Merge branch 'activities-internal' into 'master'

Fix internal user check to update worker activities Closes #733 See merge request !1336

Merge branch 'activities-internal' into 'master'
d45ec29d · Bastien Abadie · d80610fc · 4541bb92 · d45ec29d · d45ec29d
Commit d45ec29d authored 3 years ago by Bastien Abadie
--- a/arkindex/dataimport/tests/test_workeractivity.py
+++ b/arkindex/dataimport/tests/test_workeractivity.py
@@ -8,6 +8,7 @@ from arkindex.dataimport.models import ActivityState, DataImportMode, WorkerActi
 from arkindex.documents.models import Classification, ClassificationState, Element, MLClass
 from arkindex.documents.tasks import initialize_activity
 from arkindex.project.tests import FixtureTestCase
+from arkindex.users.models import User


 class TestWorkerActivity(FixtureTestCase):
@@ -84,14 +85,22 @@ class TestWorkerActivity(FixtureTestCase):
    def test_put_activity_requires_internal(self):
        """
        Only internal users (workers) are able to update the state of a worker activity
+        Internal users with an instance admin are able to update a worker activity
        """
+        internal_admin_user = User.objects.create_user('god@test.test', 'G0D')
+        internal_admin_user.is_internal = True
+        internal_admin_user.is_admin = True
+        internal_admin_user.save()
        cases = (
            (None, status.HTTP_403_FORBIDDEN, 0),
            (self.user, status.HTTP_403_FORBIDDEN, 2),
            (self.superuser, status.HTTP_403_FORBIDDEN, 2),
            (self.internal_user, status.HTTP_200_OK, 3),
+            (internal_admin_user, status.HTTP_200_OK, 3)
        )
        for user, status_code, requests_count in cases:
+            self.activity.state = WorkerActivityState.Queued
+            self.activity.save()
            if user:
                self.client.force_login(user)
            with self.assertNumQueries(requests_count):

--- a/arkindex/project/permissions.py
+++ b/arkindex/project/permissions.py
@@ -7,7 +7,7 @@ class AllowNone(object):
    Systematically refuse permission
    """
    def has_permission(self, request, view):
-        return None
+        return False


 class InternalGroupPermissionMixin(object):
@@ -17,9 +17,7 @@ class InternalGroupPermissionMixin(object):
    """

    def has_permission(self, request, view):
-        if request.user.is_authenticated and \
-                not request.user.is_admin and \
-                request.user.is_internal:
+        if request.user.is_authenticated and request.user.is_internal:
            return True

        return super().has_permission(request, view)