-
-
Notifications
You must be signed in to change notification settings - Fork 126
/
xform_submission_api.py
219 lines (182 loc) · 8.13 KB
/
xform_submission_api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# coding: utf-8
import re
import io
from django.conf import settings
from django.contrib.auth.models import User
from django.shortcuts import get_object_or_404
from django.utils.encoding import smart_str
from django.utils.translation import ugettext as _
from rest_framework import permissions
from rest_framework import status
from rest_framework import viewsets
from rest_framework import mixins
from rest_framework.authentication import (
BasicAuthentication,
TokenAuthentication,
SessionAuthentication,)
from rest_framework.response import Response
from rest_framework.renderers import BrowsableAPIRenderer, JSONRenderer
from onadata.apps.logger.models import Instance
from onadata.apps.main.models.user_profile import UserProfile
from onadata.libs import filters
from onadata.libs.authentication import DigestAuthentication
from onadata.libs.mixins.openrosa_headers_mixin import OpenRosaHeadersMixin
from onadata.libs.renderers.renderers import TemplateXMLRenderer
from onadata.libs.serializers.data_serializer import SubmissionSerializer
from onadata.libs.utils.logger_tools import dict2xform, safe_create_instance
# 10,000,000 bytes
DEFAULT_CONTENT_LENGTH = getattr(settings, 'DEFAULT_CONTENT_LENGTH', 10000000)
xml_error_re = re.compile('>(.*)<')
def is_json(request):
return 'application/json' in request.content_type.lower()
def dict_lists2strings(d):
"""Convert lists in a dict to joined strings.
:param d: The dict to convert.
:returns: The converted dict."""
for k, v in d.items():
if isinstance(v, list) and all([isinstance(e, str) for e in v]):
d[k] = ' '.join(v)
elif isinstance(v, dict):
d[k] = dict_lists2strings(v)
return d
def create_instance_from_xml(username, request):
xml_file_list = request.FILES.pop('xml_submission_file', [])
xml_file = xml_file_list[0] if len(xml_file_list) else None
media_files = request.FILES.values()
return safe_create_instance(username, xml_file, media_files, None, request)
def create_instance_from_json(username, request):
request.accepted_renderer = JSONRenderer()
request.accepted_media_type = JSONRenderer.media_type
dict_form = request.data
submission = dict_form.get('submission')
if submission is None:
# return an error
return [_("No submission key provided."), None]
# convert lists in submission dict to joined strings
submission_joined = dict_lists2strings(submission)
xml_string = dict2xform(submission_joined, dict_form.get('id'))
xml_file = io.StringIO(xml_string)
return safe_create_instance(username, xml_file, [], None, request)
class XFormSubmissionApi(OpenRosaHeadersMixin,
mixins.CreateModelMixin, viewsets.GenericViewSet):
"""
Implements OpenRosa Api [FormSubmissionAPI](\
https://bitbucket.org/javarosa/javarosa/wiki/FormSubmissionAPI)
## Submit an XML XForm submission
<pre class="prettyprint">
<b>POST</b> /api/v1/submissions</pre>
> Example
>
> curl -X POST -F xml_submission_file=@/path/to/submission.xml \
https://example.com/api/v1/submissions
## Submit an JSON XForm submission
<pre class="prettyprint">
<b>POST</b> /api/v1/submissions</pre>
> Example
>
> curl -X POST -d '{"id": "[form ID]", "submission": [the JSON]} \
http://localhost:8000/api/v1/submissions -u user:pass -H "Content-Type: \
application/json"
Here is some example JSON, it would replace `[the JSON]` above:
> {
> "transport": {
> "available_transportation_types_to_referral_facility": \
["ambulance", "bicycle"],
> "loop_over_transport_types_frequency": {
> "ambulance": {
> "frequency_to_referral_facility": "daily"
> },
> "bicycle": {
> "frequency_to_referral_facility": "weekly"
> },
> "boat_canoe": null,
> "bus": null,
> "donkey_mule_cart": null,
> "keke_pepe": null,
> "lorry": null,
> "motorbike": null,
> "taxi": null,
> "other": null
> }
> }
> "meta": {
> "instanceID": "uuid:f3d8dc65-91a6-4d0f-9e97-802128083390"
> }
> }
"""
filter_backends = (filters.AnonDjangoObjectPermissionFilter,)
model = Instance
permission_classes = (permissions.AllowAny,)
renderer_classes = (TemplateXMLRenderer,
JSONRenderer,
BrowsableAPIRenderer)
serializer_class = SubmissionSerializer
template_name = 'submission.xml'
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# Respect DEFAULT_AUTHENTICATION_CLASSES, but also ensure that the
# previously hard-coded authentication classes are included first.
# We include BasicAuthentication here to allow submissions using basic
# authentication over unencrypted HTTP. REST framework stops after the
# first class that successfully authenticates, so
# HttpsOnlyBasicAuthentication will be ignored even if included by
# DEFAULT_AUTHENTICATION_CLASSES.
authentication_classes = [
DigestAuthentication,
BasicAuthentication,
TokenAuthentication
]
# Do not use `SessionAuthentication`, which implicitly requires CSRF prevention
# (which in turn requires that the CSRF token be submitted as a cookie and in the
# body of any "unsafe" requests).
self.authentication_classes = authentication_classes + [
auth_class for auth_class in self.authentication_classes
if not auth_class in authentication_classes and \
not issubclass(auth_class, SessionAuthentication)
]
def create(self, request, *args, **kwargs):
username = self.kwargs.get('username')
if self.request.user.is_anonymous:
if username is None:
# raises a permission denied exception, forces authentication
self.permission_denied(self.request)
else:
user = get_object_or_404(User, username=username.lower())
profile, created = UserProfile.objects.get_or_create(user=user)
if profile.require_auth:
# raises a permission denied exception,
# forces authentication
self.permission_denied(self.request)
elif not username:
# get the username from the user if not set
username = (request.user and request.user.username)
if request.method.upper() == 'HEAD':
return Response(status=status.HTTP_204_NO_CONTENT,
headers=self.get_openrosa_headers(request),
template_name=self.template_name)
is_json_request = is_json(request)
error, instance = (create_instance_from_json if is_json_request else
create_instance_from_xml)(username, request)
if error or not instance:
return self.error_response(error, is_json_request, request)
context = self.get_serializer_context()
serializer = SubmissionSerializer(instance, context=context)
return Response(serializer.data,
headers=self.get_openrosa_headers(request),
status=status.HTTP_201_CREATED,
template_name=self.template_name)
def error_response(self, error, is_json_request, request):
if not error:
error_msg = _("Unable to create submission.")
status_code = status.HTTP_400_BAD_REQUEST
elif isinstance(error, str):
error_msg = error
status_code = status.HTTP_400_BAD_REQUEST
elif not is_json_request:
return error
else:
error_msg = xml_error_re.search(smart_str(error.content)).groups()[0]
status_code = error.status_code
return Response({'error': smart_str(error_msg)},
headers=self.get_openrosa_headers(request),
status=status_code)