Using API key of user which spawned application for updating task meta (

#56) * Testing spawn api key. * Testing spawn api key. * Testing spawn api key. * Testing spawn api key.
supervisely · Dec 28, 2023 · e523be4 · e523be4
1 parent fc54084
commit e523be4
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/agent/worker/task_app.py b/agent/worker/task_app.py
@@ -344,7 +344,16 @@ def _get_task_volumes(self):
                 "mode": "rw",
             }
 
-            api = sly.Api(self.info["server_address"], self.info["api_token"])
+            context = self.info.get("context", {})
+            # spawnApiToken - is a token of user, that spawned application.
+            # apiToken - is a token of user for which application was spawned.
+            # It's important to use spawnApiToken, because the application can be spawned
+            # by user with higher permissions, than current user (e.g. annotator).
+            # For example, if we'lll use annotator's token, we'll get 403 error, when
+            # trying to update task meta, since the annotator doesn't have enough permissions.
+            api_token = context.get("spawnApiToken") or self.info["api_token"]
+
+            api = sly.Api(self.info["server_address"], api_token)
             api.task.update_meta(
                 int(self.info["task_id"]),
                 {},