From 37e183e73866c3db42a921b2cc0bf36879e03d78 Mon Sep 17 00:00:00 2001
From: Max Metz <max.metz@scope-sorting.com>
Date: Mon, 14 Oct 2024 12:20:32 +0200
Subject: [PATCH] regardless of the BSMD flag, BSMD users are now able to
 perform shipcall PUT-requests

---
 .../validators/input_validation_shipcall.py   | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/src/server/BreCal/validators/input_validation_shipcall.py b/src/server/BreCal/validators/input_validation_shipcall.py
index c8fb23e..bcfb655 100644
--- a/src/server/BreCal/validators/input_validation_shipcall.py
+++ b/src/server/BreCal/validators/input_validation_shipcall.py
@@ -12,6 +12,7 @@ from BreCal.impl.berths import GetBerths
 
 from BreCal.database.enums import ParticipantType, ParticipantFlag
 from BreCal.validators.input_validation_utils import check_if_user_is_bsmd_type, check_if_ship_id_is_valid, check_if_berth_id_is_valid, check_if_participant_ids_are_valid, check_if_participant_ids_and_types_are_valid, get_shipcall_id_dictionary, get_participant_type_from_user_data
+from BreCal.database.sql_handler import get_assigned_participant_of_type
 from BreCal.database.sql_handler import execute_sql_query_standalone
 from BreCal.validators.validation_base_utils import check_if_int_is_valid_flag
 from BreCal.validators.validation_base_utils import check_if_string_has_special_characters
@@ -482,12 +483,12 @@ class InputValidationShipcall():
             a) belong to the ASSIGNED agency participant group
             b) belong to a BSMD participant, if the assigned agency has enabled the bit flag
 
-        When there is not yet an assigned agency for the respective shipcall, the request fails, and the user is considered as not authorized. 
+        When there is not yet an assigned agency for the respective shipcall, only BSMD users are authorized. 
         This mechanism prevents self-assignment of an agency to arbitrary shipcalls. 
         """
         ### preparation ###
         # use the decoded JWT token and extract the participant type & participant id
-        participant_id = user_data.get("participant_id")
+        user_participant_id = user_data.get("participant_id")
         participant_type = get_participant_type_from_user_data(user_data)
         user_is_bsmd = (ParticipantType.BSMD in participant_type)
 
@@ -497,42 +498,41 @@ class InputValidationShipcall():
         ### AGENCY in SPM ###
         # determine, who is assigned as the agency for the shipcall
         if shipcall_participant_map is None:
-            query = 'SELECT * FROM shipcall_participant_map where (shipcall_id = ?shipcall_id? AND type=?participant_type?)'
-            assigned_agency = execute_sql_query_standalone(query=query, model=ShipcallParticipantMap, param={"shipcall_id" : shipcall_id, "participant_type":int(ParticipantType.AGENCY)})
+            # query = 'SELECT * FROM shipcall_participant_map where (shipcall_id = ?shipcall_id? AND type=?participant_type?)'
+            # assigned_agency = execute_sql_query_standalone(query=query, model=ShipcallParticipantMap, param={"shipcall_id" : shipcall_id, "participant_type":int(ParticipantType.AGENCY)})
+            assigned_agency = get_assigned_participant_of_type(shipcall_id, participant_type=ParticipantType.AGENCY)
+            an_agency_is_assigned = True if assigned_agency is not None else False
+
         else:
-            assigned_agency = [spm for spm in shipcall_participant_map if int(spm.type) == int(ParticipantType.AGENCY)]
-
-        an_agency_is_assigned = len(assigned_agency)==1
-        if len(assigned_agency)>1:
-            raise ValidationError({"internal_error":f"Internal error? Found more than one assigned agency for the shipcall with ID {shipcall_id}. Found: {assigned_agency}"})
-
-        if an_agency_is_assigned:
             # Agency assigned? User must belong to the assigned agency or be a BSMD user, in case the flag is set
+            assigned_agency = [spm for spm in shipcall_participant_map if int(spm.type) == int(ParticipantType.AGENCY)]
+            an_agency_is_assigned = len(assigned_agency)==1
+
+            if len(assigned_agency)>1:
+                raise ValidationError({"internal_error":f"Internal error? Found more than one assigned agency for the shipcall with ID {shipcall_id}. Found: {assigned_agency}"})
             assigned_agency = assigned_agency[0]
 
-            # determine, whether the assigned agency has set the BSMD-flag to allow BSMD users to edit their assigned shipcalls
-            query = 'SELECT * FROM participant where (id = ?participant_id?)'
-            agency_participant = execute_sql_query_standalone(query=query, param={"participant_id" : assigned_agency.participant_id}, command_type="single", model=Participant)
+        if an_agency_is_assigned:
+            assert isinstance(assigned_agency, Participant), f"expecting the assigency agency to be a Participant object. Found: {type(assigned_agency)}"
+            assert isinstance(assigned_agency.flags, int), f"this method has currently only been developed with 'flags' being set as an integer. Found: {type(assigned_agency.flags)}"
 
-            assert isinstance(agency_participant.flags, int), f"this method has currently only been developed with 'flags' being set as an integer. Found: {type(agency_participant.flags)}"
-            agency_has_bsmd_flag = agency_participant.flags==1 # once the flags are an IntFlag, change the boolean check to: (ParticipantFlag.BSMD in agency_participant.flags)
+            # determine, whether the assigned agency has set the BSMD-flag to allow BSMD users to edit their assigned shipcalls
+            agency_has_bsmd_flag = assigned_agency.flags==1 # once the flags are an IntFlag, change the boolean check to: (ParticipantFlag.BSMD in agency_participant.flags)
 
             ### USER authority ###
             # determine, whether the user is a) the assigned agency or b) a BSMD participant
-            user_is_assigned_agency = (participant_id == assigned_agency.participant_id)
+            user_is_assigned_agency = (user_participant_id == assigned_agency.participant_id)
 
             # when the BSMD flag is set: the user must be either BSMD or the assigned agency
             # when the BSMD flag is not set: the user must be the assigned agency
-            user_is_authorized = (user_is_bsmd or user_is_assigned_agency) if agency_has_bsmd_flag else user_is_assigned_agency
+            user_is_authorized = (user_is_bsmd or user_is_assigned_agency) #if agency_has_bsmd_flag else user_is_assigned_agency
 
             if not user_is_authorized:
-                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). Assigned Agency: {assigned_agency} with Flags: {agency_participant.flags}") # Forbidden: 403
+                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). Assigned Agency: {assigned_agency} with Flags: {assigned_agency.flags}") # Forbidden: 403
             
         else:
             # when there is no assigned agency, only BSMD users can update the shipcall
-            user_is_authorized = user_is_bsmd
-
-            if not user_is_authorized:
+            if not user_is_bsmd:
                 raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.") # part of a pytest.raises.  Forbidden: 403
 
         return