From 8b8086fe48720646186af8b77cace484a5127f29 Mon Sep 17 00:00:00 2001
From: David Read <david.read@hackneyworkshop.com>
Date: Wed, 9 Dec 2015 15:50:05 +0000
Subject: [PATCH] [#212] Fixes #212 - auth for harvest_job_create was broken.

---
 ckanext/harvest/logic/action/create.py |  4 +--
 ckanext/harvest/logic/action/update.py |  8 ++---
 ckanext/harvest/logic/auth/update.py   |  2 +-
 ckanext/harvest/tests/test_action.py   | 44 ++++++++++++++++++++++++--
 4 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/ckanext/harvest/logic/action/create.py b/ckanext/harvest/logic/action/create.py
index c71cad0..472d8f6 100644
--- a/ckanext/harvest/logic/action/create.py
+++ b/ckanext/harvest/logic/action/create.py
@@ -76,8 +76,8 @@ def harvest_job_create(context, data_dict):
     Creates a Harvest Job for a Harvest Source and runs it (by putting it on
     the gather queue)
 
-    :param source_id:
-    :type param: string
+    :param source_id: id of the harvest source to create a job for
+    :type source_id: string
     :param run: whether to also run it or not (default: True)
     :type run: bool
     '''
diff --git a/ckanext/harvest/logic/action/update.py b/ckanext/harvest/logic/action/update.py
index afeb131..3b14900 100644
--- a/ckanext/harvest/logic/action/update.py
+++ b/ckanext/harvest/logic/action/update.py
@@ -462,16 +462,16 @@ def harvest_send_job_to_gather_queue(context, data_dict):
     :type id: string
     '''
     log.info('Send job to gather queue: %r', data_dict)
-    check_access('harvest_send_job_to_gather_queue', context, data_dict)
 
     job_id = logic.get_or_bust(data_dict, 'id')
+    job = toolkit.get_action('harvest_job_show')(
+        context, {'id': job_id})
+
+    check_access('harvest_send_job_to_gather_queue', context, job)
 
     # gather queue
     publisher = get_gather_publisher()
 
-    job = logic.get_action('harvest_job_show')(
-        context, {'id': job_id})
-
     # Check the source is active
     context['detailed'] = False
     source = harvest_source_show(context, {'id': job['source_id']})
diff --git a/ckanext/harvest/logic/auth/update.py b/ckanext/harvest/logic/auth/update.py
index ae6c0fd..2bd70b9 100644
--- a/ckanext/harvest/logic/auth/update.py
+++ b/ckanext/harvest/logic/auth/update.py
@@ -66,7 +66,7 @@ def harvest_send_job_to_gather_queue(context, data_dict):
         It forwards the checks to harvest_job_create, ie the user can only run
         the job if she is allowed to create the job.
     '''
-    from ckanext.harvest.auth.create import harvest_job_create
+    from ckanext.harvest.logic.auth.create import harvest_job_create
     return harvest_job_create(context, data_dict)
 
 
diff --git a/ckanext/harvest/tests/test_action.py b/ckanext/harvest/tests/test_action.py
index 9cbfc36..1fc8c23 100644
--- a/ckanext/harvest/tests/test_action.py
+++ b/ckanext/harvest/tests/test_action.py
@@ -1,5 +1,4 @@
 import json
-import uuid
 import factories
 import unittest
 from nose.tools import assert_equal, assert_raises
@@ -7,11 +6,12 @@ from nose.plugins.skip import SkipTest
 
 try:
     from ckan.tests import factories as ckan_factories
-    from ckan.tests.helpers import _get_test_app, reset_db, FunctionalTestBase
+    from ckan.tests.helpers import (_get_test_app, reset_db,
+                                    FunctionalTestBase, assert_in)
 except ImportError:
     from ckan.new_tests import factories as ckan_factories
     from ckan.new_tests.helpers import (_get_test_app, reset_db,
-                                        FunctionalTestBase)
+                                        FunctionalTestBase, assert_in)
 from ckan import plugins as p
 from ckan.plugins import toolkit
 from ckan import model
@@ -403,6 +403,44 @@ class TestActions(ActionBase):
         toolkit.get_action('harvest_source_create')(
             {'user': site_user}, data_dict)
 
+    def test_harvest_job_create_as_sysadmin(self):
+        source = factories.HarvestSource(**SOURCE_DICT)
+
+        site_user = toolkit.get_action('get_site_user')(
+            {'model': model, 'ignore_auth': True}, {})['name']
+        data_dict = {
+            'source_id': source['id'],
+            'run': True
+            }
+        job = toolkit.get_action('harvest_job_create')(
+            {'user': site_user}, data_dict)
+
+        assert_equal(job['source_id'], source['id'])
+        assert_equal(job['status'], 'Running')
+        assert_equal(job['gather_started'], None)
+        assert_in('stats', job.keys())
+
+    def test_harvest_job_create_as_admin(self):
+        # as if an admin user presses 'refresh'
+        user = ckan_factories.User()
+        user['capacity'] = 'admin'
+        org = ckan_factories.Organization(users=[user])
+        source_dict = dict(SOURCE_DICT.items() +
+                           [('publisher_id', org['id'])])
+        source = factories.HarvestSource(**source_dict)
+
+        data_dict = {
+            'source_id': source['id'],
+            'run': True
+            }
+        job = toolkit.get_action('harvest_job_create')(
+            {'user': user['name']}, data_dict)
+
+        assert_equal(job['source_id'], source['id'])
+        assert_equal(job['status'], 'Running')
+        assert_equal(job['gather_started'], None)
+        assert_in('stats', job.keys())
+
 
 class TestHarvestObject(unittest.TestCase):
     @classmethod