From 4541bb924ff992998bf5ba0174c83c731e9caea5 Mon Sep 17 00:00:00 2001
From: Valentin Rigal <rigal@teklia.com>
Date: Wed, 5 May 2021 08:49:30 +0000
Subject: [PATCH] Fix internal user check to update worker activities

---
 arkindex/dataimport/tests/test_workeractivity.py | 9 +++++++++
 arkindex/project/permissions.py                  | 6 ++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/arkindex/dataimport/tests/test_workeractivity.py b/arkindex/dataimport/tests/test_workeractivity.py
index 5cf64f9583..be83bd5ef7 100644
--- a/arkindex/dataimport/tests/test_workeractivity.py
+++ b/arkindex/dataimport/tests/test_workeractivity.py
@@ -8,6 +8,7 @@ from arkindex.dataimport.models import ActivityState, DataImportMode, WorkerActi
 from arkindex.documents.models import Classification, ClassificationState, Element, MLClass
 from arkindex.documents.tasks import initialize_activity
 from arkindex.project.tests import FixtureTestCase
+from arkindex.users.models import User
 
 
 class TestWorkerActivity(FixtureTestCase):
@@ -84,14 +85,22 @@ class TestWorkerActivity(FixtureTestCase):
     def test_put_activity_requires_internal(self):
         """
         Only internal users (workers) are able to update the state of a worker activity
+        Internal users with an instance admin are able to update a worker activity
         """
+        internal_admin_user = User.objects.create_user('god@test.test', 'G0D')
+        internal_admin_user.is_internal = True
+        internal_admin_user.is_admin = True
+        internal_admin_user.save()
         cases = (
             (None, status.HTTP_403_FORBIDDEN, 0),
             (self.user, status.HTTP_403_FORBIDDEN, 2),
             (self.superuser, status.HTTP_403_FORBIDDEN, 2),
             (self.internal_user, status.HTTP_200_OK, 3),
+            (internal_admin_user, status.HTTP_200_OK, 3)
         )
         for user, status_code, requests_count in cases:
+            self.activity.state = WorkerActivityState.Queued
+            self.activity.save()
             if user:
                 self.client.force_login(user)
             with self.assertNumQueries(requests_count):
diff --git a/arkindex/project/permissions.py b/arkindex/project/permissions.py
index aca0d5518c..473d9b83f0 100644
--- a/arkindex/project/permissions.py
+++ b/arkindex/project/permissions.py
@@ -7,7 +7,7 @@ class AllowNone(object):
     Systematically refuse permission
     """
     def has_permission(self, request, view):
-        return None
+        return False
 
 
 class InternalGroupPermissionMixin(object):
@@ -17,9 +17,7 @@ class InternalGroupPermissionMixin(object):
     """
 
     def has_permission(self, request, view):
-        if request.user.is_authenticated and \
-                not request.user.is_admin and \
-                request.user.is_internal:
+        if request.user.is_authenticated and request.user.is_internal:
             return True
 
         return super().has_permission(request, view)
-- 
GitLab