From 4c6bf12e9c6224c507cc2621b4b9b10df4da02bc Mon Sep 17 00:00:00 2001 From: index-git Date: Tue, 17 Oct 2023 15:14:02 +0200 Subject: [PATCH] Fix patch saving layer file before access right validation --- CHANGELOG.md | 1 + src/layman/layer/rest_workspace_layer.py | 14 +++---- .../wrong_input/wrong_input_test.py | 38 +++++++++++++++++++ 3 files changed, 46 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dc57a39cd..3cababf57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ 2023-10-12 ### Changes - [#949](https://github.com/LayerManager/layman/issues/949) Fix reading map-layer relations from map composition that includes also other than WMS and Vector layers. +- [#952](https://github.com/LayerManager/layman/issues/952) Fix patch saving publication files before access right validation. ## v1.22.0 2023-10-05 diff --git a/src/layman/layer/rest_workspace_layer.py b/src/layman/layer/rest_workspace_layer.py index 2fd9965d7..b5cbcb889 100644 --- a/src/layman/layer/rest_workspace_layer.py +++ b/src/layman/layer/rest_workspace_layer.py @@ -211,6 +211,13 @@ def patch(workspace, layername): layer_result = {} + kwargs.update({'actor_name': authn.get_authn_username()}) + rest_util.setup_patch_access_rights(request.form, kwargs) + util.pre_publication_action_check(workspace, + layername, + kwargs, + ) + if delete_from is not None: request_method = request.method.lower() deleted = util.delete_layer(workspace, layername, source=delete_from, http_method=request_method) @@ -245,13 +252,6 @@ def patch(workspace, layername): elif input_files: shutil.move(temp_dir, input_file.get_layer_input_file_dir(workspace, layername)) publications.set_wfs_wms_status(workspace, LAYER_TYPE, layername, settings.EnumWfsWmsStatus.PREPARING) - kwargs.update({'actor_name': authn.get_authn_username()}) - - rest_util.setup_patch_access_rights(request.form, kwargs) - util.pre_publication_action_check(workspace, - layername, - kwargs, - ) util.patch_layer( workspace, diff --git a/tests/dynamic_data/publications/wrong_input/wrong_input_test.py b/tests/dynamic_data/publications/wrong_input/wrong_input_test.py index dd9d20501..63f072013 100644 --- a/tests/dynamic_data/publications/wrong_input/wrong_input_test.py +++ b/tests/dynamic_data/publications/wrong_input/wrong_input_test.py @@ -1353,6 +1353,44 @@ class Key(Enum): Key.RUN_ONLY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]), Key.SPECIFIC_CASES: {}, }, + # issue 952 + 'patch_layer_write_rights_without_owner': { + Key.PUBLICATION_TYPE: process_client.LAYER_TYPE, + Key.WORKSPACE: OWNER, + Key.POST_BEFORE_TEST_ARGS: { + 'access_rights': { + 'read': 'EVERYONE', + 'write': 'EVERYONE', + }, + 'actor_name': OWNER, + }, + Key.REST_ARGS: { + 'file_paths': ['sample/layman.layer/small_layer.geojson'], + 'access_rights': { + 'read': 'EVERYONE', + 'write': EDITOR, + }, + 'actor_name': EDITOR, + }, + Key.EXCEPTION: LaymanError, + Key.EXPECTED_EXCEPTION: { + 'http_code': 400, + 'sync': True, + 'code': 43, + 'message': 'Wrong access rights.', + 'data': { + 'access_rights': {'read': ['EVERYONE'], 'write': ['wrong_input_editor']}, + 'message': 'Owner of the personal workspace have to keep write right.', + 'actor_name': 'wrong_input_editor', + 'owner': 'wrong_input_owner', + 'publication_name': '{publication_name}', + 'workspace_name': '{workspace}', + }, + }, + Key.MANDATORY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]), + Key.RUN_ONLY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]), + Key.SPECIFIC_CASES: {}, + }, }