From 46b9af0f011e56391c59be5f8f33212615b61752 Mon Sep 17 00:00:00 2001
From: index-git <sileny.index@gmail.com>
Date: Tue, 17 Oct 2023 14:43:31 +0200
Subject: [PATCH] Fix patch saving map file before access right validation

(cherry picked from commit 629ad6c91b7d2daf6e9cc6d27251329969770965)
---
 src/layman/map/rest_workspace_map.py          | 18 +++----
 test_tools/process.py                         |  2 +
 .../wrong_input/wrong_input_test.py           | 50 +++++++++++++++++--
 3 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/src/layman/map/rest_workspace_map.py b/src/layman/map/rest_workspace_map.py
index 2fcaa0a46..0ed3eebb8 100644
--- a/src/layman/map/rest_workspace_map.py
+++ b/src/layman/map/rest_workspace_map.py
@@ -75,15 +75,6 @@ def patch(workspace, mapname):
 
     props_to_refresh = util.get_same_or_missing_prop_names(workspace, mapname)
     metadata_properties_to_refresh = props_to_refresh
-    if file is not None:
-        thumbnail.delete_map(workspace, mapname)
-        file = FileStorage(
-            io.BytesIO(json.dumps(file_json).encode()),
-            file.filename
-        )
-        input_file.save_map_files(
-            workspace, mapname, [file])
-
     file_changed = file is not None
     kwargs = {
         'title': title,
@@ -101,6 +92,15 @@ def patch(workspace, mapname):
                                       kwargs,
                                       )
 
+    if file is not None:
+        thumbnail.delete_map(workspace, mapname)
+        file = FileStorage(
+            io.BytesIO(json.dumps(file_json).encode()),
+            file.filename
+        )
+        input_file.save_map_files(
+            workspace, mapname, [file])
+
     util.patch_map(
         workspace,
         mapname,
diff --git a/test_tools/process.py b/test_tools/process.py
index ea87c0e91..f2db1a565 100644
--- a/test_tools/process.py
+++ b/test_tools/process.py
@@ -70,6 +70,8 @@ def oauth2_provider_mock():
                 'dynamic_test_layer_patch_without_data_user': None,
                 'test_fix_issuer_id_user': None,
                 'layer_map_relation_user': None,
+                'wrong_input_owner': None,
+                'wrong_input_editor': None,
             },
         },
         'host': '0.0.0.0',
diff --git a/tests/dynamic_data/publications/wrong_input/wrong_input_test.py b/tests/dynamic_data/publications/wrong_input/wrong_input_test.py
index 2edc0c25f..847982f15 100644
--- a/tests/dynamic_data/publications/wrong_input/wrong_input_test.py
+++ b/tests/dynamic_data/publications/wrong_input/wrong_input_test.py
@@ -30,9 +30,12 @@ class Key(Enum):
     RUN_ONLY_CASES = 'run_only_cases'
     SPECIFIC_CASES = 'specific_params'
     POST_BEFORE_TEST_ARGS = 'post_before_test_args'
+    WORKSPACE = 'workspace'
 
 
 WORKSPACE = 'dynamic_test_workspace_wrong_input'
+OWNER = 'wrong_input_owner'
+EDITOR = 'wrong_input_editor'
 
 
 ALL_CASES = frozenset([RestMethod, WithChunksDomain, CompressDomain])
@@ -1312,6 +1315,44 @@ class Key(Enum):
         Key.RUN_ONLY_CASES: frozenset([RestMethod, WithChunksDomain.FALSE, CompressDomain.FALSE]),
         Key.SPECIFIC_CASES: {},
     },
+    # issue 952
+    'patch_map_write_rights_without_owner': {
+        Key.PUBLICATION_TYPE: process_client.MAP_TYPE,
+        Key.WORKSPACE: OWNER,
+        Key.POST_BEFORE_TEST_ARGS: {
+            'access_rights': {
+                'read': 'EVERYONE',
+                'write': 'EVERYONE',
+            },
+            'actor_name': OWNER,
+        },
+        Key.REST_ARGS: {
+            'file_paths': ['sample/layman.map/small_map.json'],
+            'access_rights': {
+                'read': 'EVERYONE',
+                'write': EDITOR,
+            },
+            'actor_name': EDITOR,
+        },
+        Key.EXCEPTION: LaymanError,
+        Key.EXPECTED_EXCEPTION: {
+            'http_code': 400,
+            'sync': True,
+            'code': 43,
+            'message': 'Wrong access rights.',
+            'data': {
+                'access_rights': {'read': ['EVERYONE'], 'write': ['wrong_input_editor']},
+                'message': 'Owner of the personal workspace have to keep write right.',
+                'actor_name': 'wrong_input_editor',
+                'owner': 'wrong_input_owner',
+                'publication_name': 'patch_map_write_rights_without_owner_patch',
+                'workspace_name': 'wrong_input_owner'
+            },
+        },
+        Key.MANDATORY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]),
+        Key.RUN_ONLY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]),
+        Key.SPECIFIC_CASES: {},
+    },
 }
 
 
@@ -1335,10 +1376,10 @@ def generate_test_cases():
         publ_type = all_params.pop(Key.PUBLICATION_TYPE)
 
         publication_name = rest_args.pop('name', None)
-        publication = Publication(workspace=WORKSPACE,
+        publication = Publication(workspace=test_case_params.get(Key.WORKSPACE, WORKSPACE),
                                   type=publ_type,
-                                  name=publication_name,
-                                  ) if publication_name else None
+                                  name=publication_name if publication_name else None,
+                                  )
 
         test_case = base_test.TestCaseType(key=key,
                                            publication=publication,
@@ -1356,11 +1397,12 @@ def generate_test_cases():
     return tc_list
 
 
-@pytest.mark.usefixtures('ensure_external_db')
+@pytest.mark.usefixtures('ensure_external_db', 'oauth2_provider_mock')
 class TestPublication(base_test.TestSingleRestPublication):
     workspace = WORKSPACE
     test_cases = generate_test_cases()
     publication_type = None
+    usernames_to_reserve = [OWNER, EDITOR]
     rest_parametrization = [
         RestMethod,
         WithChunksDomain,