aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--backend/models/form.py7
-rw-r--r--backend/routes/forms/discover.py2
-rw-r--r--backend/routes/forms/form.py36
-rw-r--r--backend/routes/forms/index.py19
-rw-r--r--backend/routes/forms/new.py35
5 files changed, 62 insertions, 37 deletions
diff --git a/backend/models/form.py b/backend/models/form.py
index 8d7fe9b..400f8ad 100644
--- a/backend/models/form.py
+++ b/backend/models/form.py
@@ -5,6 +5,8 @@ from pydantic import BaseModel, Field, validator
from backend.constants import FormFeatures
from .question import Question
+PUBLIC_FIELDS = ["id", "features", "questions", "name", "description"]
+
class Form(BaseModel):
"""Schema model for form."""
@@ -31,3 +33,8 @@ class Form(BaseModel):
raise ValueError("COLLECT_EMAIL feature require REQUIRES_LOGIN feature.")
return value
+
+ def dict(self, admin: bool = True, **kwargs: t.Dict) -> t.Dict[str, t.Any]:
+ """Wrapper for original function to exclude private data for public access."""
+ data = super().dict(**kwargs)
+ return {field: data[field] for field in PUBLIC_FIELDS} if admin else data
diff --git a/backend/routes/forms/discover.py b/backend/routes/forms/discover.py
index af6066e..bba6fd4 100644
--- a/backend/routes/forms/discover.py
+++ b/backend/routes/forms/discover.py
@@ -25,7 +25,7 @@ class DiscoverableFormsList(Route):
for form in await cursor.to_list(None):
forms.append(Form(**form))
- forms = [form.dict() for form in forms]
+ forms = [form.dict(admin=False) for form in forms]
return JSONResponse(
forms
diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py
new file mode 100644
index 0000000..599632e
--- /dev/null
+++ b/backend/routes/forms/form.py
@@ -0,0 +1,36 @@
+"""
+Returns single form information by ID.
+"""
+from starlette.requests import Request
+from starlette.responses import JSONResponse
+
+from backend.route import Route
+from backend.models import Form
+
+
+class SingleForm(Route):
+ """
+ Returns single form information by ID.
+
+ Returns all fields for admins, otherwise only public fields.
+ """
+
+ name = "form"
+ path = "/{form_id:str}"
+
+ async def get(self, request: Request) -> JSONResponse:
+ """Returns single form information by ID."""
+ admin = request.user.payload["admin"] if request.user.is_authenticated else False # noqa
+
+ filters = {
+ "_id": request.path_params["form_id"]
+ }
+
+ if not admin:
+ filters["features"] = "OPEN"
+
+ if raw_form := await request.state.db.forms.find_one(filters):
+ form = Form(**raw_form)
+ return JSONResponse(form.dict(admin=admin))
+
+ return JSONResponse({"error": "not_found"}, status_code=404)
diff --git a/backend/routes/forms/index.py b/backend/routes/forms/index.py
index f1df210..bb2b299 100644
--- a/backend/routes/forms/index.py
+++ b/backend/routes/forms/index.py
@@ -1,6 +1,7 @@
"""
Return a list of all forms to authenticated users.
"""
+from pydantic import ValidationError
from starlette.authentication import requires
from starlette.requests import Request
from starlette.responses import JSONResponse
@@ -14,7 +15,7 @@ class FormsList(Route):
List all available forms for administrator viewing.
"""
- name = "forms_list"
+ name = "forms_list_create"
path = "/"
@requires(["authenticated", "admin"])
@@ -31,3 +32,19 @@ class FormsList(Route):
return JSONResponse(
forms
)
+
+ @requires(["authenticated", "admin"])
+ async def post(self, request: Request) -> JSONResponse:
+ form_data = await request.json()
+ try:
+ form = Form(**form_data)
+ except ValidationError as e:
+ return JSONResponse(e.errors())
+
+ if await request.state.db.forms.find_one({"_id": form.id}):
+ return JSONResponse({
+ "error": "id_taken"
+ }, status_code=400)
+
+ await request.state.db.forms.insert_one(form.dict(by_alias=True))
+ return JSONResponse(form.dict())
diff --git a/backend/routes/forms/new.py b/backend/routes/forms/new.py
deleted file mode 100644
index 6437a4a..0000000
--- a/backend/routes/forms/new.py
+++ /dev/null
@@ -1,35 +0,0 @@
-"""
-Creates new form based on data provided.
-"""
-from pydantic import ValidationError
-from starlette.authentication import requires
-from starlette.requests import Request
-from starlette.responses import JSONResponse
-
-from backend.models import Form
-from backend.route import Route
-
-
-class FormCreate(Route):
- """
- Creates new form from JSON data.
- """
-
- name = "forms_create"
- path = "/new"
-
- @requires(["authenticated", "admin"])
- async def post(self, request: Request) -> JSONResponse:
- form_data = await request.json()
- try:
- form = Form(**form_data)
- except ValidationError as e:
- return JSONResponse(e.errors())
-
- if await request.state.db.forms.find_one({"_id": form.id}):
- return JSONResponse({
- "error": "Form with same ID already exists."
- }, status_code=400)
-
- await request.state.db.forms.insert_one(form.dict(by_alias=True))
- return JSONResponse(form.dict())