check wallet permission on project open

matusdrobuliak66 · matusdrobuliak66 · commit 1719634298b5 · 2025-09-26T11:20:56.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/projects/_controller/projects_states_rest.py b/services/web/server/src/simcore_service_webserver/projects/_controller/projects_states_rest.py
@@ -92,16 +92,12 @@ async def open_project(request: web.Request) -> web.Response:
         )
 
         # Check if projects wallet is not in debt
-        await projects_wallets_service.check_project_financial_status(
+        await projects_wallets_service.check_project_financial_status_and_wallet_access(
             request.app,
             project_id=path_params.project_id,
+            user_id=req_ctx.user_id,
             product_name=req_ctx.product_name,
         )
-        # Check if user has access to a project wallet (Useful for simultaneous access to project by different users)
-        project_wallet = await projects_wallets_service.get_project_wallet(
-            request.app,
-            project_id=path_params.project_id,
-        )
 
         product: Product = products_web.get_current_product(request)
         app_settings = get_application_settings(request.app)
diff --git a/services/web/server/src/simcore_service_webserver/projects/_wallets_service.py b/services/web/server/src/simcore_service_webserver/projects/_wallets_service.py
@@ -36,15 +36,23 @@ async def get_project_wallet(app, project_id: ProjectID) -> WalletGet | None:
     return wallet
 
 
-async def check_project_financial_status(
-    app, *, project_id: ProjectID, product_name: ProductName
+async def check_project_financial_status_and_wallet_access(
+    app, *, project_id: ProjectID, user_id: UserID, product_name: ProductName
 ):
     db: ProjectDBAPI = ProjectDBAPI.get_from_app_context(app)
 
     current_project_wallet = await db.get_project_wallet(project_uuid=project_id)
     rpc_client = get_rabbitmq_rpc_client(app)
 
     if current_project_wallet:
+        # ensure the wallet can be used by the user
+        await wallets_service.get_wallet_by_user(
+            app,
+            user_id=user_id,
+            wallet_id=current_project_wallet.wallet_id,
+            product_name=product_name,
+        )
+
         # Do not allow to open project if the project connected wallet is in DEBT!
         project_wallet_credits_in_debt = (
             await credit_transactions.get_project_wallet_total_credits(
diff --git a/services/web/server/src/simcore_service_webserver/projects/projects_wallets_service.py b/services/web/server/src/simcore_service_webserver/projects/projects_wallets_service.py
@@ -1,11 +1,11 @@
 from ._wallets_service import (
-    check_project_financial_status,
+    check_project_financial_status_and_wallet_access,
     connect_wallet_to_project,
     get_project_wallet,
 )
 
 __all__: tuple[str, ...] = (
-    "check_project_financial_status",
+    "check_project_financial_status_and_wallet_access",
     "connect_wallet_to_project",
     "get_project_wallet",
 )

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`from ._wallets_service import (`
`2`		`- check_project_financial_status,`
	`2`	`+ check_project_financial_status_and_wallet_access,`
`3`	`3`	`connect_wallet_to_project,`
`4`	`4`	`get_project_wallet,`
`5`	`5`	`)`
`6`	`6`
`7`	`7`	`__all__: tuple[str, ...] = (`
`8`		`- "check_project_financial_status",`
	`8`	`+ "check_project_financial_status_and_wallet_access",`
`9`	`9`	`"connect_wallet_to_project",`
`10`	`10`	`"get_project_wallet",`
`11`	`11`	`)`