Allow agents to download artifacts

9ef4daa8 · Bastien Abadie · eb0707fe · 9ef4daa8 · 9ef4daa8 · 9ef4daa8
Commit 9ef4daa8 authored 4 years ago by Bastien Abadie
--- a/arkindex/dataimport/permissions.py
+++ b/arkindex/dataimport/permissions.py
+from rest_framework import permissions
+
+from arkindex.project.mixins import CorpusACLMixin
+
+
+class IsTaskAdminOrCreator(CorpusACLMixin, permissions.BasePermission):
+    """
+    Permission to access a task with high privilege
+    Allowed for superuser, dataimport creators and users with an admin right on its associated corpus
+    Allowed for agents too
+    """
+
+    def has_object_permission(self, request, view, task):
+        # Add request to attributes for the ACL mixin to work with self.user
+        self.request = request
+
+        if not self.user.is_authenticated:
+            return False
+        return (
+            # Admin and internal fields are present for humans and workers
+            (hasattr(self.user, "is_admin") and self.user.is_admin)
+            or (hasattr(self.user, "is_internal") and self.user.is_internal)
+
+            # The agent field is only present for agents
+            or (hasattr(self.user, "is_agent") and self.user.is_agent)
+
+            or self.user.id == task.workflow.dataimport.creator_id
+            or (
+                task.workflow.dataimport.corpus_id
+                and self.has_admin_access(task.workflow.dataimport.corpus)
+            )
+        )
+
+
+class IsArtifactAdminOrCreator(IsTaskAdminOrCreator):
+
+    def has_object_permission(self, request, view, artifact):
+        return super().has_object_permission(request, view, artifact.task)
--- a/arkindex/project/tests/test_ponos_view.py
+++ b/arkindex/project/tests/test_ponos_view.py
@@ -9,6 +9,7 @@ from arkindex.dataimport.models import DataImport, DataImportMode
 from arkindex.documents.models import Corpus
 from arkindex.project.tests import FixtureAPITestCase
 from arkindex.users.models import Role, User
+from ponos.authentication import AgentUser
 from ponos.models import Agent, Artifact, Farm, Secret, encrypt


@@ -143,3 +144,24 @@ class TestPonosView(FixtureAPITestCase):
                    follow=False
                )
                self.assertEqual(response.status_code, status_code)
+
+    def test_download_artifacts_by_agent(self):
+        """
+        Agents should still be able to download artifacts in order
+        to run followup tasks
+        """
+        agent_user = AgentUser.objects.create(
+            cpu_cores=3,
+            cpu_frequency=3e9,
+            farm_id=Farm.objects.create().id,
+            ram_total=2e9,
+            last_ping='1999-09-09'
+        )
+
+        with self.assertNumQueries(3):
+            response = self.client.get(
+                reverse('ponos-artifact-dl', kwargs={'pk': str(self.task.id), 'path': self.artifact.path}),
+                follow=False,
+                HTTP_AUTHORIZATION="Bearer {}".format(agent_user.token.access_token),
+            )
+            self.assertEqual(response.status_code, status.HTTP_302_FOUND)
--- a/arkindex/project/views.py
+++ b/arkindex/project/views.py
@@ -2,40 +2,12 @@ from django.conf import settings
 from django.views.generic import TemplateView, View
 from rest_framework import permissions

-from arkindex.project.mixins import CachedViewMixin, CorpusACLMixin
+from arkindex.dataimport.permissions import IsArtifactAdminOrCreator, IsTaskAdminOrCreator
+from arkindex.project.mixins import CachedViewMixin
 from arkindex.project.permissions import IsVerified
 from ponos.api import AgentDetails, AgentsState, SecretDetails, TaskArtifactDownload, TaskUpdate


-class IsTaskAdminOrCreator(CorpusACLMixin, permissions.BasePermission):
-    """
-    Permission to access a task with high privilege
-    Allowed for superuser, dataimport creators and users with an admin right on its associated corpus
-    """
-
-    def has_object_permission(self, request, view, task):
-        # Add request to attributes for the ACL mixin to work with self.user
-        self.request = request
-
-        if not self.user.is_authenticated:
-            return False
-        return (
-            self.user.is_admin
-            or self.user.is_internal
-            or self.user.id == task.workflow.dataimport.creator_id
-            or (
-                task.workflow.dataimport.corpus_id
-                and self.has_admin_access(task.workflow.dataimport.corpus)
-            )
-        )
-
-
-class IsArtifactAdminOrCreator(IsTaskAdminOrCreator):
-
-    def has_object_permission(self, request, view, artifact):
-        return super().has_object_permission(request, view, artifact.task)
-
-
 class FrontendView(View):
    """
    View that show the frontend's router