Allow project-less API token with the "modify_project" ACL to update watchers

This will make it easier for admin of the instance running at
src.fedoraproject.org to update the watchers of a project via the API.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

pagure/api/project.py

@@ -2167,7 +2167,7 @@ def api_commit_add_flag(repo, commit_hash, username=None, namespace=None):
 @API.route(
     "/fork/<username>/<namespace>/<repo>/watchers/update", methods=["POST"]
 )
-@api_login_required(acls=["update_watch_status"])
+@api_login_required(acls=["modify_project", "update_watch_status"])
 @api_method
 def api_update_project_watchers(repo, username=None, namespace=None):
     """
@@ -2229,7 +2229,7 @@ def api_update_project_watchers(repo, username=None, namespace=None):
     """
 
     project = _get_repo(repo, username, namespace)
-    _check_token(project)
+    _check_token(project, project_token=False)
 
     # Get the input submitted
     data = get_request_data()

tests/test_pagure_flask_api_project_update_watch.py

@@ -43,6 +43,14 @@ class PagureFlaskApiProjectUpdateWatchTests(tests.Modeltests):
         tests.create_projects_git(os.path.join(self.path, "tickets"))
         tests.create_tokens(self.session)
         tests.create_tokens_acl(self.session)
+        tests.create_tokens(
+            self.session, user_id=1, project_id=None, suffix="_project_less"
+        )
+        tests.create_tokens_acl(
+            self.session,
+            token_id="aaabbbcccddd_project_less",
+            acl_name="modify_project",
+        )
 
         # Create normal issue
         repo = pagure.lib.query.get_authorized_project(self.session, "test")
@@ -232,6 +240,37 @@ class PagureFlaskApiProjectUpdateWatchTests(tests.Modeltests):
             },
         )
 
+    @patch("pagure.utils.is_admin", MagicMock(return_value=True))
+    def test_api_update_project_watchers_set_then_reset(self):
+        """ Test the api_update_project_watchers method of the flask api. """
+
+        headers = {"Authorization": "token aaabbbcccddd_project_less"}
+        data = {"watcher": "foo", "status": "2"}
+
+        output = self.app.post(
+            "/api/0/test/watchers/update", headers=headers, data=data
+        )
+        self.assertEqual(output.status_code, 200)
+        data = json.loads(output.get_data(as_text=True))
+        self.assertDictEqual(
+            data,
+            {
+                "message": "You are now watching commits on this project",
+                "status": "ok",
+            },
+        )
+
+        data = {"watcher": "foo", "status": "-1"}
+
+        output = self.app.post(
+            "/api/0/test/watchers/update", headers=headers, data=data
+        )
+        self.assertEqual(output.status_code, 200)
+        data = json.loads(output.get_data(as_text=True))
+        self.assertDictEqual(
+            data, {"message": "Watch status reset", "status": "ok"},
+        )
+
     @patch("pagure.utils.is_admin", MagicMock(return_value=True))
     def test_api_update_project_watchers_invalid_user_admin(self):
         """ Test the api_update_project_watchers method of the flask api. """