onadata.libs package

Subpackages

Submodules

onadata.libs.authentication module

Authentication classes.

class onadata.libs.authentication.DigestAuthentication

Bases: rest_framework.authentication.BaseAuthentication

Digest authentication

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

authenticate_header(request)

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

class onadata.libs.authentication.EnketoTokenAuthentication

Bases: rest_framework.authentication.TokenAuthentication

Enketo Token Authentication via JWT shared domain cookie name.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

model

alias of rest_framework.authtoken.models.Token

class onadata.libs.authentication.TempTokenAuthentication

Bases: rest_framework.authentication.TokenAuthentication

TempToken authentication using “Authorization: TempToken xxxx” header.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

authenticate_credentials(key)
authenticate_header(request)

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

model

alias of onadata.apps.api.models.temp_token.TempToken

class onadata.libs.authentication.TempTokenURLParameterAuthentication

Bases: onadata.libs.authentication.TempTokenAuthentication

TempToken URL via temp_token request parameter.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

model

alias of onadata.apps.api.models.temp_token.TempToken

onadata.libs.authentication.check_lockout(request)
onadata.libs.authentication.expired(time_token_created)

Checks if the time between when time_token_created and current time is greater than the token expiry time.

Params time_token_created

The time the token we are checking was created.

Returns

Boolean True if not passed expired time, otherwise False.

onadata.libs.authentication.get_api_token(json_web_token)

Get API Token from JSON Web Token

onadata.libs.authentication.login_attempts(request)

Track number of login attempts made by user within a specified amount of time

onadata.libs.authentication.send_lockout_email(username)

onadata.libs.baseviewset module

class onadata.libs.baseviewset.DefaultBaseViewset

Bases: object

onadata.libs.exceptions module

exception onadata.libs.exceptions.EnketoError(message=None)

Bases: Exception

default_message = 'There was a problem with your submissionor form. Please contact support.'
exception onadata.libs.exceptions.J2XException

Bases: Exception

exception onadata.libs.exceptions.NoRecordsFoundError

Bases: Exception

exception onadata.libs.exceptions.NoRecordsPermission

Bases: Exception

exception onadata.libs.exceptions.ServiceUnavailable(detail=None, code=None)

Bases: rest_framework.exceptions.APIException

default_detail = 'Service temporarily unavailable, try again later.'
status_code = 503

onadata.libs.filters module

class onadata.libs.filters.AnonDjangoObjectPermissionFilter

Bases: rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Anonymous user has no object permissions, return queryset as it is.

class onadata.libs.filters.AnonUserProjectFilter

Bases: rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Anonymous user has no object permissions, return queryset as it is.

owner_prefix = 'organization'
class onadata.libs.filters.AttachmentFilter

Bases: onadata.libs.filters.XFormPermissionFilterMixin, rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.AttachmentTypeFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.DataFilter

Bases: rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.EnketoAnonDjangoObjectPermissionFilter

Bases: onadata.libs.filters.AnonDjangoObjectPermissionFilter

Same as AnonDjangoObjectPermissionFilter but checks ‘report_xform’ permission when the view ‘enketo’ is accessed.

filter_queryset(request, queryset, view)

Check report_xform permission when requesting for Enketo URL.

class onadata.libs.filters.ExportFilter

Bases: onadata.libs.filters.XFormPermissionFilterMixin, rest_framework.filters.DjangoObjectPermissionsFilter

ExportFilter class uses permissions on the related xform to filter Export queryesets. Also filters submitted_by a specific user.

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.FormIDFilter(data=None, queryset=None, *, request=None, prefix=None)

Bases: django_filters.rest_framework.filterset.FilterSet

class Meta

Bases: object

fields = ['formID']
model

alias of onadata.apps.logger.models.xform.XForm

base_filters = {'formID': <django_filters.filters.CharFilter object>}
declared_filters = {'formID': <django_filters.filters.CharFilter object>}
class onadata.libs.filters.InstanceFilter(data=None, queryset=None, *, request=None, prefix=None)

Bases: django_filters.rest_framework.filterset.FilterSet

Instance FilterSet implemented using django-filter

class Meta

Bases: object

date_field_lookups = ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte']
fields = {'date_created': ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte'], 'date_modified': ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte'], 'last_edited': ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte'], 'media_all_received': ['exact'], 'status': ['exact'], 'submitted_by__id': ['exact'], 'submitted_by__username': ['exact'], 'survey_type__slug': ['exact'], 'user__id': ['exact'], 'user__username': ['exact'], 'uuid': ['exact'], 'version': ['exact', 'gt', 'lt', 'gte', 'lte']}
generic_field_lookups = ['exact', 'gt', 'lt', 'gte', 'lte']
model

alias of onadata.apps.logger.models.instance.Instance

base_filters = {'date_created': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__day': <django_filters.filters.NumberFilter object>, 'date_created__day__gt': <django_filters.filters.NumberFilter object>, 'date_created__day__gte': <django_filters.filters.NumberFilter object>, 'date_created__day__lt': <django_filters.filters.NumberFilter object>, 'date_created__day__lte': <django_filters.filters.NumberFilter object>, 'date_created__gt': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__gte': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__lt': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__lte': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__month': <django_filters.filters.NumberFilter object>, 'date_created__month__gt': <django_filters.filters.NumberFilter object>, 'date_created__month__gte': <django_filters.filters.NumberFilter object>, 'date_created__month__lt': <django_filters.filters.NumberFilter object>, 'date_created__month__lte': <django_filters.filters.NumberFilter object>, 'date_created__year': <django_filters.filters.NumberFilter object>, 'date_created__year__gt': <django_filters.filters.NumberFilter object>, 'date_created__year__gte': <django_filters.filters.NumberFilter object>, 'date_created__year__lt': <django_filters.filters.NumberFilter object>, 'date_created__year__lte': <django_filters.filters.NumberFilter object>, 'date_modified': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__day': <django_filters.filters.NumberFilter object>, 'date_modified__day__gt': <django_filters.filters.NumberFilter object>, 'date_modified__day__gte': <django_filters.filters.NumberFilter object>, 'date_modified__day__lt': <django_filters.filters.NumberFilter object>, 'date_modified__day__lte': <django_filters.filters.NumberFilter object>, 'date_modified__gt': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__gte': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__lt': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__lte': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__month': <django_filters.filters.NumberFilter object>, 'date_modified__month__gt': <django_filters.filters.NumberFilter object>, 'date_modified__month__gte': <django_filters.filters.NumberFilter object>, 'date_modified__month__lt': <django_filters.filters.NumberFilter object>, 'date_modified__month__lte': <django_filters.filters.NumberFilter object>, 'date_modified__year': <django_filters.filters.NumberFilter object>, 'date_modified__year__gt': <django_filters.filters.NumberFilter object>, 'date_modified__year__gte': <django_filters.filters.NumberFilter object>, 'date_modified__year__lt': <django_filters.filters.NumberFilter object>, 'date_modified__year__lte': <django_filters.filters.NumberFilter object>, 'last_edited': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__day': <django_filters.filters.NumberFilter object>, 'last_edited__day__gt': <django_filters.filters.NumberFilter object>, 'last_edited__day__gte': <django_filters.filters.NumberFilter object>, 'last_edited__day__lt': <django_filters.filters.NumberFilter object>, 'last_edited__day__lte': <django_filters.filters.NumberFilter object>, 'last_edited__gt': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__gte': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__lt': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__lte': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__month': <django_filters.filters.NumberFilter object>, 'last_edited__month__gt': <django_filters.filters.NumberFilter object>, 'last_edited__month__gte': <django_filters.filters.NumberFilter object>, 'last_edited__month__lt': <django_filters.filters.NumberFilter object>, 'last_edited__month__lte': <django_filters.filters.NumberFilter object>, 'last_edited__year': <django_filters.filters.NumberFilter object>, 'last_edited__year__gt': <django_filters.filters.NumberFilter object>, 'last_edited__year__gte': <django_filters.filters.NumberFilter object>, 'last_edited__year__lt': <django_filters.filters.NumberFilter object>, 'last_edited__year__lte': <django_filters.filters.NumberFilter object>, 'media_all_received': <django_filters.rest_framework.filters.BooleanFilter object>, 'status': <django_filters.filters.CharFilter object>, 'submitted_by__id': <django_filters.filters.ModelChoiceFilter object>, 'submitted_by__username': <django_filters.filters.ModelChoiceFilter object>, 'survey_type__slug': <django_filters.filters.CharFilter object>, 'user__id': <django_filters.filters.NumberFilter object>, 'user__username': <django_filters.filters.CharFilter object>, 'uuid': <django_filters.filters.CharFilter object>, 'version': <django_filters.filters.CharFilter object>, 'version__gt': <django_filters.filters.CharFilter object>, 'version__gte': <django_filters.filters.CharFilter object>, 'version__lt': <django_filters.filters.CharFilter object>, 'version__lte': <django_filters.filters.CharFilter object>}
declared_filters = {'media_all_received': <django_filters.rest_framework.filters.BooleanFilter object>, 'submitted_by__id': <django_filters.filters.ModelChoiceFilter object>, 'submitted_by__username': <django_filters.filters.ModelChoiceFilter object>}
class onadata.libs.filters.InstancePermissionFilterMixin

Bases: object

class onadata.libs.filters.MetaDataFilter

Bases: onadata.libs.filters.ProjectPermissionFilterMixin, onadata.libs.filters.InstancePermissionFilterMixin, onadata.libs.filters.XFormPermissionFilterMixin, rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.NoteFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.OrganizationPermissionFilter

Bases: rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Return a filtered queryset or all profiles if a getting a specific profile.

class onadata.libs.filters.OrganizationsSharedWithUserFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

This returns a queryset containing only organizations to which the passed user belongs.

class onadata.libs.filters.ProjectOwnerFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

owner_prefix = 'organization'
class onadata.libs.filters.ProjectPermissionFilterMixin

Bases: object

class onadata.libs.filters.PublicDatasetsFilter

Bases: object

filter_queryset(request, queryset, view)
class onadata.libs.filters.RestServiceFilter

Bases: onadata.libs.filters.XFormPermissionFilterMixin, rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.TagFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.TeamOrgFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.UserNoOrganizationsFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.UserProfileFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.WidgetFilter

Bases: onadata.libs.filters.XFormPermissionFilterMixin, rest_framework.filters.DjangoObjectPermissionsFilter

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.XFormListObjectPermissionFilter

Bases: onadata.libs.filters.AnonDjangoObjectPermissionFilter

perm_format = '%(app_label)s.report_%(model_name)s'
class onadata.libs.filters.XFormListXFormPKFilter

Bases: object

filter_queryset(request, queryset, view)
class onadata.libs.filters.XFormOwnerFilter

Bases: rest_framework.filters.BaseFilterBackend

filter_queryset(request, queryset, view)

Return a filtered queryset.

owner_prefix = 'user'
class onadata.libs.filters.XFormPermissionFilterMixin

Bases: object

onadata.libs.pagination module

class onadata.libs.pagination.StandardPageNumberPagination

Bases: rest_framework.pagination.PageNumberPagination

max_page_size = 10000
page_size = 1000
page_size_query_param = 'page_size'

onadata.libs.permissions module

Permissions module.

class onadata.libs.permissions.DataEntryMinorRole

Bases: onadata.libs.permissions.Role

Data-Entry minor Role class - user can submit and has readonly access to

data they submitted.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'can_export_project_data', 'view_project', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'can_export_xform_data', 'view_xform', 'view_xform_data']}
name = 'dataentry-minor'
class onadata.libs.permissions.DataEntryOnlyRole

Bases: onadata.libs.permissions.Role

Data-Entry only Role class.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'can_export_project_data', 'view_project'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform']}
name = 'dataentry-only'
class onadata.libs.permissions.DataEntryRole

Bases: onadata.libs.permissions.Role

Data-Entry Role class - user can submit data and has readonly permissions

to all the data including data submitted by others.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'can_export_project_data', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data']}
name = 'dataentry'
class onadata.libs.permissions.EditorMinorRole

Bases: onadata.libs.permissions.Role

Editor-Minor Role class - user can submit data, read and edit only the data

they submitted.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'change_project', 'can_export_project_data', 'view_project', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'change_xform', 'delete_submission', 'can_export_xform_data', 'view_xform', 'view_xform_data']}
name = 'editor-minor'
class onadata.libs.permissions.EditorRole

Bases: onadata.libs.permissions.Role

Editor Role class - user can submit, read and edit any submitted data.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'change_project', 'can_export_project_data', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'change_xform', 'delete_submission', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data']}
name = 'editor'
class onadata.libs.permissions.ManagerRole

Bases: onadata.libs.permissions.Role

Manager Role class - user can add,delete,edit forms and data as well as

control access to data, forms and projects.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['can_add_project', 'can_add_xform', 'view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['add_project', 'add_project_xform', 'report_project_xform', 'change_project', 'can_export_project_data', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.main.models.user_profile.UserProfile'>: ['can_add_project', 'can_add_xform', 'view_profile'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'add_xform', 'change_xform', 'delete_submission', 'delete_xform', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data']}
name = 'manager'
class onadata.libs.permissions.MemberRole

Bases: onadata.libs.permissions.Role

This is a role for a member of an organization.

name = 'member'
class onadata.libs.permissions.OwnerRole

Bases: onadata.libs.permissions.Role

This is a role for an owner of a dataset, organization, or project.

class_to_permissions = {<class 'onadata.apps.viewer.models.data_dictionary.DataDictionary'>: ['add_datadictionary', 'change_datadictionary', 'delete_datadictionary'], <class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['can_add_project', 'can_add_xform', 'add_organizationprofile', 'can_add_project', 'can_add_xform', 'change_organizationprofile', 'delete_organizationprofile', 'view_organizationprofile', 'is_org_owner'], <class 'onadata.apps.logger.models.project.Project'>: ['add_project', 'add_project_xform', 'report_project_xform', 'change_project', 'delete_project', 'can_export_project_data', 'transfer_project', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.main.models.user_profile.UserProfile'>: ['can_add_project', 'can_add_xform', 'add_userprofile', 'change_userprofile', 'delete_userprofile', 'view_profile'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'add_xform', 'change_xform', 'delete_submission', 'delete_xform', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data', 'move_xform', 'transfer_xform']}
name = 'owner'
class onadata.libs.permissions.ReadOnlyRole

Bases: onadata.libs.permissions.Role

Read-only Role class.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['can_export_project_data', 'view_project', 'view_project_all'], <class 'onadata.apps.logger.models.xform.XForm'>: ['can_export_xform_data', 'view_xform', 'view_xform_all']}
name = 'readonly'
class onadata.libs.permissions.ReadOnlyRoleNoDownload

Bases: onadata.libs.permissions.Role

Read-only no download Role class.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.logger.models.project.Project'>: ['view_project', 'view_project_all'], <class 'onadata.apps.logger.models.xform.XForm'>: ['view_xform', 'view_xform_all']}
name = 'readonly-no-download'
permissions = (('view_organizationprofile', <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>), ('view_xform', <class 'onadata.apps.logger.models.xform.XForm'>), ('view_project', <class 'onadata.apps.logger.models.project.Project'>), ('view_xform_all', <class 'onadata.apps.logger.models.xform.XForm'>), ('view_project_all', <class 'onadata.apps.logger.models.project.Project'>), ('view_mergedxform', <class 'onadata.apps.logger.models.merged_xform.MergedXForm'>))
class onadata.libs.permissions.Role

Bases: object

Base Role class.

classmethod add(user, obj)

Add obj permissions to the a user.

class_to_permissions = {}
classmethod has_role(permissions, obj)

Check that permission correspond to this role for this object.

Parameters

  • permissions – A list of permissions.

  • obj – An object or class to get the permissions of.

name = None
classmethod remove_obj_permissions(user, obj)

Remove all permissions the user has on the obj.

classmethod user_has_role(user, obj)

Check that a user has this role.

Parameters

  • user – A user object.

  • obj – An object to get the permissions of.

onadata.libs.permissions.filter_queryset_xform_meta_perms(xform, user, instance_queryset)

Check for the specific perms if meta-perms have been enabled CAN_VIEW_XFORM_ALL ==> User should be able to view all the data CAN_VIEW_XFORM_DATA ===> User should be able to view his/her submitted data. Otherwise should raise forbidden error. :param xform: :param user: :param instance_queryset: :return: data

onadata.libs.permissions.filter_queryset_xform_meta_perms_sql(xform, user, query)

Check for the specific perms if meta-perms have been enabled CAN_VIEW_XFORM_ALL ==> User should be able to view all the data CAN_VIEW_XFORM_DATA ===> User should be able to view his/her submitted

data. Otherwise should raise forbidden error.

Parameters

  • xform

  • user

  • instance_queryset

Returns

data

onadata.libs.permissions.get_group_perms(obj)

Return XFormGroupObjectPermission or ProjectGroupObjectPermission queryset.

onadata.libs.permissions.get_object_users_with_permissions(obj, username=False, with_group_users=False)

Returns users, roles and permissions for an object.

Parameters

  • obj – object, the object to check permissions on

  • username – bool, when True set username instead of a User object

onadata.libs.permissions.get_role(permissions, obj)

Return the user role for the given obj permissions.

onadata.libs.permissions.get_role_in_org(user, organization)

Return the user role in the organization.

onadata.libs.permissions.get_team_project_default_permissions(team, project)

Return team role for given project.

onadata.libs.permissions.get_user_perms(obj)

Return XFormUserObjectPermission or ProjectUserObjectPermission queryset.

onadata.libs.permissions.is_organization(obj)

Some OrganizationProfiles have a pointer to the UserProfile, but no UserProfiles do. Check for that first since it avoids a database hit.

Module contents