i_can_still_write respects role of the user

LayerManager · Dec 20, 2023 · 0a96158 · 0a96158
1 parent a100ebf
commit 0a96158
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/src/layman/common/prime_db_schema/publications.py b/src/layman/common/prime_db_schema/publications.py
@@ -394,7 +394,12 @@ def who_can_write_can_read(can_read, can_write):
 
 
 def i_can_still_write(actor_name, can_write):
-    if ROLE_EVERYONE not in can_write and actor_name not in can_write:
+    if ROLE_EVERYONE not in can_write and (
+            (not actor_name) or (
+                actor_name not in can_write
+                and not any(role in can_write for role in role_service.get_user_roles(actor_name))
+            )
+    ):
         raise LaymanError(43, f'After the operation, the actor has to have write right.')
 
 

diff --git a/src/layman/common/prime_db_schema/publications_test.py b/src/layman/common/prime_db_schema/publications_test.py
@@ -3,7 +3,7 @@
 
 from layman import settings, app as app, LaymanError
 from layman.map import MAP_TYPE
-from test_tools.role_service import ensure_role, delete_role
+from test_tools.role_service import ensure_role, delete_role, ensure_user_role, delete_user_role
 from . import publications, workspaces, users
 
 DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
@@ -177,13 +177,29 @@ class TestICanStillWrite:
     username2 = 'test_i_can_still_write_user2'
     role1 = 'ROLE1'
 
+    @pytest.fixture(scope="function", autouse=True)
+    def provide_data(self, request):
+        with app.app_context():
+            ensure_user(self.username, '15')
+            ensure_user(self.username2, '16')
+            ensure_role(self.role1)
+            ensure_user_role(self.username, self.role1)
+        yield
+        if request.node.session.testsfailed == 0:
+            with app.app_context():
+                delete_user_role(self.username, self.role1)
+                delete_role(self.role1)
+                users.delete_user(self.username)
+                users.delete_user(self.username2)
+
     @classmethod
     @pytest.mark.parametrize("actor_name, can_write", [
         pytest.param(None, {settings.RIGHTS_EVERYONE_ROLE}, id='noname-rights-everyone'),
         pytest.param(None, {username, settings.RIGHTS_EVERYONE_ROLE}, id='noname-rights-everyone-and-user'),
         pytest.param(username, {settings.RIGHTS_EVERYONE_ROLE}, id='user-rights-everyone'),
         pytest.param(username, {username2, settings.RIGHTS_EVERYONE_ROLE}, id='user-rights-other-user-and-everyone'),
         pytest.param(username, {username, username2}, id='user-rights-user-and-other-user'),
+        pytest.param(username, {role1}, id='user-rights-role-of-user'),
     ])
     def test_ok(cls, actor_name, can_write):
         publications.i_can_still_write(actor_name, can_write)
@@ -194,7 +210,7 @@ def test_ok(cls, actor_name, can_write):
         pytest.param(None, {username2}, id='noname-rights-other-user'),
         pytest.param(username, set(), id='user-empty-rights'),
         pytest.param(username, {username2}, id='user-rights-other-user'),
-        pytest.param(username, {role1}, id='user-rights-role'),
+        pytest.param(username2, {role1}, id='user-rights-other-role'),
     ])
     def test_raises(cls, actor_name, can_write):
         with pytest.raises(LaymanError) as exc_info: