feat: Update review user filtering

colandr/apis/resources/citation_screenings.py

@@ -300,7 +300,9 @@ def get(self, citation_id, user_id, review_id, status_counts):
                 return not_found_error(f"<Citation(id={citation_id})> not found")
             if (
                 current_user.is_admin is False
-                and citation.review.users.filter_by(id=current_user.id).one_or_none()
+                and citation.review.review_user_assoc.filter_by(
+                    user_id=current_user.id
+                ).one_or_none()
                 is None
             ):
                 return forbidden_error(
@@ -328,7 +330,10 @@ def get(self, citation_id, user_id, review_id, status_counts):
                 return not_found_error(f"<Review(id={review_id})> not found")
             if (
                 current_user.is_admin is False
-                and review.users.filter_by(id=current_user.id).one_or_none() is None
+                and review.review_user_assoc.filter_by(
+                    user_id=current_user.id
+                ).one_or_none()
+                is None
             ):
                 return forbidden_error(
                     f"{current_user} forbidden to get screenings for {review}"
@@ -412,9 +417,7 @@ def post(self, args, review_id, user_id):
                 WHERE citation_id IN ({citation_ids})
                 GROUP BY citation_id
                 ORDER BY citation_id
-                """.format(
-                citation_ids=",".join(str(cid) for cid in citation_ids)
-            )
+                """.format(citation_ids=",".join(str(cid) for cid in citation_ids))
             results = connection.execute(sa.text(query))
         studies_to_update = [
             {"id": row[0], "citation_status": assign_status(row[1], num_screeners)}

colandr/apis/resources/citations.py

@@ -63,7 +63,9 @@ def get(self, id, fields):
             return not_found_error(f"<Citation(id={id})> not found")
         if (
             current_user.is_admin is False
-            and citation.review.users.filter_by(id=current_user.id).one_or_none()
+            and citation.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
             is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this citation")
@@ -96,7 +98,9 @@ def delete(self, id):
             return not_found_error(f"<Citation(id={id})> not found")
         if (
             current_user.is_admin is False
-            and citation.review.users.filter_by(id=current_user.id).one_or_none()
+            and citation.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
             is None
         ):
             return forbidden_error(f"{current_user} forbidden to delete this citation")
@@ -131,7 +135,9 @@ def put(self, args, id):
             return not_found_error(f"<Citation(id={id})> not found")
         if (
             current_user.is_admin is False
-            and citation.review.users.filter_by(id=current_user.id).one_or_none()
+            and citation.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
             is None
         ):
             return forbidden_error(f"{current_user} forbidden to modify this citation")

colandr/apis/resources/deduplicate_studies.py

@@ -54,7 +54,10 @@ def post(self, review_id):
             return not_found_error(f"<Review(id={review_id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(
                 f"{current_user} forbidden to dedupe studies for this review"

colandr/apis/resources/exports.py

@@ -49,7 +49,10 @@ def get(self, review_id, content_type):
             return not_found_error(f"<Review(id={review_id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this review")
 
@@ -199,7 +202,10 @@ def get(self, review_id, content_type):
             return not_found_error(f"<Review(id={review_id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this review")
 

colandr/apis/resources/fulltext_screenings.py

@@ -315,7 +315,9 @@ def get(self, fulltext_id, user_id, review_id, status_counts):
                 )
             if (
                 current_user.is_admin is False
-                and fulltext.review.users.filter_by(id=current_user.id).one_or_none()
+                and fulltext.review.review_user_assoc.filter_by(
+                    user_id=current_user.id
+                ).one_or_none()
                 is None
             ):
                 return forbidden_error(
@@ -345,7 +347,10 @@ def get(self, fulltext_id, user_id, review_id, status_counts):
                 return not_found_error("<Review(id={})> not found".format(review_id))
             if (
                 current_user.is_admin is False
-                and review.users.filter_by(id=current_user.id).one_or_none() is None
+                and review.review_user_assoc.filter_by(
+                    user_id=current_user.id
+                ).one_or_none()
+                is None
             ):
                 return forbidden_error(
                     "{} forbidden to get screenings for {}".format(current_user, review)

colandr/apis/resources/fulltext_uploads.py

@@ -86,7 +86,10 @@ def get(self, id, review_id):
                 return not_found_error(f"<Review(id={review_id})> not found")
             if (
                 current_user.is_admin is False
-                and review.users.filter_by(id=current_user.id).one_or_none() is None
+                and review.review_user_assoc.filter_by(
+                    user_id=current_user.id
+                ).one_or_none()
+                is None
             ):
                 return forbidden_error(
                     f"{current_user} forbidden to get this review's fulltexts"

colandr/apis/resources/fulltexts.py

@@ -57,7 +57,9 @@ def get(self, id, fields):
             return not_found_error(f"<Fulltext(id={id})> not found")
         if (
             current_user.is_admin is False
-            and fulltext.review.users.filter_by(id=current_user.id).one_or_none()
+            and fulltext.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
             is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this fulltext")
@@ -90,7 +92,9 @@ def delete(self, id):
             return not_found_error(f"<Fulltext(id={id})> not found")
         if (
             current_user.is_admin is False
-            and fulltext.review.users.filter_by(id=current_user.id).one_or_none()
+            and fulltext.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
             is None
         ):
             return forbidden_error(f"{current_user} forbidden to delete this fulltext")

colandr/apis/resources/review_exports.py

@@ -54,7 +54,10 @@ def get(self, id):
             return not_found_error(f"<Review(id={id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this review")
         # get counts by step, i.e. prisma
@@ -160,7 +163,10 @@ def get(self, id):
             return not_found_error(f"<Review(id={id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this review")
 

colandr/apis/resources/review_plans.py

@@ -64,7 +64,10 @@ def get(self, id, fields):
             return not_found_error(f"<Review(id={id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this review plan")
         if fields and "id" not in fields:

colandr/apis/resources/review_progress.py

@@ -89,7 +89,10 @@ def get(self, id, step, user_view):
             return not_found_error(f"<Review(id={id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get review progress")
         if step in ("planning", "all"):

colandr/apis/resources/reviews.py

@@ -65,7 +65,10 @@ def get(self, id, fields):
             return not_found_error(f"<Review(id={id})> not found")
         if (
             not current_user.is_admin
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this review")
         if fields and "id" not in fields:

colandr/apis/resources/studies.py

@@ -66,7 +66,10 @@ def get(self, id, fields):
             return not_found_error(f"<Study(id={id})> not found")
         if (
             current_user.is_admin is False
-            and study.review.users.filter_by(id=current_user.id).one_or_none() is None
+            and study.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to get this study")
         if fields and "id" not in fields:
@@ -98,7 +101,10 @@ def delete(self, id):
             return not_found_error(f"<Study(id={id})> not found")
         if (
             current_user.is_admin is False
-            and study.review.users.filter_by(id=current_user.id).one_or_none() is None
+            and study.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to delete this study")
         db.session.delete(study)
@@ -132,7 +138,10 @@ def put(self, args, id):
             return not_found_error(f"<Study(id={id})> not found")
         if (
             current_user.is_admin is False
-            and study.review.users.filter_by(id=current_user.id).one_or_none() is None
+            and study.review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(f"{current_user} forbidden to modify this study")
         for key, value in args.items():

colandr/apis/resources/study_tags.py

@@ -58,7 +58,10 @@ def get(self, review_id):
             return not_found_error(f"<Review(id={review_id})> not found")
         if (
             current_user.is_admin is False
-            and review.users.filter_by(id=current_user.id).one_or_none() is None
+            and review.review_user_assoc.filter_by(
+                user_id=current_user.id
+            ).one_or_none()
+            is None
         ):
             return forbidden_error(
                 f"{current_user} forbidden to get study tags for this review"

colandr/apis/resources/users.py

@@ -208,7 +208,10 @@ def get(self, email, review_id):
                 return not_found_error(f"<Review(id={review_id})> not found")
             if (
                 current_user.is_admin is False
-                and review.users.filter_by(id=current_user.id).one_or_none() is None
+                and review.review_user_assoc.filter_by(
+                    user_id=current_user.id
+                ).one_or_none()
+                is None
             ):
                 return forbidden_error(
                     f"{current_user} forbidden to see users for this review"