From b944c9c26908aa33688698f83fffd60c16d593f8 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Wed, 26 Sep 2018 20:23:31 -0500
Subject: [PATCH] Allow 'analyst_comments' tag from web log form

We normally require permissions to add tags to log messages or to
create logs with tags attached, but we want to apply the
'analyst_comments' tag to log messages posted from the web form
no matter what, so we add a check where that doesn't require
special permission if the request is AJAX.
---
 gracedb/api/v1/superevents/permissions.py       | 17 +++++++++++++----
 gracedb/api/v1/superevents/tests/test_access.py |  2 +-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/gracedb/api/v1/superevents/permissions.py b/gracedb/api/v1/superevents/permissions.py
index c10418f83..9814a28a4 100644
--- a/gracedb/api/v1/superevents/permissions.py
+++ b/gracedb/api/v1/superevents/permissions.py
@@ -198,12 +198,20 @@ class SupereventLogModelPermissions(FunctionalModelPermissions):
     tag_data_field = 'tagname'
 
     def get_post_permissions(self, request):
-        # Get tag names from request data
+        # Get tag names from request data - should be a list (with client)
+        # NOTE: it's just a string for the way it's constructed
+        # from the web interface
         tag_names = request.data.get(self.tag_data_field, None)
 
         required_permissions = []
-        if tag_names is not None:
-
+        if ((tag_names == 'analyst_comments' or
+            tag_names == ['analyst_comments']) and request.is_ajax()):
+            # Special case for log messages posted from the web interface
+            # using AJAX.  I.e., if a message is posted from the web view
+            # and only the default 'analyst_comments' tag is attached,
+            # that's fine.
+            pass
+        elif tag_names is not None:
             # If any tags, require add_tag permission.
             required_permissions.append('superevents.tag_log')
 
@@ -224,7 +232,8 @@ class SupereventLogModelPermissions(FunctionalModelPermissions):
                         'log messages to the public by applying the \'{0}\' '
                         'tag.').format(settings.PUBLIC_ACCESS_TAGNAME)
             else:
-                self.message = "You are not allowed to tag log messages."
+                self.message = ("You are not allowed to post log messages "
+                    "with tags.")
 
         return required_permissions
 
diff --git a/gracedb/api/v1/superevents/tests/test_access.py b/gracedb/api/v1/superevents/tests/test_access.py
index d67af9ea5..71254416a 100644
--- a/gracedb/api/v1/superevents/tests/test_access.py
+++ b/gracedb/api/v1/superevents/tests/test_access.py
@@ -1374,7 +1374,7 @@ class TestSupereventLogList(AccessManagersGroupAndUserSetup,
             data=log_data)
         # Check response and data
         self.assertEqual(response.status_code, 403)
-        self.assertIn('You are not allowed to tag log messages',
+        self.assertIn('You are not allowed to post log messages with tags',
             response.data['detail'])
 
     def test_public_user_create_log(self):
-- 
GitLab