Allow shipcall PUT also by PILOT

src/server/BreCal/validators/input_validation_shipcall.py

@@ -546,11 +546,13 @@ class InputValidationShipcall():
             # query = 'SELECT * FROM shipcall_participant_map where (shipcall_id = ?shipcall_id? AND type=?participant_type?)'
             # assigned_agency = execute_sql_query_standalone(query=query, model=ShipcallParticipantMap, param={"shipcall_id" : shipcall_id, "participant_type":int(ParticipantType.AGENCY)})
             assigned_agency = get_assigned_participant_of_type(shipcall_id, participant_type=ParticipantType.AGENCY)
+            assigned_pilot = get_assigned_participant_of_type(shipcall_id, participant_type=ParticipantType.PILOT)
             an_agency_is_assigned = True if assigned_agency is not None else False
 
         else:
             # Agency assigned? User must belong to the assigned agency or be a BSMD user, in case the flag is set
             assigned_agency = [spm for spm in shipcall_participant_map if int(spm.type) == int(ParticipantType.AGENCY)]
+            assigned_pilot = [spm for spm in shipcall_participant_map if int(spm.type) == int(ParticipantType.PILOT)]
             an_agency_is_assigned = len(assigned_agency)==1
 
             if len(assigned_agency)>1:
@@ -567,18 +569,19 @@ class InputValidationShipcall():
             ### USER authority ###
             # determine, whether the user is a) the assigned agency or b) a BSMD participant
             user_is_assigned_agency = (user_participant_id == assigned_agency.id)
+            user_is_assigned_pilot = (user_participant_id == assigned_pilot.id)
 
             # when the BSMD flag is set: the user must be either BSMD or the assigned agency
             # when the BSMD flag is not set: the user must be the assigned agency
-            user_is_authorized = (user_is_bsmd or user_is_assigned_agency) #if agency_has_bsmd_flag else user_is_assigned_agency
+            user_is_authorized = (user_is_bsmd or user_is_assigned_agency or user_is_assigned_pilot) #if agency_has_bsmd_flag else user_is_assigned_agency
 
             if not user_is_authorized:
-                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). Assigned Agency: {assigned_agency} with Flags: {assigned_agency.flags}") # Forbidden: 403
+                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY / BSMD / PILOT (if the special-flag is enabled). Assigned Agency: {assigned_agency} with Flags: {assigned_agency.flags}") # Forbidden: 403
 
         else:
             # when there is no assigned agency, only BSMD users can update the shipcall
             if not user_is_bsmd:
-                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.") # part of a pytest.raises.  Forbidden: 403
+                raise werkzeug.exceptions.Forbidden(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY / BSMD / PILOT users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.") # part of a pytest.raises.  Forbidden: 403
 
         return
 

src/server/tests/validators/test_input_validation_shipcall.py

@@ -637,7 +637,7 @@ def test_shipcall_put_request_fails_when_different_participant_id_is_assigned(ge
 
     # agency with different participant id is assigned
     ivs = InputValidationShipcall()
-    with pytest.raises(werkzeug.exceptions.Forbidden, match=f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users"):
+    with pytest.raises(werkzeug.exceptions.Forbidden, match=f"PUT Requests for shipcalls can only be issued by an assigned AGENCY BSMD PILOT users"):
         ivs.check_user_is_authorized_for_put_request(user_data, loadedModel, content, spm_shipcall_data)
     return
 
@@ -706,7 +706,7 @@ def test_shipcall_put_request_fails_when_no_agency_is_assigned(get_shipcall_id_a
     # no agency assigned
     ivs = InputValidationShipcall()
 
-    with pytest.raises(werkzeug.exceptions.Forbidden, match=re.escape(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.")):
+    with pytest.raises(werkzeug.exceptions.Forbidden, match=re.escape(f"PUT Requests for shipcalls can only be issued by an assigned AGENCY BSMD PILOT users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.")):
         ivs.check_user_is_authorized_for_put_request(user_data, loadedModel, content, spm_shipcall_data)
     return
 
@@ -738,7 +738,7 @@ def test_shipcall_put_request_fails_when_user_is_not_authorized(get_shipcall_id_
 
     # current user is not authorized
     ivs = InputValidationShipcall()
-    with pytest.raises(werkzeug.exceptions.Forbidden, match=f"PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users"):
+    with pytest.raises(werkzeug.exceptions.Forbidden, match=f"PUT Requests for shipcalls can only be issued by an assigned AGENCY BSMD PILOT users"):
         ivs.check_user_is_authorized_for_put_request(user_data, loadedModel, content, spm_shipcall_data)
     return
 
@@ -769,7 +769,7 @@ def test_shipcall_put_request_fails_when_user_tries_self_assignment(get_shipcall
 
     # self-assignment. User is participant 6, and wants to assign participant 6.
     ivs = InputValidationShipcall()
-    with pytest.raises(werkzeug.exceptions.Forbidden, match=re.escape("PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.")):
+    with pytest.raises(werkzeug.exceptions.Forbidden, match=re.escape("PUT Requests for shipcalls can only be issued by an assigned AGENCY BSMD PILOT users (if the special-flag is enabled). There is no assigned agency yet, so only BSMD users can change datasets.")):
         # previous error message: An agency cannot self-register for a shipcall. The request is issued by an agency-user and tries to assign an AGENCY as the participant of the shipcall.""
         # however, self-assignment is no longer possible, because the SPM is verified beforehand.
         ivs.check_user_is_authorized_for_put_request(user_data, loadedModel, content, spm_shipcall_data)
@@ -846,7 +846,7 @@ def test_shipcall_put_request_fails_input_validation_shipcall_when_shipcall_is_c
     assert user.participant_id == 4
 
     #### verification should fail, because participant_id 4 is ParticipantType.PILOT (neither an assigned agency, nor bsmd)
-    with pytest.raises(werkzeug.exceptions.Forbidden, match="PUT Requests for shipcalls can only be issued by an assigned AGENCY or BSMD user"):
+    with pytest.raises(werkzeug.exceptions.Forbidden, match="PUT Requests for shipcalls can only be issued by an assigned AGENCY BSMD PILOT user"):
         InputValidationShipcall.evaluate_put_data(user_data, loadedModel, content)
 
     ### PASSES: