Allow corpus admin to delete transcriptions from worker

5b367f1d · Manon Blanco · Bastien Abadie · e4b0fd82 · 5b367f1d · 5b367f1d
Commit 5b367f1d authored 4 years ago by Manon Blanco Committed by Bastien Abadie 4 years ago
--- a/arkindex/documents/api/ml.py
+++ b/arkindex/documents/api/ml.py
@@ -111,7 +111,8 @@ class TranscriptionCreate(CreateAPIView):
 class TranscriptionEdit(RetrieveUpdateDestroyAPIView):
    """
    Retrieve or edit a transcription
-    Edition and deletion are allowed for manual transcriptions only
+    Edition and deletion are allowed for manual transcriptions
+    Edition and deletion of non-manual transcriptions are allowed for the admin
    """
    serializer_class = TranscriptionSerializer
    permission_classes = (IsVerified, )
@@ -133,10 +134,11 @@ class TranscriptionEdit(RetrieveUpdateDestroyAPIView):
        rights = transcription.element.corpus.get_acl_rights(request.user)

        errors = defaultdict(list)
+        non_manual_transcription = bool(transcription.worker_version or transcription.source and transcription.source.slug != 'manual')
        if Right.Write not in rights:
            errors['__all__'].append('A write access to transcription element corpus is required.')
-        if transcription.worker_version or transcription.source and transcription.source.slug != 'manual':
-            errors['__all__'].append('Only manual transcriptions can be edited.')
+        if Right.Admin not in rights and non_manual_transcription:
+            errors['__all__'].append('Only admins can edit non-manual transcription.')
        if (errors):
            raise PermissionDenied(errors)


--- a/arkindex/documents/tests/test_edit_transcriptions.py
+++ b/arkindex/documents/tests/test_edit_transcriptions.py
@@ -29,6 +29,11 @@ class TestEditTranscription(FixtureAPITestCase):
        cls.private_read_user.verified_email = True
        cls.private_read_user.save()
        private_corpus.corpus_right.create(user=cls.private_read_user)
+        # Create an user with a write right only on the corpus
+        cls.write_user = User.objects.create_user('bla@bla.bla', 'aa')
+        cls.write_user.verified_email = True
+        cls.write_user.save()
+        cls.corpus.corpus_right.create(user=cls.write_user, can_write=True)

    def setUp(self):
        self.manual_source = DataSource.objects.create(type=MLToolType.Recognizer, slug='manual', internal=False)
@@ -101,6 +106,34 @@ class TestEditTranscription(FixtureAPITestCase):
        self.assertEqual(data.get('id'), str(self.manual_transcription.id))
        self.assertEqual(data.get('text'), 'Once upon a time in a castle')

+    def test_transcription_patch_not_manual(self):
+        # self.user is the admin of the corpus, he can edit a worker transcription
+        self.client.force_login(self.user)
+        response = self.client.patch(
+            reverse('api:transcription-edit', kwargs={'pk': self.ml_transcription.id}),
+            format='json',
+            data={'text': 'Once upon a time in a castle'}
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        data = response.json()
+        self.assertEqual(data.get('id'), str(self.ml_transcription.id))
+        self.assertEqual(data.get('text'), 'Once upon a time in a castle')
+
+    def test_transcription_patch_internal_user(self):
+        self.private_read_user.is_internal = True
+        self.private_read_user.save()
+
+        self.client.force_login(self.private_read_user)
+        response = self.client.patch(
+            reverse('api:transcription-edit', kwargs={'pk': self.ml_transcription.id}),
+            format='json',
+            data={'text': 'He used to play the Bumbulum'}
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        data = response.json()
+        self.assertEqual(data.get('id'), str(self.ml_transcription.id))
+        self.assertEqual(data.get('text'), 'He used to play the Bumbulum')
+
    def test_transcription_patch_text_only(self):
        """
        Assert only transcription text can be updated
@@ -154,11 +187,11 @@ class TestEditTranscription(FixtureAPITestCase):
            '__all__': ['A write access to transcription element corpus is required.']
        })

-    def test_transcription_patch_not_manual(self):
+    def test_transcription_patch_admin_right(self):
        """
        Updating a transcription produced by a ML worker is forbidden
        """
-        self.client.force_login(self.user)
+        self.client.force_login(self.write_user)
        response = self.client.patch(
            reverse('api:transcription-edit', kwargs={'pk': self.ml_transcription.id}),
            format='json',
@@ -166,7 +199,7 @@ class TestEditTranscription(FixtureAPITestCase):
        )
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
        self.assertDictEqual(response.json(), {
-            '__all__': ['Only manual transcriptions can be edited.']
+            '__all__': ['Only admins can edit non-manual transcription.']
        })

    def test_manual_transcription_delete(self):