Merge pull request #964 from WildMeOrg/export_fixes

Export fixes

app/extensions/__init__.py

@@ -498,7 +498,7 @@ def current_user_has_export_permission(self):
         from app.modules.users.permissions.rules import ObjectActionRule
         from app.modules.users.permissions.types import AccessOperation
 
-        rule = ObjectActionRule(obj=self, action=AccessOperation.EXPORT)
+        rule = ObjectActionRule(obj=self, action=AccessOperation.READ)
         return rule.check()
 
     def current_user_has_edit_permission(self):
@@ -512,7 +512,7 @@ def user_has_export_permission(self, user):
         from app.modules.users.permissions.rules import ObjectActionRule
         from app.modules.users.permissions.types import AccessOperation
 
-        rule = ObjectActionRule(obj=self, action=AccessOperation.EXPORT, user=user)
+        rule = ObjectActionRule(obj=self, action=AccessOperation.READ, user=user)
         return rule.check()
 
     def user_has_view_permission(self, user):

app/modules/encounters/resources.py

@@ -249,7 +249,7 @@ class EncounterExport(Resource):
     )
     def post(self):
         search = request.get_json()
-        encs = Encounter.elasticsearch(search)
+        encs = Encounter.elasticsearch(search, limit=15000)
         if not encs:
             abort(400, 'No results to export')
         from flask import send_file

app/modules/individuals/resources.py

@@ -272,7 +272,7 @@ class IndividualExport(Resource):
     )
     def post(self):
         search = request.get_json()
-        indivs = Individual.elasticsearch(search)
+        indivs = Individual.elasticsearch(search, limit=15000)
         if not indivs:
             abort(400, 'No results to export')
         from flask import send_file

app/modules/sightings/resources.py

@@ -149,7 +149,7 @@ class SightingExport(Resource):
     )
     def post(self):
         search = request.get_json()
-        sights = Sighting.elasticsearch(search)
+        sights = Sighting.elasticsearch(search, limit=15000)
         if not sights:
             abort(400, 'No results to export')
         from flask import send_file

app/modules/users/permissions/rules.py

@@ -119,13 +119,13 @@
             'is_admin',
             'is_researcher',
         ],
-        ('Encounter', AccessOperation.READ): ['is_researcher'],
+        ('Encounter', AccessOperation.READ): ['is_researcher', 'is_admin'],
         ('Encounter', AccessOperation.EXPORT): ['is_researcher'],
         ('Encounter', AccessOperation.WRITE): ['is_active'],  # TODO is this still correct
-        ('Sighting', AccessOperation.READ): ['is_researcher'],
+        ('Sighting', AccessOperation.READ): ['is_researcher', 'is_admin'],
         ('Sighting', AccessOperation.WRITE): ['is_active'],
         ('Sighting', AccessOperation.DELETE): ['is_admin'],
-        ('Individual', AccessOperation.READ): ['is_researcher'],
+        ('Individual', AccessOperation.READ): ['is_researcher', 'is_admin'],
         ('Individual', AccessOperation.EXPORT): ['is_researcher'],
         ('Individual', AccessOperation.WRITE): ['is_researcher'],
         ('Individual', AccessOperation.DELETE): ['is_admin'],

tests/modules/collaborations/resources/test_collaboration_usage.py

@@ -58,7 +58,7 @@ def test_use_collaboration(
     assert sighting.user_has_view_permission(researcher_1)
     assert sighting.user_has_export_permission(researcher_1)
     assert sighting.user_has_view_permission(researcher_2)
-    assert not sighting.user_has_export_permission(researcher_2)
+    assert sighting.user_has_export_permission(researcher_2)
 
     # Researcher 2 should be able to view all the data but edit none of it
     asset_group_utils.read_asset_group(flask_app_client, researcher_2, asset_group_uuid)