Add project and form level submission and download list filtering

Signed-off-by: Kipchirchir Sigei <[email protected]>

onadata/apps/api/viewsets/briefcase_viewset.py

@@ -98,6 +98,19 @@ def get_object(self, queryset=None):
         id_string = _extract_id_string(form_id)
         uuid = _extract_uuid(form_id)
         username = self.kwargs.get("username")
+        form_pk = self.kwargs.get("xform_pk")
+        project_pk = self.kwargs.get("project_pk")
+
+        if not username:
+            if form_pk:
+                queryset = self.queryset.filter(pk=form_pk)
+                if queryset.first():
+                   username = queryset.first().user.username
+            elif project_pk:
+                queryset = queryset.filter(project__pk=project_pk)
+                if queryset.first():
+                    username = queryset.first().user.username
+
 
         obj = get_object_or_404(
             Instance,
@@ -115,18 +128,35 @@ def filter_queryset(self, queryset):
         Filters an XForm submission instances using ODK Aggregate query parameters.
         """
         username = self.kwargs.get("username")
-        if username is None and self.request.user.is_anonymous:
+        form_pk = self.kwargs.get("xform_pk")
+        project_pk = self.kwargs.get("project_pk")
+
+        if (not username or not form_pk or not project_pk) and self.request.user.is_anonymous:
             # raises a permission denied exception, forces authentication
             self.permission_denied(self.request)
 
         if username is not None and self.request.user.is_anonymous:
-            profile = get_object_or_404(UserProfile, user__username__iexact=username)
+            profile = None
+            if username:
+                profile = get_object_or_404(UserProfile, user__username__iexact=username)
+            elif form_pk:
+                queryset = queryset.filter(pk=form_pk)
+                if queryset.first():
+                    profile = queryset.first().user.profile
+            elif project_pk:
+                queryset = queryset.filter(project__pk=project_pk)
+                if queryset.first():
+                    profile = queryset.first().user.profile
 
             if profile.require_auth:
                 # raises a permission denied exception, forces authentication
                 self.permission_denied(self.request)
             else:
                 queryset = queryset.filter(user=profile.user)
+        elif form_pk:
+            queryset = queryset.filter(pk=form_pk)
+        elif project_pk:
+            queryset = queryset.filter(project__pk=project_pk)
         else:
             queryset = super().filter_queryset(queryset)
 

onadata/apps/main/urls.py

@@ -201,11 +201,31 @@
         BriefcaseViewset.as_view({"get": "list", "head": "list"}),
         name="view-submission-list",
     ),
+    re_path(
+        r"^forms/(?P<xform_pk>\w+)/view/submissionList$",
+        BriefcaseViewset.as_view({"get": "list", "head": "list"}),
+        name="view-submission-list",
+    ),
+    re_path(
+        r"^projects/(?P<project_pk>\d+)/view/submissionList$",
+        BriefcaseViewset.as_view({"get": "list", "head": "list"}),
+        name="view-submission-list",
+    ),
     re_path(
         r"^(?P<username>\w+)/view/downloadSubmission$",
         BriefcaseViewset.as_view({"get": "retrieve", "head": "retrieve"}),
         name="view-download-submission",
     ),
+    re_path(
+        r"^forms/(?P<xform_pk>\w+)/view/downloadSubmission$",
+        BriefcaseViewset.as_view({"get": "retrieve", "head": "retrieve"}),
+        name="view-download-submission",
+    ),
+    re_path(
+        r"^projects/(?P<project_pk>\d+)/view/downloadSubmission$",
+        BriefcaseViewset.as_view({"get": "retrieve", "head": "retrieve"}),
+        name="view-download-submission",
+    ),
     re_path(
         r"^(?P<username>\w+)/formUpload$",
         BriefcaseViewset.as_view({"post": "create", "head": "create"}),