From 963c53c2eee360ea7fb7a5157d254ae4348d1509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eik=20Hvattum=20R=C3=B8geberg?= Date: Mon, 20 Nov 2023 11:17:49 +0100 Subject: [PATCH] Remove user field from survey submission read serializer The surveys are supposedly anonymous, they are not when the user field is sent with the submission --- lego/apps/surveys/serializers.py | 8 +++++--- lego/apps/surveys/tests/test_submissions_api.py | 3 ++- lego/apps/surveys/views.py | 12 +++++++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/lego/apps/surveys/serializers.py b/lego/apps/surveys/serializers.py index 20fea507c..c0d2625a6 100644 --- a/lego/apps/surveys/serializers.py +++ b/lego/apps/surveys/serializers.py @@ -6,7 +6,6 @@ from lego.apps.events.serializers.events import EventForSurveySerializer from lego.apps.surveys.constants import DISPLAY_TYPES, QUESTION_TYPES from lego.apps.surveys.models import Answer, Option, Question, Submission, Survey -from lego.apps.users.serializers.users import PublicUserSerializer from lego.utils.serializers import BasisModelSerializer @@ -93,11 +92,14 @@ class Meta: class SubmissionReadSerializer(BasisModelSerializer): answers = AnswerSerializer(many=True) - user = PublicUserSerializer() + is_owner = serializers.SerializerMethodField() class Meta: model = Submission - fields = ("id", "user", "survey", "answers") + fields = ("id", "is_owner", "survey", "answers") + + def get_is_owner(self, submission): + return submission.user == self.context["request"].user class SubmissionAdminReadSerializer(SubmissionReadSerializer): diff --git a/lego/apps/surveys/tests/test_submissions_api.py b/lego/apps/surveys/tests/test_submissions_api.py index 04f0869b6..bfe9e26c7 100644 --- a/lego/apps/surveys/tests/test_submissions_api.py +++ b/lego/apps/surveys/tests/test_submissions_api.py @@ -198,7 +198,8 @@ def test_create_answer(self): expected = submission_data(self.admin_user, 1) result = response.json() - self.assertEqual(expected["user"], result["user"].get("id", None)) + self.assertEqual(expected["survey"], result["survey"]) + self.assertTrue(result["isOwner"]) self.assertEqual(len(result["answers"]), 3) for i, answer in enumerate(result["answers"]): diff --git a/lego/apps/surveys/views.py b/lego/apps/surveys/views.py index 361b7996d..4a2052a52 100644 --- a/lego/apps/surveys/views.py +++ b/lego/apps/surveys/views.py @@ -171,7 +171,9 @@ def create(self, request, *args, **kwargs): serializer.is_valid(raise_exception=True) self.perform_create(serializer) return Response( - SubmissionReadSerializer(serializer.instance).data, + SubmissionReadSerializer( + serializer.instance, context={"request": request} + ).data, status=status.HTTP_201_CREATED, ) @@ -198,7 +200,9 @@ def hide(self, request, **kwargs): submission, answer = self.validate_answer(request, **kwargs) answer.hide() return Response( - data=SubmissionAdminReadSerializer(submission).data, + data=SubmissionAdminReadSerializer( + submission, context={"request": request} + ).data, status=status.HTTP_202_ACCEPTED, ) @@ -212,7 +216,9 @@ def show(self, request, **kwargs): submission, answer = self.validate_answer(request, **kwargs) answer.show() return Response( - data=SubmissionAdminReadSerializer(submission).data, + data=SubmissionAdminReadSerializer( + submission, context={"request": request} + ).data, status=status.HTTP_202_ACCEPTED, )