onadata.libs package

Subpackages

Submodules

onadata.libs.authentication module

Authentication classes.

class onadata.libs.authentication.DigestAuthentication

Bases: BaseAuthentication

Digest authentication

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

authenticate_header(request)

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

class onadata.libs.authentication.EnketoTokenAuthentication

Bases: TokenAuthentication

Enketo Token Authentication via JWT shared domain cookie name.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

model

alias of Token

class onadata.libs.authentication.MasterReplicaOAuth2Validator

Bases: OAuth2Validator

Custom OAuth2Validator class that takes into account replication lag between Master & Replica databases https://github.com/jazzband/django-oauth-toolkit/blob/ 3bde632d5722f1f85ffcd8277504955321f00fff/oauth2_provider/oauth2_validators.py#L49

introspect_token(token, token_type_hint, request, *args, **kwargs)

See oauthlib.oauth2.rfc6749.request_validator

validate_bearer_token(token, scopes, request)

When users try to access resources, check that provided token is valid

validate_silent_authorization(request)

See oauthlib.oauth2.rfc6749.request_validator

validate_silent_login(request)

See oauthlib.oauth2.rfc6749.request_validator

class onadata.libs.authentication.SSOHeaderAuthentication

Bases: BaseAuthentication

SSO Cookie authentication. Authenticates a user using the SSO cookie or HTTP_SSO header.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

class onadata.libs.authentication.TempTokenAuthentication

Bases: TokenAuthentication

TempToken authentication using “Authorization: TempToken xxxx” header.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

authenticate_credentials(key)
authenticate_header(request)

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

model

alias of TempToken

class onadata.libs.authentication.TempTokenURLParameterAuthentication

Bases: TempTokenAuthentication

TempToken URL via temp_token request parameter.

authenticate(request)

Authenticate the request and return a two-tuple of (user, token).

model

alias of TempToken

onadata.libs.authentication.check_lockout(request) Tuple[str | None, str | None]

Check request user is not locked out on authentication.

Returns the username if not locked out, None if request path is in LOCKOUT_EXCLUDED_PATHS. Raises AuthenticationFailed on lockout.

onadata.libs.authentication.expired(time_token_created)

Checks if the time between when time_token_created and current time is greater than the token expiry time.

Params time_token_created:

The time the token we are checking was created.

Returns:

Boolean True if not passed expired time, otherwise False.

onadata.libs.authentication.get_api_token(cookie_jwt)

Get API Token from JSON Web Token

onadata.libs.authentication.login_attempts(request)

Track number of login attempts made by a specific IP within a specified amount of time

onadata.libs.authentication.retrieve_user_identification(request) Tuple[str | None, str | None]

Retrieve user information from a HTTP request.

onadata.libs.authentication.send_lockout_email(username, ip_address)

Send locked out email

onadata.libs.baseviewset module

The DefaultBaseViewset class

class onadata.libs.baseviewset.DefaultBaseViewset

Bases: object

The DefaultBaseViewset class

onadata.libs.exceptions module

Custom Expecting classes.

exception onadata.libs.exceptions.EnketoError(message=None)

Bases: Exception

Enketo specigic exceptions

default_message = 'There was a problem with your submission or form. Please contact support.'
exception onadata.libs.exceptions.J2XException

Bases: Exception

Raise for json-to-xls exceptions on external exports.

exception onadata.libs.exceptions.NoRecordsFoundError

Bases: Exception

Raise for when no records are found.

exception onadata.libs.exceptions.NoRecordsPermission

Bases: Exception

Raise when no permissions to access records.

exception onadata.libs.exceptions.ServiceUnavailable(detail=None, code=None)

Bases: APIException

Custom service unavailable exception.

default_detail = 'Service temporarily unavailable, try again later.'
status_code = 503

onadata.libs.filters module

Django rest_framework ViewSet filters.

class onadata.libs.filters.AnonDjangoObjectPermissionFilter

Bases: ObjectPermissionsFilter

Anonymous user permission filter class.

filter_queryset(request, queryset, view)

Anonymous user has no object permissions, return queryset as it is.

class onadata.libs.filters.AnonUserProjectFilter

Bases: ObjectPermissionsFilter

Anonymous user project filter.

filter_queryset(request, queryset, view)

Anonymous user has no object permissions, return queryset as it is.

owner_prefix = 'organization'
class onadata.libs.filters.AttachmentFilter

Bases: XFormPermissionFilterMixin, ObjectPermissionsFilter

Attachment filter.

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.AttachmentTypeFilter

Bases: BaseFilterBackend

Attachment type filter using type query parameter.

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.DataFilter

Bases: ObjectPermissionsFilter

Shared data filter.

filter_queryset(request, queryset, view)

Filter by XForm.shared_data = True for anonymous users.

class onadata.libs.filters.EnketoAnonDjangoObjectPermissionFilter

Bases: AnonDjangoObjectPermissionFilter

Same as AnonDjangoObjectPermissionFilter but checks ‘report_xform’ permission when the view ‘enketo’ is accessed.

filter_queryset(request, queryset, view)

Check report_xform permission when requesting for Enketo URL.

class onadata.libs.filters.ExportFilter

Bases: XFormPermissionFilterMixin, ObjectPermissionsFilter

ExportFilter class uses permissions on the related xform to filter Export querysets. Also filters submitted_by a specific user.

filter_queryset(request, queryset, view)

Filter by xform permissions and submitted by user.

class onadata.libs.filters.FormIDFilter(data=None, queryset=None, *, request=None, prefix=None)

Bases: FilterSet

formID filter using the XForm.id_string.

class Meta

Bases: object

fields = ['formID']
model

alias of XForm

base_filters = {'formID': <django_filters.filters.CharFilter object>}
declared_filters = {'formID': <django_filters.filters.CharFilter object>}
class onadata.libs.filters.InstanceFilter(data=None, queryset=None, *, request=None, prefix=None)

Bases: FilterSet

Instance FilterSet implemented using django-filter

class Meta

Bases: object

date_field_lookups = ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte']
fields = {'date_created': ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte'], 'date_modified': ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte'], 'last_edited': ['exact', 'gt', 'lt', 'gte', 'lte', 'year', 'year__gt', 'year__lt', 'year__gte', 'year__lte', 'month', 'month__gt', 'month__lt', 'month__gte', 'month__lte', 'day', 'day__gt', 'day__lt', 'day__gte', 'day__lte'], 'media_all_received': ['exact'], 'status': ['exact'], 'survey_type__slug': ['exact'], 'user__id': ['exact'], 'user__username': ['exact'], 'uuid': ['exact'], 'version': ['exact', 'gt', 'lt', 'gte', 'lte']}
generic_field_lookups = ['exact', 'gt', 'lt', 'gte', 'lte']
model

alias of Instance

base_filters = {'date_created': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__day': <django_filters.filters.NumberFilter object>, 'date_created__day__gt': <django_filters.filters.NumberFilter object>, 'date_created__day__gte': <django_filters.filters.NumberFilter object>, 'date_created__day__lt': <django_filters.filters.NumberFilter object>, 'date_created__day__lte': <django_filters.filters.NumberFilter object>, 'date_created__gt': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__gte': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__lt': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__lte': <django_filters.filters.IsoDateTimeFilter object>, 'date_created__month': <django_filters.filters.NumberFilter object>, 'date_created__month__gt': <django_filters.filters.NumberFilter object>, 'date_created__month__gte': <django_filters.filters.NumberFilter object>, 'date_created__month__lt': <django_filters.filters.NumberFilter object>, 'date_created__month__lte': <django_filters.filters.NumberFilter object>, 'date_created__year': <django_filters.filters.NumberFilter object>, 'date_created__year__gt': <django_filters.filters.NumberFilter object>, 'date_created__year__gte': <django_filters.filters.NumberFilter object>, 'date_created__year__lt': <django_filters.filters.NumberFilter object>, 'date_created__year__lte': <django_filters.filters.NumberFilter object>, 'date_modified': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__day': <django_filters.filters.NumberFilter object>, 'date_modified__day__gt': <django_filters.filters.NumberFilter object>, 'date_modified__day__gte': <django_filters.filters.NumberFilter object>, 'date_modified__day__lt': <django_filters.filters.NumberFilter object>, 'date_modified__day__lte': <django_filters.filters.NumberFilter object>, 'date_modified__gt': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__gte': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__lt': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__lte': <django_filters.filters.IsoDateTimeFilter object>, 'date_modified__month': <django_filters.filters.NumberFilter object>, 'date_modified__month__gt': <django_filters.filters.NumberFilter object>, 'date_modified__month__gte': <django_filters.filters.NumberFilter object>, 'date_modified__month__lt': <django_filters.filters.NumberFilter object>, 'date_modified__month__lte': <django_filters.filters.NumberFilter object>, 'date_modified__year': <django_filters.filters.NumberFilter object>, 'date_modified__year__gt': <django_filters.filters.NumberFilter object>, 'date_modified__year__gte': <django_filters.filters.NumberFilter object>, 'date_modified__year__lt': <django_filters.filters.NumberFilter object>, 'date_modified__year__lte': <django_filters.filters.NumberFilter object>, 'last_edited': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__day': <django_filters.filters.NumberFilter object>, 'last_edited__day__gt': <django_filters.filters.NumberFilter object>, 'last_edited__day__gte': <django_filters.filters.NumberFilter object>, 'last_edited__day__lt': <django_filters.filters.NumberFilter object>, 'last_edited__day__lte': <django_filters.filters.NumberFilter object>, 'last_edited__gt': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__gte': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__lt': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__lte': <django_filters.filters.IsoDateTimeFilter object>, 'last_edited__month': <django_filters.filters.NumberFilter object>, 'last_edited__month__gt': <django_filters.filters.NumberFilter object>, 'last_edited__month__gte': <django_filters.filters.NumberFilter object>, 'last_edited__month__lt': <django_filters.filters.NumberFilter object>, 'last_edited__month__lte': <django_filters.filters.NumberFilter object>, 'last_edited__year': <django_filters.filters.NumberFilter object>, 'last_edited__year__gt': <django_filters.filters.NumberFilter object>, 'last_edited__year__gte': <django_filters.filters.NumberFilter object>, 'last_edited__year__lt': <django_filters.filters.NumberFilter object>, 'last_edited__year__lte': <django_filters.filters.NumberFilter object>, 'media_all_received': <django_filters.rest_framework.filters.BooleanFilter object>, 'status': <django_filters.filters.CharFilter object>, 'submitted_by__id': <django_filters.filters.ModelChoiceFilter object>, 'submitted_by__username': <django_filters.filters.ModelChoiceFilter object>, 'survey_type__slug': <django_filters.filters.CharFilter object>, 'user__id': <django_filters.filters.NumberFilter object>, 'user__username': <django_filters.filters.CharFilter object>, 'uuid': <django_filters.filters.CharFilter object>, 'version': <django_filters.filters.CharFilter object>, 'version__gt': <django_filters.filters.CharFilter object>, 'version__gte': <django_filters.filters.CharFilter object>, 'version__lt': <django_filters.filters.CharFilter object>, 'version__lte': <django_filters.filters.CharFilter object>}
declared_filters = {'media_all_received': <django_filters.rest_framework.filters.BooleanFilter object>, 'submitted_by__id': <django_filters.filters.ModelChoiceFilter object>, 'submitted_by__username': <django_filters.filters.ModelChoiceFilter object>}
class onadata.libs.filters.InstancePermissionFilterMixin

Bases: object

Instance permission filter.

class onadata.libs.filters.MetaDataFilter

Bases: ProjectPermissionFilterMixin, InstancePermissionFilterMixin, XFormPermissionFilterMixin, ObjectPermissionsFilter

Meta data filter.

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.NoteFilter

Bases: BaseFilterBackend

Notes filter by the query parameter instance.

filter_queryset(request, queryset, view)

Notes filter by the query parameter instance.

class onadata.libs.filters.OrganizationPermissionFilter

Bases: ObjectPermissionsFilter

Organization profiles filter

Based on the organization the profile is added to.

filter_queryset(request, queryset, view)

Return a filtered queryset or all profiles if a getting a specific profile.

class onadata.libs.filters.OrganizationsSharedWithUserFilter

Bases: BaseFilterBackend

Filters by shared_with query parameter.

filter_queryset(request, queryset, view)

This returns a queryset containing only organizations to which the passed user belongs.

class onadata.libs.filters.ProjectOwnerFilter

Bases: BaseFilterBackend

Project owner filter.

filter_queryset(request, queryset, view)

Project owner filter.

owner_prefix = 'organization'
class onadata.libs.filters.ProjectPermissionFilterMixin

Bases: object

Project permission filter.

class onadata.libs.filters.PublicDatasetsFilter

Bases: object

Public data set filter where the share attribute is True

filter_queryset(request, queryset, view)

Return a queryset of shared=True data if the user is anonymous.

class onadata.libs.filters.RestServiceFilter

Bases: XFormPermissionFilterMixin, ObjectPermissionsFilter

Rest service filter.

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.TagFilter

Bases: BaseFilterBackend

Tag filter using the tags query parameter.

filter_queryset(request, queryset, view)

Tag filter using the tags query parameter.

class onadata.libs.filters.TeamOrgFilter

Bases: BaseFilterBackend

Team organization filter using org query parameter

filter_queryset(request, queryset, view)

Return a filtered queryset.

class onadata.libs.filters.UserNoOrganizationsFilter

Bases: BaseFilterBackend

Filter by orgs query parameter.

filter_queryset(request, queryset, view)

Returns all users that are not organizations when orgs=false query parameter

class onadata.libs.filters.UserProfileFilter

Bases: BaseFilterBackend

Filter by the users query parameter.

filter_queryset(request, queryset, view)

Filter by the users query parameter - returns a queryset of only the users in the users parameter when view.action == “list”

class onadata.libs.filters.WidgetFilter

Bases: XFormPermissionFilterMixin, ObjectPermissionsFilter

Filter to return forms shared with user.

filter_queryset(request, queryset, view)

Filter to return forms shared with user when view.action == "list".

class onadata.libs.filters.XFormListObjectPermissionFilter

Bases: AnonDjangoObjectPermissionFilter

XFormList permission filter with using [app].report_[model] form.

perm_format = '%(app_label)s.report_%(model_name)s'
class onadata.libs.filters.XFormListXFormPKFilter

Bases: object

Filter forms via ‘xform_pk’ param.

filter_queryset(request, queryset, view)

Returns an XForm queryset filtered by the 1xform_pk’ param.

class onadata.libs.filters.XFormOwnerFilter

Bases: BaseFilterBackend

XForm owner filter

filter_queryset(request, queryset, view)

Filter by owner query parameter.

owner_prefix = 'user'
class onadata.libs.filters.XFormPermissionFilterMixin

Bases: object

XForm permission filter.

onadata.libs.pagination module

Pagination classes.

class onadata.libs.pagination.CountOverridablePageNumberPagination

Bases: StandardPageNumberPagination

Count override PageNumberPagination

Allows overriding the count especially in the event it may be expensive request.

django_paginator_class

alias of CountOverridablePaginator

paginate_queryset(queryset, request, view, count=None)

Paginate a queryset if required, either returning a page object, or None if pagination is not configured for this view.

class onadata.libs.pagination.CountOverridablePaginator(object_list, per_page, orphans: int = 0, allow_empty_first_page: bool = True, count_override: int | None = None)

Bases: Paginator

Count override Paginator

Allows overriding the count especially in the event it may be expensive request.

count
class onadata.libs.pagination.RawSQLQueryPageNumberPagination

Bases: CountOverridablePageNumberPagination

PageNumberPagination class for raw SQL queries

django_paginator_class

alias of RawSQLQueryPaginator

get_offset_limit(request, count: int) Tuple[int, int]

Returns the offset and limit to be used in a raw SQL query

class onadata.libs.pagination.RawSQLQueryPaginator(object_list, per_page, orphans: int = 0, allow_empty_first_page: bool = True, count_override: int | None = None)

Bases: CountOverridablePaginator

Paginator class for raw SQL queries

page(number)

Return page

self.object_list is NOT sliced because self.object_list should have been paginated via OFFSET and LIMIT before creating a RawPaginator instance

class onadata.libs.pagination.StandardPageNumberPagination

Bases: PageNumberPagination

The Standard PageNumberPagination class

Set’s the default page_size to 1000 with a maximum page_size of 10,000 records per page.

Generates pagination headers for a HTTP response object

Returns the URL to the first page.

Returns the URL to the last page.

max_page_size = 10000
page_size = 1000
page_size_query_param = 'page_size'

onadata.libs.permissions module

Permissions module.

class onadata.libs.permissions.DataEntryMinorRole

Bases: Role

Data-Entry minor Role class - user can submit and has readonly access to

data they submitted.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'can_export_project_data', 'view_project', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'can_export_xform_data', 'view_xform', 'view_xform_data']}
name = 'dataentry-minor'
class onadata.libs.permissions.DataEntryOnlyRole

Bases: Role

Data-Entry only Role class.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'can_export_project_data', 'view_project'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform']}
name = 'dataentry-only'
class onadata.libs.permissions.DataEntryRole

Bases: Role

Data-Entry Role class - user can submit data and has readonly permissions

to all the data including data submitted by others.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'can_export_project_data', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data']}
name = 'dataentry'
class onadata.libs.permissions.EditorMinorRole

Bases: Role

Editor-Minor Role class - user can submit data, read and edit only the data

they submitted.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'change_project', 'can_export_project_data', 'view_project', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'change_xform', 'delete_submission', 'can_export_xform_data', 'view_xform', 'view_xform_data']}
name = 'editor-minor'
class onadata.libs.permissions.EditorRole

Bases: Role

Editor Role class - user can submit, read and edit any submitted data.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['report_project_xform', 'change_project', 'can_export_project_data', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'change_xform', 'delete_submission', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data']}
name = 'editor'
class onadata.libs.permissions.ManagerRole

Bases: Role

Manager Role class - user can add,delete,edit forms and data as well as

control access to data, forms and projects.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['can_add_project', 'can_add_xform', 'view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['add_project', 'add_project_xform', 'report_project_xform', 'change_project', 'can_export_project_data', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.main.models.user_profile.UserProfile'>: ['can_add_project', 'can_add_xform', 'view_profile'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'add_xform', 'change_xform', 'delete_submission', 'delete_xform', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data']}
name = 'manager'
class onadata.libs.permissions.MemberRole

Bases: Role

This is a role for a member of an organization.

name = 'member'
class onadata.libs.permissions.OwnerRole

Bases: Role

This is a role for an owner of a dataset, organization, or project.

class_to_permissions = {<class 'onadata.apps.viewer.models.data_dictionary.DataDictionary'>: ['add_datadictionary', 'change_datadictionary', 'delete_datadictionary'], <class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['can_add_project', 'can_add_xform', 'add_organizationprofile', 'can_add_project', 'can_add_xform', 'change_organizationprofile', 'delete_organizationprofile', 'view_organizationprofile', 'is_org_owner'], <class 'onadata.apps.logger.models.project.Project'>: ['add_project', 'add_project_xform', 'report_project_xform', 'change_project', 'delete_project', 'can_export_project_data', 'transfer_project', 'view_project', 'view_project_all', 'view_project_data'], <class 'onadata.apps.main.models.user_profile.UserProfile'>: ['can_add_project', 'can_add_xform', 'add_userprofile', 'change_userprofile', 'delete_userprofile', 'view_profile'], <class 'onadata.apps.logger.models.xform.XForm'>: ['report_xform', 'add_xform', 'change_xform', 'delete_submission', 'delete_xform', 'can_export_xform_data', 'view_xform', 'view_xform_all', 'view_xform_data', 'move_xform', 'transfer_xform']}
name = 'owner'
class onadata.libs.permissions.ReadOnlyRole

Bases: Role

Read-only Role class.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>: ['view_organizationprofile'], <class 'onadata.apps.logger.models.project.Project'>: ['can_export_project_data', 'view_project', 'view_project_all'], <class 'onadata.apps.logger.models.xform.XForm'>: ['can_export_xform_data', 'view_xform', 'view_xform_all']}
name = 'readonly'
class onadata.libs.permissions.ReadOnlyRoleNoDownload

Bases: Role

Read-only no download Role class.

class_to_permissions = {<class 'onadata.apps.logger.models.merged_xform.MergedXForm'>: ['view_mergedxform'], <class 'onadata.apps.logger.models.project.Project'>: ['view_project', 'view_project_all'], <class 'onadata.apps.logger.models.xform.XForm'>: ['view_xform', 'view_xform_all']}
name = 'readonly-no-download'
permissions = (('view_organizationprofile', <class 'onadata.apps.api.models.organization_profile.OrganizationProfile'>), ('view_xform', <class 'onadata.apps.logger.models.xform.XForm'>), ('view_project', <class 'onadata.apps.logger.models.project.Project'>), ('view_xform_all', <class 'onadata.apps.logger.models.xform.XForm'>), ('view_project_all', <class 'onadata.apps.logger.models.project.Project'>), ('view_mergedxform', <class 'onadata.apps.logger.models.merged_xform.MergedXForm'>))
class onadata.libs.permissions.Role

Bases: object

Base Role class.

classmethod add(user, obj)

Add obj permissions to the a user.

class_to_permissions = {}
classmethod has_role(permissions, obj)

Check that permission correspond to this role for this object.

Parameters:
  • permissions – A list of permissions.

  • obj – An object or class to get the permissions of.

name = None
classmethod remove_obj_permissions(user, obj)

Remove all permissions the user has on the obj.

classmethod user_has_role(user, obj)

Check that a user has this role.

Parameters:
  • user – A user object.

  • obj – An object to get the permissions of.

onadata.libs.permissions.exclude_items_from_queryset_using_xform_meta_perms(xform, user, queryset)

Exclude instances from the queryset if meta-perms have been enabled

onadata.libs.permissions.filter_queryset_xform_meta_perms(xform, user, instance_queryset)

Check for the specific perms if meta-perms have been enabled CAN_VIEW_XFORM_ALL ==> User should be able to view all the data CAN_VIEW_XFORM_DATA ===> User should be able to view his/her submitted data. Otherwise should raise forbidden error. :param xform: :param user: :param instance_queryset: :return: data

onadata.libs.permissions.filter_queryset_xform_meta_perms_sql(xform, user, query)

Check for the specific perms if meta-perms have been enabled CAN_VIEW_XFORM_ALL ==> User should be able to view all the data CAN_VIEW_XFORM_DATA ===> User should be able to view his/her submitted

data. Otherwise should raise forbidden error.

Parameters:
  • xform

  • user

  • instance_queryset

Returns:

data

onadata.libs.permissions.get_group_perms(obj)

Return XFormGroupObjectPermission or ProjectGroupObjectPermission queryset.

onadata.libs.permissions.get_object_users_with_permissions(obj, username=False, with_group_users=False)

Returns users, roles and permissions for an object.

Parameters:
  • obj – object, the object to check permissions on

  • username – bool, when True set username instead of a User object

onadata.libs.permissions.get_role(permissions, obj)

Return the user role for the given obj permissions.

onadata.libs.permissions.get_role_in_org(user, organization)

Return the user role in the organization.

onadata.libs.permissions.get_team_project_default_permissions(team, project)

Return team role for given project.

onadata.libs.permissions.get_user_perms(obj)

Return XFormUserObjectPermission or ProjectUserObjectPermission queryset.

onadata.libs.permissions.is_organization(obj)

Some OrganizationProfiles have a pointer to the UserProfile, but no UserProfiles do. Check for that first since it avoids a database hit.

Module contents