Merge pull request #645 from pierotofy/contours

pierotofy · web-flow · commit 934f0822c8bb · 2019-04-03T12:45:44.000-04:00
Contours fix in iframes
diff --git a/app/api/tasks.py b/app/api/tasks.py
@@ -77,12 +77,23 @@ class TaskViewSet(viewsets.ViewSet):
     """
     queryset = models.Task.objects.all().defer('orthophoto_extent', 'dsm_extent', 'dtm_extent', 'console_output', )
     
-    # We don't use object level permissions on tasks, relying on
-    # project's object permissions instead (but standard model permissions still apply)
-    permission_classes = (permissions.DjangoModelPermissions, )
     parser_classes = (parsers.MultiPartParser, parsers.JSONParser, parsers.FormParser, )
     ordering_fields = '__all__'
 
+    def get_permissions(self):
+        """
+        Instantiates and returns the list of permissions that this view requires.
+        We don't use object level permissions on tasks, relying on
+        project's object permissions instead (but standard model permissions still apply)
+        and with the exception of 'retrieve' (task GET) for public tasks access
+        """
+        if self.action == 'retrieve':
+            permission_classes = [permissions.AllowAny]
+        else:
+            permission_classes = [permissions.DjangoModelPermissions, ]
+
+        return [permission() for permission in permission_classes]
+
     def set_pending_action(self, pending_action, request, pk=None, project_pk=None, perms=('change_project', )):
         get_and_check_project(request, project_pk, perms)
         try:
@@ -128,7 +139,6 @@ def output(self, request, pk=None, project_pk=None):
         output = task.console_output or ""
         return Response('\n'.join(output.rstrip().split('\n')[line_num:]))
 
-
     def list(self, request, project_pk=None):
         get_and_check_project(request, project_pk)
         tasks = self.queryset.filter(project=project_pk)
@@ -137,12 +147,14 @@ def list(self, request, project_pk=None):
         return Response(serializer.data)
 
     def retrieve(self, request, pk=None, project_pk=None):
-        get_and_check_project(request, project_pk)
         try:
             task = self.queryset.get(pk=pk, project=project_pk)
         except (ObjectDoesNotExist, ValidationError):
             raise exceptions.NotFound()
 
+        if not task.public:
+            get_and_check_project(request, task.project.id)
+
         serializer = TaskSerializer(task)
         return Response(serializer.data)
 
diff --git a/app/api/urls.py b/app/api/urls.py
@@ -2,7 +2,6 @@
 
 from app.api.presets import PresetViewSet
 from app.plugins import get_api_url_patterns
-from webodm import settings
 from .projects import ProjectViewSet
 from .tasks import TaskViewSet, TaskTiles, TaskTilesJson, TaskDownloads, TaskAssets, TaskAssetsImport
 from .processingnodes import ProcessingNodeViewSet, ProcessingNodeOptionsView
diff --git a/app/tests/test_api_task.py b/app/tests/test_api_task.py
@@ -371,6 +371,9 @@ def accessResources(expectedStatus):
             res = other_client.get("/api/projects/{}/tasks/{}/{}/tiles/16/16020/42443.png".format(project.id, task.id, tile_type))
             self.assertTrue(res.status_code == expectedStatus)
 
+            res = other_client.get("/api/projects/{}/tasks/{}/".format(project.id, task.id))
+            self.assertTrue(res.status_code == expectedStatus)
+
         accessResources(status.HTTP_404_NOT_FOUND)
 
         # Original owner enables sharing
@@ -382,16 +385,18 @@ def accessResources(expectedStatus):
         # Now other user can acccess resources
         accessResources(status.HTTP_200_OK)
 
+        # He cannot change a task
+        res = other_client.patch("/api/projects/{}/tasks/{}/".format(project.id, task.id), {
+            'name': "Changed! Uh oh"
+        })
+        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
+
         # User logs out
         other_client.logout()
 
         # He can still access the resources as anonymous
         accessResources(status.HTTP_200_OK)
 
-        # Other user still does not have access to certain parts of the API
-        res = other_client.get("/api/projects/{}/tasks/{}/".format(project.id, task.id))
-        self.assertTrue(res.status_code == status.HTTP_403_FORBIDDEN)
-
         # Restart a task
         testWatch.clear()
         res = client.post("/api/projects/{}/tasks/{}/restart/".format(project.id, task.id))
diff --git a/plugins/contours/public/ContoursPanel.jsx b/plugins/contours/public/ContoursPanel.jsx
@@ -56,7 +56,7 @@ export default class ContoursPanel extends React.Component {
               }
           })
           .fail(() => {
-            this.setState({permanentError: `Cannot retrieve information for task ${id}. Are you are connected to the internet.`})
+            this.setState({permanentError: `Cannot retrieve information for task ${id}. Are you are connected to the internet?`})
           })
           .always(() => {
             this.setState({loading: false});

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ export default class ContoursPanel extends React.Component {`
`56`	`56`	`}`
`57`	`57`	`})`
`58`	`58`	`.fail(() => {`
`59`		- this.setState({permanentError: `Cannot retrieve information for task ${id}. Are you are connected to the internet.`})
	`59`	+ this.setState({permanentError: `Cannot retrieve information for task ${id}. Are you are connected to the internet?`})
`60`	`60`	`})`
`61`	`61`	`.always(() => {`
`62`	`62`	`this.setState({loading: false});`