.objects.filter(downloadable=True, deleted_at=None)
     permission_classes = (permissions.AllowAny,)
     renderer_classes = (XFormListRenderer,)

diff --git a/onadata/libs/filters.py b/onadata/libs/filters.py
@@ -40,10 +40,6 @@ def filter_queryset(self, request, queryset, view):
             .filter_queryset(request, queryset, view)
 
 
-class XFormListObjectPermissionFilter(AnonDjangoObjectPermissionFilter):
-    perm_format = '%(app_label)s.report_%(model_name)s'
-
-
 class OrganizationPermissionFilter(filters.DjangoObjectPermissionsFilter):
 
     def filter_queryset(self, request, queryset, view):