Make identification task attribute able on list if user has annotated on task

Author: epou

api/mixins.py

@@ -0,0 +1,17 @@
+from typing import Optional
+
+from tigacrafting.models import IdentificationTask
+
+class IdentificationTaskNestedAttribute():
+    def get_parent_lookup_url_kwarg(self) -> str:
+        return 'observation_uuid'
+
+    def get_identification_task_obj(self) -> Optional[IdentificationTask]:
+        if task_id := self.kwargs.get(self.get_parent_lookup_url_kwarg(), None):
+            return IdentificationTask.objects.get(pk=task_id)
+
+    def get_permissions(self):
+        return [
+            permission(identification_task=self.get_identification_task_obj())
+            for permission in self.permission_classes
+        ]

api/permissions.py

@@ -1,3 +1,5 @@
+from typing import Optional
+
 from django.contrib.auth import get_user_model
 from django.core.exceptions import MultipleObjectsReturned
 
@@ -190,6 +192,15 @@ def has_permission(self, request, view):
         })
 
 class BaseIdentificationTaskAttributePermissions(BaseIdentificationTaskPermissions):
+    def __init__(self, identification_task, *args, **kwargs):
+        self.identification_task = identification_task
+        super().__init__(*args, **kwargs)
+
+    def has_permission(self, request, view):
+        if view.action == 'list' and self.identification_task:
+            if self._check_is_annotator(request, view, obj=self.identification_task):
+                return True
+        return super().has_permission(request, view)
     pass
 
 class AnnotationPermissions(BaseIdentificationTaskAttributePermissions):

api/tests/integration/identification_tasks/annotations/list.tavern.yml

@@ -55,6 +55,31 @@ stages:
       method: "GET"
       headers:
         Authorization: "Bearer {jwt_token_user_can_view:s}"
+    response:
+      status_code: 200
+      json: !force_format_include "{response_list_data_validation}"
+
+---
+
+test_name: Annotation can be lsit by users without permissions if from a identification task they have annotate.
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - endpoint
+    - annotation
+    - jwt_token_user
+
+stages:
+  - name: User without perm view can retrieve if annotation from the same task
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      method: "GET"
+      headers:
+        Authorization: "Bearer {jwt_token_user:s}"
     response:
       status_code: 200
       json: !force_format_include "{response_list_data_validation}"

api/tests/integration/identification_tasks/predictions/list.tavern.yml

@@ -56,6 +56,33 @@ stages:
       method: "GET"
       headers:
         Authorization: "Bearer {jwt_token_user_can_view:s}"
+    response:
+      status_code: 200
+      json: !force_format_include "{response_list_data_validation}"
+
+
+---
+
+test_name: Predictions can be list by users without permissions if from a identification task they have annotate.
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - endpoint
+    - annotation
+    - photo_prediction
+    - jwt_token_user
+
+stages:
+  - name: User without perm view can list if annotation from the same task
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      method: "GET"
+      headers:
+        Authorization: "Bearer {jwt_token_user:s}"
     response:
       status_code: 200
       json: !force_format_include "{response_list_data_validation}"

api/views.py

@@ -55,6 +55,7 @@
     AnnotationFilter,
     TaxonFilter
 )
+from .mixins import IdentificationTaskNestedAttribute
 from .serializers import (
     PartnerSerializer,
     CampaignSerializer,
@@ -565,7 +566,7 @@ def assign_next(self, request):
             )
         ]
     )
-    class PhotoPredictionViewSet(NestedViewSetMixin, CreateModelMixin, RetrieveModelMixin, ListModelMixin, UpdateModelMixin, DestroyModelMixin, GenericNoMobileViewSet):
+    class PhotoPredictionViewSet(IdentificationTaskNestedAttribute, NestedViewSetMixin, CreateModelMixin, RetrieveModelMixin, ListModelMixin, UpdateModelMixin, DestroyModelMixin, GenericNoMobileViewSet):
         queryset = PhotoPrediction.objects.all()
         permission_classes = (PhotoPredictionPermissions, )
 
@@ -597,7 +598,7 @@ def get_serializer_context(self):
             )
         ]
     )
-    class AnnotationViewSet(NestedViewSetMixin, ListModelMixin, RetrieveModelMixin, CreateModelMixin, GenericNoMobileViewSet):
+    class AnnotationViewSet(IdentificationTaskNestedAttribute, NestedViewSetMixin, ListModelMixin, RetrieveModelMixin, CreateModelMixin, GenericNoMobileViewSet):
         queryset = ExpertReportAnnotation.objects.is_annotation().select_related(
             'user',
             'report',