allow editing of taskruns

pybossa/api/task.py

@@ -62,6 +62,10 @@ def _forbidden_attributes(self, data):
                 raise BadRequest("Reserved keys in payload")
 
     def _update_attribute(self, new, old):
+        for key, value in old.info.items():
+            if not new.info.get(key):
+                new.info[key] = value
+
         gold_task = bool(new.gold_answers)
         n_taskruns = len(new.task_runs)
         if new.state == 'completed':

pybossa/api/task_run.py

@@ -114,6 +114,11 @@ def _update_object(self, taskrun):
         self._add_user_info(taskrun)
         self._add_timestamps(taskrun, task, guard)
 
+    def _update_attribute(self, new, old):
+        for key, value in old.info.items():
+            if not new.info.get(key):
+                new.info[key] = value
+
     def _forbidden_attributes(self, data):
         for key in data.keys():
             if key in self.reserved_keys:

pybossa/auth/taskrun.py

@@ -67,7 +67,11 @@ def _read(self, user, taskrun=None):
         return user.is_authenticated
 
     def _update(self, user, taskrun):
-        return self._delete(user, taskrun)
+        if taskrun.user_id is None:
+            return user.admin
+        project = self.project_repo.get(taskrun.project_id)
+        allow_taskrun_edit = project.info.get("allow_taskrun_edit") or False
+        return user.admin or (allow_taskrun_edit and taskrun.user_id == user.id)
 
     def _delete(self, user, taskrun):
         if user.is_anonymous: