check user permissions using "permissions" field (#130)

* use only "permissions" to determine whether user has write access

Author: alexbruy

mergin/client.py

@@ -848,3 +848,17 @@ def resolve_unfinished_pull(self, directory):
         mp = MerginProject(directory)
         conflicts = mp.resolve_unfinished_pull(self.username())
         return conflicts
+
+    def has_writing_permissions(self, project_path):
+        """
+        Test whether user has writing permissions on the given project.
+        We rely on the "permissions" field here, as it provides more accurate
+        information and take into account namespace permissions too.
+
+        :param project_path: project's path on server in the form or namespace/project
+        :type directory: str
+        :returns: whether user has writing (upload) permission on the project
+        :rtype: bool
+        """
+        info = self.project_info(project_path)
+        return info["permissions"]["upload"]

mergin/client_push.py

@@ -101,7 +101,10 @@ def push_project_async(mc, directory):
     mp.log.info(f"got project info: local version {local_version} / server version {server_version}")
 
     username = mc.username()
-    if username not in server_info["access"]["writersnames"]:
+    # permissions field contains information about update, delete and upload privileges of the user
+    # on a specific project. This is more accurate information then "writernames" field, as it takes
+    # into account namespace privileges. So we have to check only "permissions", namely "upload" one
+    if not mc.has_writing_permissions(project_path):
         mp.log.error(f"--- push {project_path} - username {username} does not have write access")
         raise ClientError(f"You do not seem to have write access to the project (username '{username}')")
 

mergin/test/test_client.py

@@ -1625,7 +1625,6 @@ def test_project_versions_list(mc):
     assert versions[0]["name"] == "v2"
     assert versions[-1]["name"] == "v4"
 
-
 def test_report(mc):
     test_project = 'test_download_diffs'
     project = API_USER + '/' + test_project
@@ -1662,3 +1661,45 @@ def test_report(mc):
     shutil.rmtree(directory)
     with pytest.raises(InvalidProject):
         create_report(mc, directory, since, to, report_file)
+
+def test_project_versions_list(mc, mc2):
+    """
+    Test retrieving user permissions
+    """
+    test_project = 'test_permissions'
+    test_project_fullname = API_USER2 + '/' + test_project
+
+    # cleanups
+    project_dir = os.path.join(TMP_DIR, test_project, API_USER)
+    cleanup(mc, test_project_fullname, [project_dir])
+    cleanup(mc2, test_project_fullname, [project_dir])
+
+    # create new (empty) project on server
+    mc2.create_project(test_project)
+
+    # Add reader access to another client
+    project_info = get_project_info(mc2, API_USER2, test_project)
+    access = project_info['access']
+    access['readersnames'].append(API_USER)
+    mc2.set_project_access(test_project_fullname, access)
+
+    # reader should not have write access
+    assert not mc.has_writing_permissions(test_project_fullname)
+
+    # Add writer access to another client
+    project_info = get_project_info(mc2, API_USER2, test_project)
+    access = project_info['access']
+    access['writersnames'].append(API_USER)
+    mc2.set_project_access(test_project_fullname, access)
+
+    # now user shold have write access
+    assert mc.has_writing_permissions(test_project_fullname)
+
+    # test organization permissions
+    test_project_fullname = 'testorg' + '/' + 'test_org_permissions'
+
+    # owner should have write access
+    assert mc.has_writing_permissions(test_project_fullname)
+
+    # writer should have write access
+    assert mc2.has_writing_permissions(test_project_fullname)