Forbidden refactor and permissions for the upload result - evaluate_submission

f8820588 · Peter Stanko · 1c150f8b · f8820588 · f8820588 · f8820588
Unverified Commit f8820588 authored 6 years ago by Peter Stanko
--- a/portal/async_celery/tasks.py
+++ b/portal/async_celery/tasks.py
@@ -53,4 +53,5 @@ def update_project_test_files(course_id: str, project_id: str):
    }
    updated_entity: UploadedEntity = storage.test_files.update(entity_id=project.id, **params)
    project.config.test_files_commit_hash = updated_entity.version
-    write_entity(project)
+    log.debug(f"Updated project config: {project.config}")
+    write_entity(project.config)
--- a/portal/rest/courses.py
+++ b/portal/rest/courses.py
@@ -61,7 +61,7 @@ class CourseResource(Resource):
            filtered_course = filter_course_dump(course, dump.data, client)
            return filtered_course

-        raise ForbiddenError(uid=client.id)
+        raise ForbiddenError(client=client)

    @jwt_required
    @courses_namespace.response(204, 'Course deleted')

--- a/portal/rest/projects.py
+++ b/portal/rest/projects.py
@@ -221,4 +221,4 @@ def get_config_schema_based_on_permissions(course):
    elif perm_service.check.client(['view_course_limited']):
        return config_schema_reduced
    else:
-        raise ForbiddenError(uid=perm_service.client.id)
+        raise ForbiddenError(perm_service.client)
--- a/portal/rest/submissions.py
+++ b/portal/rest/submissions.py
@@ -166,7 +166,8 @@ class SubmissionResultFiles(Resource):
    def post(self, sid: str):
        submission = general.find_submission(sid)
        # authorization
-        permissions.PermissionsService().require.sysadmin()
+        course = submission.project.course
+        permissions.PermissionsService(course=course).require.client(['evaluate_submissions'])
        # todo: authorize worker
        service = SubmissionsService(submission=submission)
        task = service.upload_results_to_storage()

--- a/portal/rest/users.py
+++ b/portal/rest/users.py
@@ -295,7 +295,7 @@ def get_submissions_based_on_permissions(client, user, course_id, project_ids):
    if find_client_owner(client) == user:
        return user.submissions
    else:
-        raise errors.ForbiddenError(uid=client.id)
+        raise errors.ForbiddenError(client)


 def get_submissions_based_on_permissions_for_course(client, course_id, project_ids, user):

--- a/portal/service/errors.py
+++ b/portal/service/errors.py
@@ -107,12 +107,10 @@ class UnauthorizedError(PortalAPIError):

 class ForbiddenError(PortalAPIError):
    # could use a resource identification (like 404)
-    def __init__(self, uid=None, note=None):
-        user_message = f"Forbidden for user: {uid}!" if uid else "Forbidden action."
-        message = dict(
-            uid=uid,
-            message=user_message,
-        )
+    def __init__(self, client=None, note=None):
+        user_message = f"Forbidden for {client.type}: {client.id}!" if client else \
+            'Forbidden action.'
+        message = dict(uid=client.id, message=user_message)
        if note:
            message['note'] = note


--- a/portal/service/groups.py
+++ b/portal/service/groups.py
@@ -192,7 +192,7 @@ class GroupService:
            return course.groups
        elif perm_service.check.client(['view_course_limited']):
            return filters.filter_groups_from_course(course=course, user=perm_service.client)
-        raise ForbiddenError(uid=perm_service.client.id)
+        raise ForbiddenError(perm_service.client)

    def remove_project(self, project: Project) -> Group:
        """Removes projects from the group

--- a/portal/service/permissions.py
+++ b/portal/service/permissions.py
@@ -70,7 +70,7 @@ class PermissionServiceRequire:

    def any_check(self, *checks):
        if not self.service.check.any_check(*checks):
-            raise ForbiddenError(self.service.client.id)
+            raise ForbiddenError(self.service.client)

    def update_course(self):
        self.client(['update_course'])

--- a/portal/service/projects.py
+++ b/portal/service/projects.py
@@ -155,7 +155,7 @@ class ProjectService:
            return course.projects
        elif perm_service.check.client(['view_course_limited']):
            return filters.filter_projects_from_course(course=course, user=perm_service.client)
-        raise ForbiddenError(uid=perm_service.client.id)
+        raise ForbiddenError(perm_service.client)

    def update_project_test_files(self):
        """ Sends a request to Storage to update the project's test_files to the newest version.

--- a/portal/service/roles.py
+++ b/portal/service/roles.py
@@ -185,4 +185,4 @@ class RoleService:
            return course.roles
        elif perm_service.check.client(['view_course_limited']):
            return filter_roles_from_course(course=course, client=perm_service.client)
-        raise ForbiddenError(uid=perm_service.client.id)
+        raise ForbiddenError(perm_service.client)
--- a/portal/service/submissions.py
+++ b/portal/service/submissions.py
@@ -139,7 +139,7 @@ class SubmissionsService(object):
        """
        new_state = data['state']
        if isinstance(client, User) and new_state != SubmissionState.CANCELLED:
-            raise errors.ForbiddenError(uid=client.id,
+            raise errors.ForbiddenError(client,
                                        note=f"User {client.id} cannot update "
                                             f"state to other than CANCELLED.")
        self.submission.change_state(new_state)

--- a/portal/tools/worker_client.py
+++ b/portal/tools/worker_client.py
@@ -31,6 +31,7 @@ class WorkerClient:
    def execute_submission(self, submission):
        log.info(f"[WC] Executing: {submission}")
        parameters = submission.parameters
+        parameters['test_files_hash'] = submission.project.config.test_files_commit_hash
        parameters['id'] = submission.id
        result = self.api.submissions.create(parameters, sid=submission.id)
        log.debug(f"[WC] Exec call result: {result}")