Retrieve username from request object and not xform object #871
Conversation
|
I would have thought the correct Enketo URI is the owner of the form and not the requesting user. This has the likely hood of generating the wrong records in Enketo that may end up clashing with a users own forms. Suppose the user B is accessing a form from user A with the |
|
You make a good point and I agree with you that this approach needs to be reconsidered but at the same time preview urls are not working for users with |
|
That's a good point, it looks like zebra could generate that on its own.
What are some examples of user-specific-formlist-endpoint?
…On Sun, Jan 15, 2017 at 02:52 Mark Ekisa ***@***.***> wrote:
You make a good point and I agree with you that this approach needs to be
reconsidered but at the same time preview urls are not working for users
with can view and download as well as can view permissions - I tested
this out after @msschroeder <https://github.com/msschroeder> reported and
I replicated the issue (<id_string> not found in formlist issue). What I
have here fixes the preview url problem as illustrated in [enketo's preview
url doc] (https://apidocs.enketo.org/v2#/get-survey-preview).
As a side note, after working on the formbuilder, I think I now understand
why kobo decided to go with the approach of generating an id_string for the
user; the generated id_string contains random characters which seems to be
unique not only in a person's account but the xform table as well. With
this, one would never be worried about having duplicate id_strings in a
formList even if forms from different accounts were shared with a
particular user.
The other thing I had discussed with @royrutto
<https://github.com/royrutto> and @denniswambua
<https://github.com/denniswambua> last week was that I don't see the
reason why core/onadata is the middle service when zebra wants an enketo
url or enketo preview url. We have forms/<id>/enketo endpoint which
returns both an enketo url as well as an enketo preview url. For example,
the request format for getting a preview url is the following:
http -a <enketo-api-token>: POST "
https://enketo.ona.io/api_v2/survey/preview?server_url=
<user-specific-formlist-endpoint>&form_id=<id-string>"
I think, but I stand to be corrected, zebra can acquire all the 3
variables above and make a request to enketo without having core make the
request on zebra's behalf.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#871 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AADGEiqFgJOjnnSagbJLMR_a_4Cejiteks5rSdA_gaJpZM4LhdT9>
.
|
|
An example would be |
|
@pld I have the zebra issue |
|
@ivermac what is the reason that those with permissions to the form have no access to the form? |
ivermac
force-pushed
the
870-incorrect-preview-url-returned-by-core
branch
from
9d5714b
to
37dc1df
Compare
|
For context, @ukanga and I decided to add new formList endpoint that would be used only for enketo preview urls. This is because at the moment, the formlist endpoint only allows users without |
|
Is there any update when this issue will be deployed? The customer was asking when this will be resolved. I was under the impression that it would be deployed this week. |
|
@msschroeder I can't really merge it since I worked on it. @denniswambua or @ukanga should be able to review this PR and give a status update. |
|
@denniswambua What else needs to be done with this? Can you give a timeline for when this will be done? |
|
@msschroeder Its ready for QA |
ivermac
force-pushed
the
870-incorrect-preview-url-returned-by-core
branch
from
37dc1df
to
68e649a
Compare
|
@denniswambua I have added documenation |
|
|
closes #870