pretranslators group + test group auth

Author: functionzz

pontoon/api/authentication.py

@@ -1,12 +1,18 @@
 from rest_framework.authentication import BaseAuthentication
 from rest_framework.exceptions import AuthenticationFailed
+from rest_framework.permissions import BasePermission
 
 from django.contrib.auth.hashers import check_password
 from django.utils import timezone
 
 from pontoon.api.models import PersonalAccessToken
 
 
+class IsPretranslator(BasePermission):
+    def has_permission(self, request, view):
+        return request.user.groups.filter(name="pretranslators").exists()
+
+
 class PersonalAccessTokenAuthentication(BaseAuthentication):
     def authenticate(self, request):
         auth_header = request.headers.get("Authorization")

pontoon/api/tests/test_views.py

@@ -3,6 +3,7 @@
 from rest_framework.test import APIClient
 
 from django.contrib.auth.hashers import make_password
+from django.contrib.auth.models import Group
 from django.db.models import Prefetch
 from django.utils.timezone import now, timedelta
 
@@ -1463,7 +1464,38 @@ def test_translation_search(django_assert_num_queries):
 
 
 @pytest.mark.django_db
-def test_pretranslation_tm(django_assert_num_queries, member):
+def test_pretranslation_group_authentication(member):
+    dummy_group = Group.objects.create(name="dummies")
+
+    member.user.groups.add(dummy_group)
+    token = PersonalAccessToken.objects.create(
+        user=member.user,
+        name="Test Token 1",
+        token_hash="hashed_token",
+        expires_at=now() + timedelta(days=1),
+    )
+    token_id = token.id
+    token_unhashed = "unhashed-token"
+    token.token_hash = make_password(token_unhashed)
+    token.save()
+
+    # test no pretranslators group
+    response = APIClient().post(
+        "/api/v2/pretranslate/",
+        HTTP_ACCEPT="application/json",
+        headers={"Authorization": f"Bearer {token_id}_{token_unhashed}"},
+    )
+
+    assert response.status_code == 403
+    assert response.data == {
+        "detail": "You do not have permission to perform this action."
+    }
+
+
+@pytest.mark.django_db
+def test_pretranslation_tm(member):
+    pretranslators = Group.objects.get(name="pretranslators")
+    member.user.groups.add(pretranslators)
     token = PersonalAccessToken.objects.create(
         user=member.user,
         name="Test Token 1",

pontoon/api/views.py

@@ -16,7 +16,10 @@
 from django.views.decorators.http import require_GET
 
 from pontoon.actionlog.models import ActionLog
-from pontoon.api.authentication import PersonalAccessTokenAuthentication
+from pontoon.api.authentication import (
+    IsPretranslator,
+    PersonalAccessTokenAuthentication,
+)
 from pontoon.api.filters import TermFilter, TranslationMemoryFilter
 from pontoon.base import forms
 from pontoon.base.models import (
@@ -467,7 +470,7 @@ def get_queryset(self):
 
 
 class PretranslationView(APIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, IsPretranslator]
     authentication_classes = [PersonalAccessTokenAuthentication]
 
     def post(self, request):

pontoon/base/migrations/0101_auto_20251202_0718.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.26 on 2025-12-02 07:18
+
+from django.db import migrations
+
+
+def create_pretranslators_group(apps, schema_editor):
+    Group = apps.get_model("auth", "Group")
+    Group.objects.get_or_create(name="pretranslators")
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("base", "0100_android_as_mf2"),
+    ]
+
+    operations = [
+        migrations.RunPython(create_pretranslators_group),
+    ]