Allow annotations with certain invalid permissons

The client auth state can sometimes be out of sync (see #2924). This commit tries to fix the data problem when annotations have been created when the client got confused and put a different user into the `annotation[user]` and the permission fields. When we come across an annotation where the permission field values start with `acct:` but don't match the user of the annotation, we discard the permission values and use the user of the annotation.
hypothesis · Feb 17, 2016 · 4ae7673 · 4ae7673
1 parent 5348aaf
commit 4ae7673
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/scripts/migrate.py b/scripts/migrate.py
@@ -341,7 +341,12 @@ def _permissions_allow_sharing(user, group, perms):
         read_perms = [gperm]
 
     if (read_perms != [gperm] and read_perms != [user]):
-        raise Skip('invalid read permissions: {!r}'.format(perms))
+        # attempt to fix data when client auth state is out of sync by
+        # by overriding the permissions with the user of the annotation.
+        if read_perms[0].startswith('acct:'):
+            read_perms = [user]
+        else:
+            raise Skip('invalid read permissions: {!r}'.format(perms))
 
     for other in ['admin', 'delete', 'update']:
         other_perms = perms.get(other, [])
@@ -362,7 +367,7 @@ def _permissions_allow_sharing(user, group, perms):
         if len(other_perms) > 1 and user in other_perms:
             continue
 
-        if other_perms != [user]:
+        if (other_perms != [user] and not other_perms[0].startswith('acct:')):
             raise Skip('invalid {} permissions: {!r}'.format(other, perms))
 
     # And, now, we ignore everything other than the read permissions. If