From f224df9f4c4b923f7c68f832e4914a07ae5df0ed Mon Sep 17 00:00:00 2001
From: Matt Jaquiery <matt.jaquiery@dtc.ox.ac.uk>
Date: Tue, 10 Sep 2024 10:38:17 +0100
Subject: [PATCH] fix: upload bugs

- Fixed incorrect user permissions check
- Fixed incorrect parser selection
---
 backend_django/config/settings_base.py         | 2 +-
 backend_django/galv/serializers/serializers.py | 2 +-
 backend_django/galv/tests/test_files.py        | 9 +++++++++
 backend_django/galv/views.py                   | 5 +++++
 docs/source/conf.py                            | 2 +-
 docs/tags.json                                 | 2 +-
 6 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/backend_django/config/settings_base.py b/backend_django/config/settings_base.py
index 3cc6af5..c8e7f7c 100644
--- a/backend_django/config/settings_base.py
+++ b/backend_django/config/settings_base.py
@@ -20,7 +20,7 @@
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 import os
 
-API_VERSION = "2.4.0"
+API_VERSION = "2.4.1"
 
 try:
     USER_ACTIVATION_TOKEN_EXPIRY_S = int(os.environ.get("DJANGO_USER_ACTIVATION_TOKEN_EXPIRY_S"))
diff --git a/backend_django/galv/serializers/serializers.py b/backend_django/galv/serializers/serializers.py
index a432eb0..568d46f 100644
--- a/backend_django/galv/serializers/serializers.py
+++ b/backend_django/galv/serializers/serializers.py
@@ -1818,7 +1818,7 @@ def validate_uploader(self, value):
             raise ValidationError("You may not change the uploader of a File")
         if value != user and not value.is_superuser:
             raise ValidationError("You may only create Files for yourself")
-        if len(self.context['request'].user_auth_details.team_ids) == 0:
+        if len(get_user_auth_details(self.context['request']).team_ids) == 0:
             raise ValidationError("You must be a member of a team to create Files")
         return value
 
diff --git a/backend_django/galv/tests/test_files.py b/backend_django/galv/tests/test_files.py
index 4b116f5..7cabcd5 100644
--- a/backend_django/galv/tests/test_files.py
+++ b/backend_django/galv/tests/test_files.py
@@ -173,6 +173,15 @@ def get_upload_data(user_id):
                     response = self.client.post(reverse(f'{self.stub}-list'), data=data, format='multipart')
                     assert_response_property(self, response, self.assertEqual, response.status_code, details['code'])
 
+        with self.subTest("JSON not allowed"):
+            with tempfile.TemporaryFile() as f:
+                f.write(b"ElapsedTime_s,Current_A,Voltage_V\n1,2,3\n2,2,3\n3,2,3\n4,2,3\n5,2,3\n6,2,3\n7,2,3\n8,2,3\n9,2,3\n10,2,3\n11,3,3\n")
+                f.seek(0)
+                self.client.force_authenticate(self.user)
+                data = {**get_upload_data(self.user.id), "file": f}
+                response = self.client.post(reverse(f'{self.stub}-list'), data=data, format='json')
+                assert_response_property(self, response, self.assertEqual, response.status_code, 415)
+
         with self.subTest("Two-stage upload"):
             observed_file = None
             with self.subTest("Stage one - no mapping"):
diff --git a/backend_django/galv/views.py b/backend_django/galv/views.py
index 506db6e..72dc37f 100644
--- a/backend_django/galv/views.py
+++ b/backend_django/galv/views.py
@@ -1263,6 +1263,11 @@ class ObservedFileViewSet(DescribeSelfMixin, viewsets.ModelViewSet):
     queryset = ObservedFile.objects.all().order_by('-last_observed_time', '-id')
     http_method_names = ['get', 'post', 'patch', 'options']
 
+    def get_parsers(self):
+        if self.request is not None and self.action_map.get(self.request.method.lower()) == 'create':
+            return [MultiPartParser(), FormParser()]
+        return super().get_parsers()
+
     def get_serializer_class(self):
         if self.action == "create":
             return ObservedFileCreateSerializer
diff --git a/docs/source/conf.py b/docs/source/conf.py
index d529092..66680a9 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -11,7 +11,7 @@
 project = 'Galv'
 copyright = '2023, Oxford RSE'
 author = 'Oxford RSE'
-release = '2.4.0'
+release = '2.4.1'
 
 # -- General configuration ---------------------------------------------------
 # https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
diff --git a/docs/tags.json b/docs/tags.json
index 9ea4ab5..a2808f4 100644
--- a/docs/tags.json
+++ b/docs/tags.json
@@ -1 +1 @@
-["v2.2.0", "v2.3.1", "v2.4.0", "main"]
\ No newline at end of file
+["v2.2.0", "v2.3.1", "v2.4.1", "main"]
\ No newline at end of file