Fix patch saving layer file before access right validation

(cherry picked from commit 4c6bf12)
LayerManager · Nov 9, 2023 · cbe2a26 · cbe2a26
1 parent 0c2a5a8
commit cbe2a26
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v1.22.2
+ {release-date}
+### Changes
+- [#952](https://github.com/LayerManager/layman/issues/952) Fix patch saving publication files before access right validation.
+
 ## v1.22.1
  2023-10-12
 ### Changes

diff --git a/src/layman/layer/rest_workspace_layer.py b/src/layman/layer/rest_workspace_layer.py
@@ -211,6 +211,13 @@ def patch(workspace, layername):
 
     layer_result = {}
 
+    kwargs.update({'actor_name': authn.get_authn_username()})
+    rest_util.setup_patch_access_rights(request.form, kwargs)
+    util.pre_publication_action_check(workspace,
+                                      layername,
+                                      kwargs,
+                                      )
+
     if delete_from is not None:
         request_method = request.method.lower()
         deleted = util.delete_layer(workspace, layername, source=delete_from, http_method=request_method)
@@ -245,13 +252,6 @@ def patch(workspace, layername):
             elif input_files:
                 shutil.move(temp_dir, input_file.get_layer_input_file_dir(workspace, layername))
         publications.set_wfs_wms_status(workspace, LAYER_TYPE, layername, settings.EnumWfsWmsStatus.PREPARING)
-    kwargs.update({'actor_name': authn.get_authn_username()})
-
-    rest_util.setup_patch_access_rights(request.form, kwargs)
-    util.pre_publication_action_check(workspace,
-                                      layername,
-                                      kwargs,
-                                      )
 
     util.patch_layer(
         workspace,

diff --git a/tests/dynamic_data/publications/wrong_input/wrong_input_test.py b/tests/dynamic_data/publications/wrong_input/wrong_input_test.py
@@ -1353,6 +1353,44 @@ class Key(Enum):
         Key.RUN_ONLY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]),
         Key.SPECIFIC_CASES: {},
     },
+    # issue 952
+    'patch_layer_write_rights_without_owner': {
+        Key.PUBLICATION_TYPE: process_client.LAYER_TYPE,
+        Key.WORKSPACE: OWNER,
+        Key.POST_BEFORE_TEST_ARGS: {
+            'access_rights': {
+                'read': 'EVERYONE',
+                'write': 'EVERYONE',
+            },
+            'actor_name': OWNER,
+        },
+        Key.REST_ARGS: {
+            'file_paths': ['sample/layman.layer/small_layer.geojson'],
+            'access_rights': {
+                'read': 'EVERYONE',
+                'write': EDITOR,
+            },
+            'actor_name': EDITOR,
+        },
+        Key.EXCEPTION: LaymanError,
+        Key.EXPECTED_EXCEPTION: {
+            'http_code': 400,
+            'sync': True,
+            'code': 43,
+            'message': 'Wrong access rights.',
+            'data': {
+                'access_rights': {'read': ['EVERYONE'], 'write': ['wrong_input_editor']},
+                'message': 'Owner of the personal workspace have to keep write right.',
+                'actor_name': 'wrong_input_editor',
+                'owner': 'wrong_input_owner',
+                'publication_name': '{publication_name}',
+                'workspace_name': '{workspace}',
+            },
+        },
+        Key.MANDATORY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]),
+        Key.RUN_ONLY_CASES: frozenset([RestMethod.PATCH, WithChunksDomain.FALSE, CompressDomain.FALSE]),
+        Key.SPECIFIC_CASES: {},
+    },
 }