Example 26 with FormClass
use of org.activityinfo.model.form.FormClass in project activityinfo by bedatadriven.
the class AuditLogWriter method writeForm.
public void writeForm(FormStorageProvider catalog, ResourceId formId) throws IOException {
FormStorage formStorage = catalog.getForm(formId).get();
FormClass formClass = formStorage.getFormClass();
Key<FormEntity> parentKey = FormEntity.key(formId);
Query<FormRecordSnapshotEntity> query = Hrd.ofy().load().type(FormRecordSnapshotEntity.class).ancestor(parentKey);
for (FormRecordSnapshotEntity snapshot : query) {
User user;
try {
user = userCache.get((int) snapshot.getUserId());
} catch (ExecutionException e) {
throw new RuntimeException(e);
}
csv.writeLine(formatTime(snapshot.getTime()), snapshot.getType().name(), user.getEmail(), user.getName(), databaseId(), db.getName(), formId.asString(), formClass.getLabel(), // Field ID
"", // Field Name
"", snapshot.getRecordId().asString(), partner());
}
}
Also used :
FormRecordSnapshotEntity(org.activityinfo.store.hrd.entity.FormRecordSnapshotEntity)
User(org.activityinfo.server.database.hibernate.entity.User)
FormStorage(org.activityinfo.store.spi.FormStorage)
FormClass(org.activityinfo.model.form.FormClass)
FormEntity(org.activityinfo.store.hrd.entity.FormEntity)
ExecutionException(java.util.concurrent.ExecutionException)
Example 27 with FormClass
use of org.activityinfo.model.form.FormClass in project activityinfo by bedatadriven.
the class GcsBlobFieldStorageServiceTest method addAttachmentField.
private FormClass addAttachmentField(int activityId, ResourceId attachmentFieldId) {
FormClass formClass = assertResolves(locator.getFormClass(CuidAdapter.activityFormClass(activityId)));
formClass.addElement(new FormField(attachmentFieldId).setLabel("Attachment").setType(AttachmentType.TYPE_CLASS.createType()).setVisible(true));
assertResolves(locator.persist(formClass));
// re-fetch
return assertResolves(locator.getFormClass(formClass.getId()));
}Example 28 with FormClass
use of org.activityinfo.model.form.FormClass in project activityinfo by bedatadriven.
the class GcsBlobFieldStorageServiceTest method blobPermissionAttack.
/**
* 1. user1 : persist blob with FormInstance1 (FormClass1) user1
* 2. user2 : persist the same blob with FormInstance2 (FormClass2) -> try to steal blob access
*/
@Test
@OnDataSet("/dbunit/sites-simple-blob-security.db.xml")
public void blobPermissionAttack() throws IOException {
blobService.setTestBucketName();
int activityId = 1;
int databaseId = 1;
int locationType = 10;
ResourceId attachmentFieldId = ResourceId.generateFieldId(AttachmentType.TYPE_CLASS);
FormClass formClass = addAttachmentField(activityId, attachmentFieldId);
blobId = BlobId.generate();
blobService.put(user, "attachment;filename=" + FILE_NAME, MimeTypeUtil.mimeTypeFromFileName(FILE_NAME), blobId, formClass.getId(), GcsBlobFieldStorageServiceTest.class.getResourceAsStream("goabout.png"));
FormInstance instance = new FormInstance(CuidAdapter.cuid(SITE_DOMAIN, new KeyGenerator().generateInt()), formClass.getId());
Attachment attachment = new Attachment();
attachment.setMimeType(MimeTypeUtil.mimeTypeFromFileName(FILE_NAME));
attachment.setBlobId(blobId.asString());
attachment.setFilename(FILE_NAME);
AttachmentValue attachmentValue = new AttachmentValue();
attachmentValue.getValues().add(attachment);
instance.set(indicatorField(1), 1);
instance.set(indicatorField(2), 2);
instance.set(attachmentFieldId, attachmentValue);
instance.set(locationField(activityId), locationRef(CuidAdapter.locationFormClass(locationType), 1));
instance.set(partnerField(activityId), partnerRef(databaseId, 1));
instance.set(projectField(activityId), projectRef(databaseId, 1));
instance.set(field(formClass.getId(), START_DATE_FIELD), new LocalDate(2014, 1, 1));
instance.set(field(formClass.getId(), END_DATE_FIELD), new LocalDate(2014, 1, 1));
instance.set(field(formClass.getId(), COMMENT_FIELD), "My comment");
assertResolves(locator.persist(instance));
assertInstanceExists(formClass.getId(), instance.getId());
AuthenticationModuleStub.setUserId(USER_WITHOUT_ACCESS_TO_DB_1);
int anotherActivityId = 32;
ResourceId newAttachmentFieldId = ResourceId.generateFieldId(AttachmentType.TYPE_CLASS);
addAttachmentField(anotherActivityId, newAttachmentFieldId);
instance.setId(CuidAdapter.cuid(SITE_DOMAIN, new KeyGenerator().generateInt()));
instance.setClassId(CuidAdapter.activityFormClass(anotherActivityId));
instance.set(newAttachmentFieldId, attachmentValue);
instance.set(field(instance.getFormId(), START_DATE_FIELD), new LocalDate(2014, 1, 1));
instance.set(field(instance.getFormId(), END_DATE_FIELD), new LocalDate(2014, 1, 1));
instance.set(partnerField(anotherActivityId), partnerRef(databaseId, 1));
boolean persisted = true;
try {
// this must fail because of blob permission check
assertResolves(locator.persist(instance));
} catch (RuntimeException e) {
e.printStackTrace();
persisted = false;
}
assertFalse("Access to blob is stolen! Permissions check for blobs is broken.", persisted);
}
Also used :
AttachmentValue(org.activityinfo.model.type.attachment.AttachmentValue)
ResourceId(org.activityinfo.model.resource.ResourceId)
FormClass(org.activityinfo.model.form.FormClass)
Attachment(org.activityinfo.model.type.attachment.Attachment)
FormInstance(org.activityinfo.model.form.FormInstance)
KeyGenerator(org.activityinfo.model.legacy.KeyGenerator)
LocalDate(org.activityinfo.model.type.time.LocalDate)
OnDataSet(org.activityinfo.server.database.OnDataSet)
Test(org.junit.Test)
Example 29 with FormClass
use of org.activityinfo.model.form.FormClass in project activityinfo by bedatadriven.
the class ActivityFormClassBuilderTest method nullLocationTypeIsNotVisible.
@Test
@OnDataSet("/dbunit/chad-form.db.xml")
public void nullLocationTypeIsNotVisible() {
setUser(9944);
int databaseId = 1470;
FormClass formClass = assertResolves(locator.getFormClass(CuidAdapter.activityFormClass(11218)));
ResourceId locationFieldId = CuidAdapter.field(formClass.getId(), CuidAdapter.LOCATION_FIELD);
assertThat(formClass.getFields(), not(hasItem(withId(locationFieldId))));
// Make sure we can update if location is not specified
FormInstance instance = new FormInstance(CuidAdapter.newLegacyFormInstanceId(formClass.getId()), formClass.getId());
instance.set(CuidAdapter.field(formClass.getId(), CuidAdapter.START_DATE_FIELD), new LocalDate(2014, 1, 1));
instance.set(CuidAdapter.field(formClass.getId(), CuidAdapter.END_DATE_FIELD), new LocalDate(2014, 1, 2));
instance.set(CuidAdapter.field(formClass.getId(), CuidAdapter.PARTNER_FIELD), CuidAdapter.partnerRef(databaseId, 1734));
instance.set(ResourceId.valueOf("Q0000031845"), new EnumValue(CuidAdapter.attributeField(166617)));
assertResolves(locator.persist(instance));
// Make sure the null location object is visible to legacy code
SiteDTO site = execute(GetSites.byId(CuidAdapter.getLegacyIdFromCuid(instance.getId()))).getData().get(0);
assertThat(site.getLocationName(), equalTo("Chad"));
}
Also used :
ResourceId(org.activityinfo.model.resource.ResourceId)
FormClass(org.activityinfo.model.form.FormClass)
EnumValue(org.activityinfo.model.type.enumerated.EnumValue)
SiteDTO(org.activityinfo.legacy.shared.model.SiteDTO)
FormInstance(org.activityinfo.model.form.FormInstance)
LocalDate(org.activityinfo.model.type.time.LocalDate)
OnDataSet(org.activityinfo.server.database.OnDataSet)
Test(org.junit.Test)
Example 30 with FormClass
use of org.activityinfo.model.form.FormClass in project activityinfo by bedatadriven.
the class FormPersisterTest method noDuplicates.
@Test
public void noDuplicates() {
FormClass formClass = assertResolves(locator.getFormClass(CuidAdapter.activityFormClass(11218)));
assertResolves(locator.persist(formClass));
FormClass formClass2 = assertResolves(locator.getFormClass(CuidAdapter.activityFormClass(11218)));
System.out.println(formClass.getFields());
System.out.println(formClass2.getFields());
assertThat(formClass2.getFields().size(), equalTo(formClass.getFields().size()));
}Aggregations
FormClass (org.activityinfo.model.form.FormClass)109
FormField (org.activityinfo.model.form.FormField)49
ResourceId (org.activityinfo.model.resource.ResourceId)41
Test (org.junit.Test)38
QuantityType (org.activityinfo.model.type.number.QuantityType)20
SubFormReferenceType (org.activityinfo.model.type.subform.SubFormReferenceType)19
FormInstance (org.activityinfo.model.form.FormInstance)14
EnumType (org.activityinfo.model.type.enumerated.EnumType)12
JsonValue (org.activityinfo.json.JsonValue)11
FormTree (org.activityinfo.model.formTree.FormTree)10
EnumItem (org.activityinfo.model.type.enumerated.EnumItem)10
ColumnSet (org.activityinfo.model.query.ColumnSet)8
QueryModel (org.activityinfo.model.query.QueryModel)8
CalculatedFieldType (org.activityinfo.model.type.expr.CalculatedFieldType)8
FieldValue (org.activityinfo.model.type.FieldValue)7
Quantity (org.activityinfo.model.type.number.Quantity)7
FormTreeBuilder (org.activityinfo.model.formTree.FormTreeBuilder)6
KeyGenerator (org.activityinfo.model.legacy.KeyGenerator)6
ColumnSetBuilder (org.activityinfo.store.query.server.ColumnSetBuilder)6
ColumnView (org.activityinfo.model.query.ColumnView)5
