From 89c66547d672ccee7c528cca04cc570305254aac Mon Sep 17 00:00:00 2001 From: David Manthey Date: Wed, 25 Sep 2024 12:44:50 -0400 Subject: [PATCH] Fix access for user context on writing config files. This has to be done when checking if we can read or write the folder. --- girder/girder_large_image/__init__.py | 2 +- girder/girder_large_image/rest/__init__.py | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/girder/girder_large_image/__init__.py b/girder/girder_large_image/__init__.py index 1c0f90b0f..02e5e1acb 100644 --- a/girder/girder_large_image/__init__.py +++ b/girder/girder_large_image/__init__.py @@ -613,7 +613,7 @@ def yamlConfigFileWrite(folder, name, user, yaml_config, user_context): :param user_context: whether these settings should only apply to the current user. """ yaml_parsed = yaml.safe_load(yaml_config) - item = Item().createItem(name, user, folder, reuseExisting=True, force=bool(user_context)) + item = Item().createItem(name, user, folder, reuseExisting=True) existingFiles = list(Item().childFiles(item)) if (len(existingFiles) == 1 and existingFiles[0]['mimeType'] == 'application/yaml' and diff --git a/girder/girder_large_image/rest/__init__.py b/girder/girder_large_image/rest/__init__.py index ecb33766f..5b6bfb230 100644 --- a/girder/girder_large_image/rest/__init__.py +++ b/girder/girder_large_image/rest/__init__.py @@ -131,7 +131,7 @@ def getYAMLConfigFile(self, folder, name): return yamlConfigFile(folder, name, user) -@access.public(scope=TokenScope.DATA_WRITE) +@access.public(scope=TokenScope.DATA_READ) @autoDescribeRoute( Description('Get a config file.') .notes( @@ -139,7 +139,7 @@ def getYAMLConfigFile(self, folder, name): 'specified name containing a single file also of the specified ' 'name. The file is added to the default assetstore, and any existing ' 'file may be permanently deleted.') - .modelParam('id', model=Folder, level=AccessType.WRITE) + .modelParam('id', model=Folder, level=AccessType.READ) .param('name', 'The name of the file.', paramType='path') .param('user_context', 'Whether these settings should only apply to the ' 'current user.', paramType='query', dataType='boolean', default=False) @@ -151,5 +151,7 @@ def putYAMLConfigFile(self, folder, name, config, user_context): from .. import yamlConfigFileWrite user = self.getCurrentUser() + if not user_context: + Folder().hasAccess(folder, user, AccessType.WRITE) config = config.read().decode('utf8') return yamlConfigFileWrite(folder, name, user, config, user_context)