Fix access for user context on writing config files.

This has to be done when checking if we can read or write the folder.

girder/girder_large_image/__init__.py

@@ -613,7 +613,7 @@ def yamlConfigFileWrite(folder, name, user, yaml_config, user_context):
     :param user_context: whether these settings should only apply to the current user.
     """
     yaml_parsed = yaml.safe_load(yaml_config)
-    item = Item().createItem(name, user, folder, reuseExisting=True, force=bool(user_context))
+    item = Item().createItem(name, user, folder, reuseExisting=True)
     existingFiles = list(Item().childFiles(item))
     if (len(existingFiles) == 1 and
             existingFiles[0]['mimeType'] == 'application/yaml' and

girder/girder_large_image/rest/__init__.py

@@ -131,15 +131,15 @@ def getYAMLConfigFile(self, folder, name):
     return yamlConfigFile(folder, name, user)
 
 
-@access.public(scope=TokenScope.DATA_WRITE)
+@access.public(scope=TokenScope.DATA_READ)
 @autoDescribeRoute(
     Description('Get a config file.')
     .notes(
         'This replaces or creates an item in the specified folder with the '
         'specified name containing a single file also of the specified '
         'name.  The file is added to the default assetstore, and any existing '
         'file may be permanently deleted.')
-    .modelParam('id', model=Folder, level=AccessType.WRITE)
+    .modelParam('id', model=Folder, level=AccessType.READ)
     .param('name', 'The name of the file.', paramType='path')
     .param('user_context', 'Whether these settings should only apply to the '
            'current user.', paramType='query', dataType='boolean', default=False)
@@ -151,5 +151,7 @@ def putYAMLConfigFile(self, folder, name, config, user_context):
     from .. import yamlConfigFileWrite
 
     user = self.getCurrentUser()
+    if not user_context:
+        Folder().hasAccess(folder, user, AccessType.WRITE)
     config = config.read().decode('utf8')
     return yamlConfigFileWrite(folder, name, user, config, user_context)