regardless of the BSMD flag, BSMD users are now able to perform shipcall PUT-requests

2024-10-14 12:20:32 +02:00 · 2024-10-14 12:20:32 +02:00 · cb392af7c7
commit cb392af7c7
parent 5e50e09966
1 changed files with 22 additions and 22 deletions
--- a/src/server/BreCal/validators/input_validation_shipcall.py
+++ b/src/server/BreCal/validators/input_validation_shipcall.py
@ -12,6 +12,7 @@ from BreCal.impl.berths import GetBerths

 from BreCal.database.enums import ParticipantType, ParticipantFlag
 from BreCal.validators.input_validation_utils import check_if_user_is_bsmd_type, check_if_ship_id_is_valid, check_if_berth_id_is_valid, check_if_participant_ids_are_valid, check_if_participant_ids_and_types_are_valid, get_shipcall_id_dictionary, get_participant_type_from_user_data
+from BreCal.database.sql_handler import get_assigned_participant_of_type
 from BreCal.database.sql_handler import execute_sql_query_standalone
 from BreCal.validators.validation_base_utils import check_if_int_is_valid_flag
 from BreCal.validators.validation_base_utils import check_if_string_has_special_characters
@ -482,12 +483,12 @@ class InputValidationShipcall():
            a) belong to the ASSIGNED agency participant group
            b) belong to a BSMD participant, if the assigned agency has enabled the bit flag

-        When there is not yet an assigned agency for the respective shipcall, the request fails, and the user is considered as not authorized. 
+        When there is not yet an assigned agency for the respective shipcall, only BSMD users are authorized. 
        This mechanism prevents self-assignment of an agency to arbitrary shipcalls. 
        """
        ### preparation ###
        # use the decoded JWT token and extract the participant type & participant id
-        participant_id = user_data.get("participant_id")
+        user_participant_id = user_data.get("participant_id")
        participant_type = get_participant_type_from_user_data(user_data)
        user_is_bsmd = (ParticipantType.BSMD in participant_type)

@ -497,42 +498,41 @@ class InputValidationShipcall():
        ### AGENCY in SPM ###
        # determine, who is assigned as the agency for the shipcall
        if shipcall_participant_map is None:
-            query = 'SELECT * FROM shipcall_participant_map where (shipcall_id = ?shipcall_id? AND type=?participant_type?)'
-            assigned_agency = execute_sql_query_standalone(query=query, model=ShipcallParticipantMap, param={"shipcall_id" : shipcall_id, "participant_type":int(ParticipantType.AGENCY)})
+            # query = 'SELECT * FROM shipcall_participant_map where (shipcall_id = ?shipcall_id? AND type=?participant_type?)'
+            # assigned_agency = execute_sql_query_standalone(query=query, model=ShipcallParticipantMap, param={"shipcall_id" : shipcall_id, "participant_type":int(ParticipantType.AGENCY)})
+            assigned_agency = get_assigned_participant_of_type(shipcall_id, participant_type=ParticipantType.AGENCY)
+            an_agency_is_assigned = True if assigned_agency is not None else False
+
        else:
-            assigned_agency = [spm for spm in shipcall_participant_map if int(spm.type) == int(ParticipantType.AGENCY)]
-
-        an_agency_is_assigned = len(assigned_agency)==1
-        if len(assigned_agency)>1:
-            raise ValidationError({"internal_error":f"Internal error? Found more than one assigned agency for the shipcall with ID {shipcall_id}. Found: {assigned_agency}"})
-
-        if an_agency_is_assigned:
            # Agency assigned? User must belong to the assigned agency or be a BSMD user, in case the flag is set
+            assigned_agency = [spm for spm in shipcall_participant_map if int(spm.type) == int(ParticipantType.AGENCY)]
+            an_agency_is_assigned = len(assigned_agency)==1
+
+            if len(assigned_agency)>1:
+                raise ValidationError({"internal_error":f"Internal error? Found more than one assigned agency for the shipcall with ID {shipcall_id}. Found: {assigned_agency}"})
            assigned_agency = assigned_agency[0]

-            # determine, whether the assigned agency has set the BSMD-flag to allow BSMD users to edit their assigned shipcalls
-            query = 'SELECT * FROM participant where (id = ?participant_id?)'
-            agency_participant = execute_sql_query_standalone(query=query, param={"participant_id" : assigned_agency.participant_id}, command_type="single", model=Participant)
+        if an_agency_is_assigned:
+            assert isinstance(assigned_agency, Participant), f"expecting the assigency agency to be a Participant object. Found: {type(assigned_agency)}"
+            assert isinstance(assigned_agency.flags, int), f"this method has currently only been developed with 'flags' being set as an integer. Found: {type(assigned_agency.flags)}"

-            assert isinstance(agency_participant.flags, int), f"this method has currently only been developed with 'flags' being set as an integer. Found: {type(agency_participant.flags)}"
-            agency_has_bsmd_flag = agency_participant.flags==1 # once the flags are an IntFlag, change the boolean check to: (ParticipantFlag.BSMD in agency_participant.flags)
+            # determine, whether the assigned agency has set the BSMD-flag to allow BSMD users to edit their assigned shipcalls
+            agency_has_bsmd_flag = assigned_agency.flags==1 # once the flags are an IntFlag, change the boolean check to: (ParticipantFlag.BSMD in agency_participant.flags)

            ### USER authority ###
            # determine, whether the user is a) the assigned agency or b) a BSMD participant
-            user_is_assigned_agency = (participant_id == assigned_agency.participant_id)
+            user_is_assigned_agency = (user_participant_id == assigned_agency.participant_id)

            # when the BSMD flag is set: the user must be either BSMD or the assigned agency
            # when the BSMD flag is not set: the user must be the assigned agency
-            user_is_authorized = (user_is_bsmd or user_is_assigned_agency) if agency_has_bsmd_flag else user_is_assigned_agency
+            user_is_authorized = (user_is_bsmd or user_is_assigned_agency) #if agency_has_bsmd_flag else user_is_assigned_agency

            if not user_is_authorized:
-                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). Assigned Agency: {assigned_agency} with Flags: {agency_participant.flags}") # Forbidden: 403
+                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). Assigned Agency: {assigned_agency} with Flags: {assigned_agency.flags}") # Forbidden: 403
            
        else:
            # when there is no assigned agency, only BSMD users can update the shipcall
-            user_is_authorized = user_is_bsmd
-
-            if not user_is_authorized:
+            if not user_is_bsmd:
                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.") # part of a pytest.raises.  Forbidden: 403

        return