From fe2d879e245723093c7e64f8718b90672d4084dc Mon Sep 17 00:00:00 2001
From: David Manthey <david.manthey@kitware.com>
Date: Fri, 18 Aug 2023 10:13:17 -0400
Subject: [PATCH] Allow users with only annotation access to edit annotations

---
 CHANGELOG.md                                     |  3 +++
 .../rest/annotation.py                           | 16 ++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 811a40ac6..4d2c74ab3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@
 ### Changes
 - Adjust tifffile log level ([#1265](../../pull/1265))
 
+### Bug Fixes
+- Allow users with only annotation access to edit annotations ([#1267](../../pull/1267))
+
 ## 1.23.3
 
 ### Improvements
diff --git a/girder_annotation/girder_large_image_annotation/rest/annotation.py b/girder_annotation/girder_large_image_annotation/rest/annotation.py
index 6a485d750..c47abcb26 100644
--- a/girder_annotation/girder_large_image_annotation/rest/annotation.py
+++ b/girder_annotation/girder_large_image_annotation/rest/annotation.py
@@ -334,8 +334,9 @@ def updateAnnotation(self, annotation, params):
         user = self.getCurrentUser()
         item = Item().load(annotation.get('itemId'), force=True)
         if item is not None:
-            Item().requireAccess(
-                item, user=user, level=AccessType.WRITE)
+            Item().hasAccessFlags(
+                item, user, constants.ANNOTATION_ACCESS_FLAG) or Item().requireAccess(
+                    item, user=user, level=AccessType.WRITE)
         # If we have a content length, then we have replacement JSON.  If
         # elements are not included, don't replace them
         returnElements = True
@@ -347,8 +348,9 @@ def updateAnnotation(self, annotation, params):
                 returnElements = False
         if params.get('itemId'):
             newitem = Item().load(params['itemId'], force=True)
-            Item().requireAccess(
-                newitem, user=user, level=AccessType.WRITE)
+            Item().hasAccessFlags(
+                newitem, user, constants.ANNOTATION_ACCESS_FLAG) or Item().requireAccess(
+                    newitem, user=user, level=AccessType.WRITE)
             annotation['itemId'] = newitem['_id']
         try:
             annotation = Annotation().updateAnnotation(annotation, updateUser=user)
@@ -374,8 +376,10 @@ def deleteAnnotation(self, annotation, params):
         # Ensure that we have write access to the parent item
         item = Item().load(annotation.get('itemId'), force=True)
         if item is not None:
-            Item().requireAccess(
-                item, user=self.getCurrentUser(), level=AccessType.WRITE)
+            user = self.getCurrentUser()
+            Item().hasAccessFlags(
+                item, user, constants.ANNOTATION_ACCESS_FLAG) or Item().requireAccess(
+                    item, user, level=AccessType.WRITE)
         setResponseTimeLimit(86400)
         Annotation().remove(annotation)