update

bloomberg · Dec 19, 2024 · 70a6e1e · 70a6e1e
1 parent 09fa359
commit 70a6e1e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 6 deletions.
diff --git a/pybossa/api/__init__.py b/pybossa/api/__init__.py
@@ -1034,16 +1034,14 @@ def project_clone(project_id=None, short_name=None):
 
     if current_user.is_anonymous:
         return abort(401)
-    if not (project_id or short_name):
-        return abort(404)
     if short_name:
         project = project_repo.get_by_shortname(short_name)
-    elif project_id:
+    else:
         project = project_repo.get(project_id)
     if not project:
         return abort(404)
     if not (current_user.admin or (current_user.subadmin and current_user.id in project.owners_ids)):
-        return abort(401)
+        return abort(403)
 
     payload = json.loads(request.form['request_json']) if 'request_json' in request.form else request.json
 

diff --git a/test/test_api/test_project_api.py b/test/test_api/test_project_api.py
@@ -2607,13 +2607,13 @@ def test_clone_project_access(self):
         headers = [('Authorization', reguser.api_key)]
         res = self.app.post(f'/api/project/{short_name}/clone', headers=headers)
         error_msg = "User must have permissions"
-        assert res.status_code == 401, error_msg
+        assert res.status_code == 403, error_msg
 
         # check 401 response when use is not authorized
         headers = [('Authorization', subadmin.api_key)]
         res = self.app.post(f'/api/project/{short_name}/clone', headers=headers)
         error_msg = "User must have permissions"
-        assert res.status_code == 401, error_msg
+        assert res.status_code == 403, error_msg
 
 
     @with_context
@@ -2673,6 +2673,28 @@ def test_clone_project(self):
             assert res.status_code == 200, data
 
 
+    @with_context
+    @patch('pybossa.api.clone_project')
+    def test_clone_project_error(self, clone_project):
+        """Test API clone project success state"""
+        from pybossa.view.projects import data_access_levels
+
+        clone_project.side_effect = Exception("Project clone error!")
+        [admin, subadminowner] = UserFactory.create_batch(2)
+        make_admin(admin)
+        make_subadmin(subadminowner)
+
+        short_name = "testproject"
+        self._setup_project(short_name, subadminowner)
+        headers = [('Authorization', subadminowner.api_key)]
+
+        data = {'short_name': 'newname', 'name': 'newname', 'password': 'Test123', 'input_data_class': 'L4 - public','output_data_class': 'L4 - public'}
+        with patch.dict(data_access_levels, self.patch_data_access_levels):
+            res = self.app.post(f'/api/project/{short_name}/clone', headers=headers, data=json.dumps(data), content_type='application/json')
+            data = json.loads(res.data)
+            assert res.status_code == 400, data
+
+
     @with_context
     def test_clone_project_by_id(self):
         """Test API clone project by id success state"""