From a2b1b50d42c80e7c735808f8f5fbbd4cbf164c65 Mon Sep 17 00:00:00 2001 From: Daniel Chiquito Date: Wed, 9 Feb 2022 12:23:53 -0500 Subject: [PATCH 1/3] Allow anyone with project access to import/export --- client/src/components/ProjectSettings.vue | 3 ++- client/src/views/Projects.vue | 1 - miqa/core/rest/project.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/client/src/components/ProjectSettings.vue b/client/src/components/ProjectSettings.vue index 7792bf72..f7f241fc 100644 --- a/client/src/components/ProjectSettings.vue +++ b/client/src/components/ProjectSettings.vue @@ -153,6 +153,7 @@ export default defineComponent({ - + Project: {{ currentProject.name }}
diff --git a/miqa/core/rest/project.py b/miqa/core/rest/project.py index 64417763..4d3cbee8 100644 --- a/miqa/core/rest/project.py +++ b/miqa/core/rest/project.py @@ -172,7 +172,7 @@ def settings_(self, request, **kwargs): request_body=no_body, responses={204: 'Import succeeded.'}, ) - @project_permission_required(superuser_access=True) + @project_permission_required() @action(detail=True, url_path='import', url_name='import', methods=['POST']) def import_(self, request, **kwargs): project: Project = self.get_object() From 60b8f60a24d7a4267f447cc047e101b68d80fcbd Mon Sep 17 00:00:00 2001 From: Daniel Chiquito Date: Wed, 9 Feb 2022 13:05:24 -0500 Subject: [PATCH 2/3] Update import tests --- miqa/core/tests/test_import.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/miqa/core/tests/test_import.py b/miqa/core/tests/test_import.py index 336df1bf..9098cc4b 100644 --- a/miqa/core/tests/test_import.py +++ b/miqa/core/tests/test_import.py @@ -6,6 +6,7 @@ import pytest from rest_framework.exceptions import APIException +from guardian.shortcuts import get_perms from miqa.core.tasks import import_data @@ -86,7 +87,7 @@ def test_import_csv(tmp_path, user, project_factory, sample_scans, user_api_clie user_api_client = user_api_client(project=project) resp = user_api_client.post(f'/api/v1/projects/{project.id}/import') - if user.is_superuser: + if get_perms(user, project): assert resp.status_code == 204 # The import should update the project, even though the names do not match project.refresh_from_db() @@ -115,7 +116,7 @@ def test_import_global_csv(tmp_path, user, project_factory, sample_scans, user_a user_api_client = user_api_client(project=project) resp = user_api_client.post(f'/api/v1/projects/{project.id}/import') - if user.is_superuser: + if get_perms(user, project): assert resp.status_code == 204 # The import should update the correctly named projects, but not the original import project project.refresh_from_db() @@ -147,7 +148,7 @@ def test_import_json( project = project_factory(import_path=json_file) resp = user_api_client(project=project).post(f'/api/v1/projects/{project.id}/import') - if user.is_superuser: + if get_perms(user, project): assert resp.status_code == 204 # The import should update the project, even though the names do not match project.refresh_from_db() @@ -181,7 +182,7 @@ def test_import_global_json( user_api_client = user_api_client(project=project) resp = user_api_client.post(f'/api/v1/projects/{project.id}/import') - if user.is_superuser: + if get_perms(user, project): assert resp.status_code == 204 # The import should update the correctly named projects, but not the original import project project.refresh_from_db() From 92de00564d015a2d1a5c7ffa8c325a1e18e2989a Mon Sep 17 00:00:00 2001 From: Daniel Chiquito Date: Wed, 9 Feb 2022 14:04:16 -0500 Subject: [PATCH 3/3] Fix linting --- miqa/core/tests/test_import.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miqa/core/tests/test_import.py b/miqa/core/tests/test_import.py index 9098cc4b..8ef7c0b0 100644 --- a/miqa/core/tests/test_import.py +++ b/miqa/core/tests/test_import.py @@ -4,9 +4,9 @@ from pathlib import Path import re +from guardian.shortcuts import get_perms import pytest from rest_framework.exceptions import APIException -from guardian.shortcuts import get_perms from miqa.core.tasks import import_data