diff --git a/colandr/apis/resources/citation_screenings.py b/colandr/apis/resources/citation_screenings.py index 2b81b44b..657797f4 100644 --- a/colandr/apis/resources/citation_screenings.py +++ b/colandr/apis/resources/citation_screenings.py @@ -300,7 +300,9 @@ def get(self, citation_id, user_id, review_id, status_counts): return not_found_error(f" not found") if ( current_user.is_admin is False - and citation.review.users.filter_by(id=current_user.id).one_or_none() + and citation.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error( @@ -328,7 +330,10 @@ def get(self, citation_id, user_id, review_id, status_counts): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error( f"{current_user} forbidden to get screenings for {review}" @@ -412,9 +417,7 @@ def post(self, args, review_id, user_id): WHERE citation_id IN ({citation_ids}) GROUP BY citation_id ORDER BY citation_id - """.format( - citation_ids=",".join(str(cid) for cid in citation_ids) - ) + """.format(citation_ids=",".join(str(cid) for cid in citation_ids)) results = connection.execute(sa.text(query)) studies_to_update = [ {"id": row[0], "citation_status": assign_status(row[1], num_screeners)} diff --git a/colandr/apis/resources/citations.py b/colandr/apis/resources/citations.py index 2ced6707..c2390b63 100644 --- a/colandr/apis/resources/citations.py +++ b/colandr/apis/resources/citations.py @@ -63,7 +63,9 @@ def get(self, id, fields): return not_found_error(f" not found") if ( current_user.is_admin is False - and citation.review.users.filter_by(id=current_user.id).one_or_none() + and citation.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error(f"{current_user} forbidden to get this citation") @@ -96,7 +98,9 @@ def delete(self, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and citation.review.users.filter_by(id=current_user.id).one_or_none() + and citation.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error(f"{current_user} forbidden to delete this citation") @@ -131,7 +135,9 @@ def put(self, args, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and citation.review.users.filter_by(id=current_user.id).one_or_none() + and citation.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error(f"{current_user} forbidden to modify this citation") diff --git a/colandr/apis/resources/deduplicate_studies.py b/colandr/apis/resources/deduplicate_studies.py index a1796ea4..6b9df9b3 100644 --- a/colandr/apis/resources/deduplicate_studies.py +++ b/colandr/apis/resources/deduplicate_studies.py @@ -54,7 +54,10 @@ def post(self, review_id): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error( f"{current_user} forbidden to dedupe studies for this review" diff --git a/colandr/apis/resources/exports.py b/colandr/apis/resources/exports.py index 1664f0a3..e7bc2ec6 100644 --- a/colandr/apis/resources/exports.py +++ b/colandr/apis/resources/exports.py @@ -49,7 +49,10 @@ def get(self, review_id, content_type): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this review") @@ -199,7 +202,10 @@ def get(self, review_id, content_type): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this review") diff --git a/colandr/apis/resources/fulltext_screenings.py b/colandr/apis/resources/fulltext_screenings.py index 7b26f85b..81abec96 100644 --- a/colandr/apis/resources/fulltext_screenings.py +++ b/colandr/apis/resources/fulltext_screenings.py @@ -315,7 +315,9 @@ def get(self, fulltext_id, user_id, review_id, status_counts): ) if ( current_user.is_admin is False - and fulltext.review.users.filter_by(id=current_user.id).one_or_none() + and fulltext.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error( @@ -345,7 +347,10 @@ def get(self, fulltext_id, user_id, review_id, status_counts): return not_found_error(" not found".format(review_id)) if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error( "{} forbidden to get screenings for {}".format(current_user, review) diff --git a/colandr/apis/resources/fulltext_uploads.py b/colandr/apis/resources/fulltext_uploads.py index f2a69bea..12d6dd42 100644 --- a/colandr/apis/resources/fulltext_uploads.py +++ b/colandr/apis/resources/fulltext_uploads.py @@ -86,7 +86,10 @@ def get(self, id, review_id): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error( f"{current_user} forbidden to get this review's fulltexts" diff --git a/colandr/apis/resources/fulltexts.py b/colandr/apis/resources/fulltexts.py index c15033e3..d09c767b 100644 --- a/colandr/apis/resources/fulltexts.py +++ b/colandr/apis/resources/fulltexts.py @@ -57,7 +57,9 @@ def get(self, id, fields): return not_found_error(f" not found") if ( current_user.is_admin is False - and fulltext.review.users.filter_by(id=current_user.id).one_or_none() + and fulltext.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error(f"{current_user} forbidden to get this fulltext") @@ -90,7 +92,9 @@ def delete(self, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and fulltext.review.users.filter_by(id=current_user.id).one_or_none() + and fulltext.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() is None ): return forbidden_error(f"{current_user} forbidden to delete this fulltext") diff --git a/colandr/apis/resources/review_exports.py b/colandr/apis/resources/review_exports.py index 98855a6c..c30d5a48 100644 --- a/colandr/apis/resources/review_exports.py +++ b/colandr/apis/resources/review_exports.py @@ -54,7 +54,10 @@ def get(self, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this review") # get counts by step, i.e. prisma @@ -160,7 +163,10 @@ def get(self, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this review") diff --git a/colandr/apis/resources/review_plans.py b/colandr/apis/resources/review_plans.py index ab54907c..fdbcd02b 100644 --- a/colandr/apis/resources/review_plans.py +++ b/colandr/apis/resources/review_plans.py @@ -64,7 +64,10 @@ def get(self, id, fields): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this review plan") if fields and "id" not in fields: diff --git a/colandr/apis/resources/review_progress.py b/colandr/apis/resources/review_progress.py index 220be362..aa84224a 100644 --- a/colandr/apis/resources/review_progress.py +++ b/colandr/apis/resources/review_progress.py @@ -89,7 +89,10 @@ def get(self, id, step, user_view): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get review progress") if step in ("planning", "all"): diff --git a/colandr/apis/resources/reviews.py b/colandr/apis/resources/reviews.py index 9c3470bd..305272de 100644 --- a/colandr/apis/resources/reviews.py +++ b/colandr/apis/resources/reviews.py @@ -65,7 +65,10 @@ def get(self, id, fields): return not_found_error(f" not found") if ( not current_user.is_admin - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this review") if fields and "id" not in fields: diff --git a/colandr/apis/resources/studies.py b/colandr/apis/resources/studies.py index 8314ca3d..8222c774 100644 --- a/colandr/apis/resources/studies.py +++ b/colandr/apis/resources/studies.py @@ -66,7 +66,10 @@ def get(self, id, fields): return not_found_error(f" not found") if ( current_user.is_admin is False - and study.review.users.filter_by(id=current_user.id).one_or_none() is None + and study.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to get this study") if fields and "id" not in fields: @@ -98,7 +101,10 @@ def delete(self, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and study.review.users.filter_by(id=current_user.id).one_or_none() is None + and study.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to delete this study") db.session.delete(study) @@ -132,7 +138,10 @@ def put(self, args, id): return not_found_error(f" not found") if ( current_user.is_admin is False - and study.review.users.filter_by(id=current_user.id).one_or_none() is None + and study.review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error(f"{current_user} forbidden to modify this study") for key, value in args.items(): diff --git a/colandr/apis/resources/study_tags.py b/colandr/apis/resources/study_tags.py index affa9c5a..d53b016a 100644 --- a/colandr/apis/resources/study_tags.py +++ b/colandr/apis/resources/study_tags.py @@ -58,7 +58,10 @@ def get(self, review_id): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error( f"{current_user} forbidden to get study tags for this review" diff --git a/colandr/apis/resources/users.py b/colandr/apis/resources/users.py index c2ea189c..9893a8c9 100644 --- a/colandr/apis/resources/users.py +++ b/colandr/apis/resources/users.py @@ -208,7 +208,10 @@ def get(self, email, review_id): return not_found_error(f" not found") if ( current_user.is_admin is False - and review.users.filter_by(id=current_user.id).one_or_none() is None + and review.review_user_assoc.filter_by( + user_id=current_user.id + ).one_or_none() + is None ): return forbidden_error( f"{current_user} forbidden to see users for this review"