udata 9.1.0__py2.py3-none-any.whl → 9.1.1__py2.py3-none-any.whl

udata/__init__.py

@@ -4,5 +4,5 @@
 udata
 '''
 
-__version__ = '9.1.0'
+__version__ = '9.1.1'
 __description__ = 'Open data portal'

udata/core/reuse/api_fields.py

@@ -41,7 +41,7 @@ reuse_fields = api.model('Reuse', {
     'last_modified': fields.ISODateTime(
         description='The reuse last modification date', readonly=True),
     'deleted': fields.ISODateTime(
-        description='The organization identifier', readonly=True),
+        description='The deletion date if deleted', readonly=True),
     'datasets': fields.List(
         fields.Nested(dataset_fields), description='The reused datasets'),
     'organization': fields.Nested(

udata/harvest/api.py

@@ -8,13 +8,14 @@ from udata.auth import admin_permission
 from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.api_fields import dataset_ref_fields, dataset_fields
 from udata.core.organization.api_fields import org_ref_fields
+from udata.core.dataset.permissions import OwnablePermission
 from udata.core.organization.permissions import EditOrganizationPermission
 from udata.core.user.api_fields import user_ref_fields
 
 from . import actions
 from .forms import HarvestSourceForm, HarvestSourceValidationForm
 from .models import (
-    HARVEST_JOB_STATUS, HARVEST_ITEM_STATUS, HarvestJob,
+    HARVEST_JOB_STATUS, HARVEST_ITEM_STATUS, HarvestJob, HarvestSource,
     VALIDATION_STATES, VALIDATION_ACCEPTED
 )
 
@@ -233,6 +234,7 @@ class SourceAPI(API):
     def put(self, ident):
         '''Update a harvest source'''
         source = actions.get_source(ident)
+        OwnablePermission(source).test()
         form = api.validate(HarvestSourceForm, source)
         source = actions.update_source(ident, form.data)
         return source
@@ -241,6 +243,8 @@ class SourceAPI(API):
     @api.doc('delete_harvest_source')
     @api.marshal_with(source_fields)
     def delete(self, ident):
+        source: HarvestSource = actions.get_source(ident)
+        OwnablePermission(source).test()
         return actions.delete_source(ident), 204
 
 

udata/harvest/tests/test_api.py

@@ -295,7 +295,7 @@ class HarvestAPITest(MockBackendsMixin):
         assert source['config'] == {'custom': 'value'}
 
     def test_update_source(self, api):
-        '''It should update a source'''
+        '''It should update a source if owner or orga member'''
         user = api.login()
         source = HarvestSourceFactory(owner=user)
         new_url = faker.url()
@@ -307,11 +307,31 @@ class HarvestAPITest(MockBackendsMixin):
         }
         api_url = url_for('api.harvest_source', ident=str(source.id))
         response = api.put(api_url, data)
+        assert200(response)
+        assert response.json['url'] == new_url
 
+        # Source is now owned by orga, with user as member
+        source.organization = OrganizationFactory(members=[Member(user=user)])
+        source.save()
+        api_url = url_for('api.harvest_source', ident=str(source.id))
+        response = api.put(api_url, data)
         assert200(response)
 
-        source = response.json
-        assert source['url'] == new_url
+    def test_update_source_require_permission(self, api):
+        '''It should not update a source if not the owner'''
+        api.login()
+        source = HarvestSourceFactory()
+        new_url: str = faker.url()
+        data = {
+            'name': source.name,
+            'description': source.description,
+            'url': new_url,
+            'backend': 'factory',
+        }
+        api_url: str = url_for('api.harvest_source', ident=str(source.id))
+        response = api.put(api_url, data)
+
+        assert403(response)
 
     def test_validate_source(self, api):
         '''It should allow to validate a source if admin'''
@@ -388,6 +408,16 @@ class HarvestAPITest(MockBackendsMixin):
         deleted_sources = HarvestSource.objects(deleted__exists=True)
         assert len(deleted_sources) == 1
 
+    def test_delete_source_require_permission(self, api):
+        '''It should not delete a source if not the owner'''
+        api.login()
+        source = HarvestSourceFactory()
+
+        url = url_for('api.harvest_source', ident=str(source.id))
+        response = api.delete(url)
+
+        assert403(response)
+
     def test_schedule_source(self, api):
         '''It should allow to schedule a source if admin'''
         api.login(AdminFactory())

{udata-9.1.0.dist-info → udata-9.1.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: udata
-Version: 9.1.0
+Version: 9.1.1
 Summary: Open data portal
 Home-page: https://github.com/opendatateam/udata
 Author: Opendata Team
@@ -135,6 +135,10 @@ It is collectively taken care of by members of the
 
 # Changelog
 
+## 9.1.1 (2024-07-16)
+
+- Add correct owner permissions on harvest sources [#3091](https://github.com/opendatateam/udata/pull/3091)
+
 ## 9.1.0 (2024-07-11)
 
 - Add reports backend [#3069](https://github.com/opendatateam/udata/pull/3069) and [#3078](https://github.com/opendatateam/udata/pull/3078)

{udata-9.1.0.dist-info → udata-9.1.1.dist-info}/RECORD

@@ -1,6 +1,6 @@
 tasks/__init__.py,sha256=CnVhb_TV-6nMhxVR6itnBmvuU2OSCs02AfNB4irVBTE,8132
 tasks/helpers.py,sha256=k_HiuiEJNgQLvWdeHqczPOAcrYpFjEepBeKo7EQzY8M,994
-udata/__init__.py,sha256=2sAFq9TpXNp1Eg5f-rmq2S6KGr9scC4Z4JHSrHL7fZs,97
+udata/__init__.py,sha256=00Am56rwXmIVejvRPsNTl7Hn1mnVFxT1iYo6ZAt75XM,97
 udata/api_fields.py,sha256=zx-BPYajUyRKOOIFIebn-MFSrRIyi4O-sf97V7KjoOI,13461
 udata/app.py,sha256=6upwrImLaWrSYtsXPW1zH84_oRxp3B6XFuocMe2D6NU,7329
 udata/assets.py,sha256=aMa-MnAEXVSTavptSn2V8sUE6jL_N0MrYCQ6_QpsuHs,645
@@ -168,7 +168,7 @@ udata/core/reports/models.py,sha256=eIQOKHJHaE5GeFguLsRJMUbHzdK77FXPpcsEBFcBYNg,
 udata/core/reuse/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 udata/core/reuse/activities.py,sha256=rdl_CR3RJPBMonsHYmPnPVDvCYozNdXN2H1ILrTItNQ,1417
 udata/core/reuse/api.py,sha256=72oJxmwziqvuFhxcuXy-5ckhQo39t65hp4eqvSqbQ6o,10237
-udata/core/reuse/api_fields.py,sha256=aU5L7-jzywSZlO4cq2DfvvYmfmGMWcBimp959AVV3Zg,4871
+udata/core/reuse/api_fields.py,sha256=WXzhHBQnGLI1AMWGKKkFkCscJZNDyc99vXbW63EYJFo,4872
 udata/core/reuse/apiv2.py,sha256=Op4f6pSMdUuLcCwNadojJfHfU6UYohrzSxlJbRn3wHc,824
 udata/core/reuse/constants.py,sha256=pbCR1xX9v4tdewlOx8bgNmy1-5V9OXIbpNjJivnQ--A,1215
 udata/core/reuse/csv.py,sha256=bOKS3LYGmQHj-qPkvxZVnbIju_sYDYjehGCM3Bj75lM,843
@@ -276,7 +276,7 @@ udata/frontend/csv.py,sha256=SDV8GMhNpHyE9NYy9cfHulsFUzwclfc7roWAAm-PZ9M,8257
 udata/frontend/markdown.py,sha256=41bOiU6AKng4U-5v3otBed3dyCu63NI9fnznUQThbIk,4377
 udata/harvest/__init__.py,sha256=C4y5w4vGb_F9Opy62lzV3eHo4DkNyRgPCq-wsarPXiQ,28
 udata/harvest/actions.py,sha256=6f9bkIITLHes0vGU-yioRGfFOghAS3nXThXEVKaHFpA,10082
-udata/harvest/api.py,sha256=sG84NsGURzXP108lCI0Bq876Gf0qbXPsrDUf2eLGnUE,14774
+udata/harvest/api.py,sha256=xAUzJL6fbj_XZnjo-9MPxlaiQ39AuDkGKIggbkF731c,14990
 udata/harvest/commands.py,sha256=Vo1KxO7GAOgQ87khqlGIyjZIlwAOlQ8ztadqmWdMvwk,4922
 udata/harvest/csv.py,sha256=c2fPnMB6q99wRxLncl8L0ILcdF4SI8Lsl8tViNrcW6A,396
 udata/harvest/exceptions.py,sha256=YaXw0ESmSCcibfUmP5uc1uRedKD2mvUBXUOnbaSXtNw,299
@@ -292,7 +292,7 @@ udata/harvest/backends/dcat.py,sha256=-VvV3eHuiEMUbms15VdKO4ONQiqtoLLFR0425km9C_
 udata/harvest/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 udata/harvest/tests/factories.py,sha256=vUFON9GzI5CbD3bP8_ayOs3S9pHbhhHiI7B4GhoQtVE,2218
 udata/harvest/tests/test_actions.py,sha256=TPHb8n8tlQ0l2lu8GzbymKPOpzTeN_VCtFmszZoCAQI,27583
-udata/harvest/tests/test_api.py,sha256=QXhseHfnkBEmMbIJzroMdDYGLDj6Njal1s-2sn0xhEM,14888
+udata/harvest/tests/test_api.py,sha256=JmtgsTD4GeDmwLfXNy2oYn-4_JzG-v6yMXcBDZ6iKXQ,16028
 udata/harvest/tests/test_base_backend.py,sha256=idFssHnN1iv2ktP1b1IlDpGglVR4Rzza-XuJr68KIlA,12240
 udata/harvest/tests/test_dcat_backend.py,sha256=bOb6hmgoGB4usjFA6s9fzLKAMGOKmWXFpF0DEPeJBVQ,34118
 udata/harvest/tests/test_filters.py,sha256=V2HFZlexIJa6r1DX6g2ktvIgjg4gSY11QPfPOd3_Oug,2370
@@ -696,9 +696,9 @@ udata/translations/pt/LC_MESSAGES/udata.mo,sha256=yfwqLHV-_mGNaDklP7T0pQP4i1y__s
 udata/translations/pt/LC_MESSAGES/udata.po,sha256=E45ZRCW2bpedoWOztkgJ9gwBlg2L1pTcHmCXgqSdhT0,44979
 udata/translations/sr/LC_MESSAGES/udata.mo,sha256=w_x0mh_WagUuQ5QFweqHg5-HtDrsoyL66HVmUxrdR0U,28500
 udata/translations/sr/LC_MESSAGES/udata.po,sha256=LfaUQzhrfDClLdBo_U2erasp2XR1z1_V132cewvZ9C8,51548
-udata-9.1.0.dist-info/LICENSE,sha256=V8j_M8nAz8PvAOZQocyRDX7keai8UJ9skgmnwqETmdY,34520
-udata-9.1.0.dist-info/METADATA,sha256=zAVX0DdmVC7basOViHfHS228lb1EHHLKzgB7TxFZOBE,125694
-udata-9.1.0.dist-info/WHEEL,sha256=DZajD4pwLWue70CAfc7YaxT1wLUciNBvN_TTcvXpltE,110
-udata-9.1.0.dist-info/entry_points.txt,sha256=3SKiqVy4HUqxf6iWspgMqH8d88Htk6KoLbG1BU-UddQ,451
-udata-9.1.0.dist-info/top_level.txt,sha256=39OCg-VWFWOq4gCKnjKNu-s3OwFlZIu_dVH8Gl6ndHw,12
-udata-9.1.0.dist-info/RECORD,,
+udata-9.1.1.dist-info/LICENSE,sha256=V8j_M8nAz8PvAOZQocyRDX7keai8UJ9skgmnwqETmdY,34520
+udata-9.1.1.dist-info/METADATA,sha256=Va5grYrIVFZYj_XL7isxDfq-Tw_MxT6GX-mzxclR9P4,125826
+udata-9.1.1.dist-info/WHEEL,sha256=DZajD4pwLWue70CAfc7YaxT1wLUciNBvN_TTcvXpltE,110
+udata-9.1.1.dist-info/entry_points.txt,sha256=3SKiqVy4HUqxf6iWspgMqH8d88Htk6KoLbG1BU-UddQ,451
+udata-9.1.1.dist-info/top_level.txt,sha256=39OCg-VWFWOq4gCKnjKNu-s3OwFlZIu_dVH8Gl6ndHw,12
+udata-9.1.1.dist-info/RECORD,,