Remove filtering for admins

d2f0800a · Erwan Rouchet · da96424b · d2f0800a
Commit d2f0800a authored 6 years ago by Erwan Rouchet
--- a/arkindex/dataimport/api.py
+++ b/arkindex/dataimport/api.py
@@ -41,7 +41,8 @@ class DataImportsList(CorpusACLMixin, ListCreateAPIView):
        if serializer.validated_data['mode'] not in (DataImportMode.Images, ):
            raise ValidationError('Unsupported mode for now, sorry.')

-        if Right.Write not in serializer.validated_data['corpus'].get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in serializer.validated_data['corpus'].get_acl_rights(self.request.user):
            raise PermissionDenied

        return super().perform_create(serializer)
@@ -60,7 +61,8 @@ class DataImportDetails(RetrieveUpdateDestroyAPIView):

    def perform_update(self, serializer):
        dataimport = serializer.instance
-        if Right.Write not in dataimport.corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in dataimport.corpus.get_acl_rights(self.request.user):
            raise PermissionDenied

        if dataimport.state not in (DataImportState.Created, DataImportState.Configured):
@@ -84,7 +86,8 @@ class DataImportDetails(RetrieveUpdateDestroyAPIView):
            dataimport.save()

    def perform_destroy(self, instance):
-        if Right.Write not in instance.corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in instance.corpus.get_acl_rights(self.request.user):
            raise PermissionDenied
        if instance.state == DataImportState.Running:
            raise ValidationError("Cannot delete a workflow while it is running")
@@ -133,7 +136,7 @@ class DataImportDemo(CreateAPIView):

        volume = get_object_or_404(Element, **filters)

-        assert Right.Write in volume.corpus.get_acl_rights(self.request.user), \
+        assert self.request.user.is_admin or Right.Write in volume.corpus.get_acl_rights(self.request.user), \
            'Corpus is not writable'

        # Start the import
@@ -175,12 +178,14 @@ class DataFileRetrieve(RetrieveUpdateDestroyAPIView):
        return DataFile.objects.filter(corpus__in=Corpus.objects.readable(self.request.user))

    def perform_update(self, serializer):
-        if Right.Write not in serializer.instance.corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in serializer.instance.corpus.get_acl_rights(self.request.user):
            raise PermissionDenied
        return super().perform_update(serializer)

    def perform_destroy(self, instance):
-        if Right.Write not in instance.corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in instance.corpus.get_acl_rights(self.request.user):
            raise PermissionDenied
        return super().perform_destroy(instance)

@@ -201,7 +206,8 @@ class DataFileUpload(APIView):
        corpus = corpus_qs.get()

        # Check corpus is writable for current user
-        if Right.Write not in corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in corpus.get_acl_rights(self.request.user):
            raise PermissionDenied

        file_obj = request.FILES['file']
@@ -298,12 +304,14 @@ class RepositoryRetrieve(RetrieveUpdateDestroyAPIView):
        )

    def perform_update(self, serializer):
-        if Right.Write not in serializer.instance.corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in serializer.instance.corpus.get_acl_rights(self.request.user):
            raise PermissionDenied
        return super().perform_update(self, serializer)

    def perform_destroy(self, instance):
-        if Right.Write not in instance.corpus.get_acl_rights(self.request.user):
+        if not self.request.user.is_admin and \
+                Right.Write not in instance.corpus.get_acl_rights(self.request.user):
            raise PermissionDenied
        return super().perform_destroy(self, instance)