fix sonar

pcrespov · pcrespov · commit 84624e666c92 · 2025-03-24T16:04:09.000+01:00
diff --git a/services/web/server/src/simcore_service_webserver/projects/_folders_service.py b/services/web/server/src/simcore_service_webserver/projects/_folders_service.py
@@ -43,21 +43,25 @@ async def move_project_into_folder(
             )
         workspace_is_private = False
 
+    private_workspace_user_id_or_none: UserID | None = (
+        user_id if workspace_is_private else None
+    )
+
     if folder_id:
         # Check user has access to folder
         await folders_folders_repository.get_for_user_or_workspace(
             app,
             folder_id=folder_id,
             product_name=product_name,
-            user_id=user_id if workspace_is_private else None,
+            user_id=private_workspace_user_id_or_none,
             workspace_id=project_db.workspace_id,
         )
 
     # Move project to folder
     prj_to_folder_db = await _folders_repository.get_project_to_folder(
         app,
         project_id=project_id,
-        private_workspace_user_id_or_none=user_id if workspace_is_private else None,
+        private_workspace_user_id_or_none=private_workspace_user_id_or_none,
     )
     if prj_to_folder_db is None:
         if folder_id is None:
@@ -66,23 +70,21 @@ async def move_project_into_folder(
             app,
             project_id=project_id,
             folder_id=folder_id,
-            private_workspace_user_id_or_none=user_id if workspace_is_private else None,
+            private_workspace_user_id_or_none=private_workspace_user_id_or_none,
         )
     else:
         # Delete old
         await _folders_repository.delete_project_to_folder(
             app,
             project_id=project_id,
             folder_id=prj_to_folder_db.folder_id,
-            private_workspace_user_id_or_none=user_id if workspace_is_private else None,
+            private_workspace_user_id_or_none=private_workspace_user_id_or_none,
         )
         # Create new
         if folder_id is not None:
             await _folders_repository.insert_project_to_folder(
                 app,
                 project_id=project_id,
                 folder_id=folder_id,
-                private_workspace_user_id_or_none=(
-                    user_id if workspace_is_private else None
-                ),
+                private_workspace_user_id_or_none=private_workspace_user_id_or_none,
             )
diff --git a/services/web/server/src/simcore_service_webserver/projects/_projects_service.py b/services/web/server/src/simcore_service_webserver/projects/_projects_service.py
@@ -210,7 +210,10 @@ async def get_project_for_user(
     # adds state if it is not a template
     if include_state:
         project = await add_project_states_for_user(
-            user_id, project, project_type is ProjectType.TEMPLATE, app
+            user_id=user_id,
+            project=project,
+            is_template=project_type is ProjectType.TEMPLATE,
+            app=app,
         )
 
     # adds `trashed_by_primary_gid`
@@ -1550,7 +1553,6 @@ async def get_project_states_for_user(
     user_id: int, project_uuid: str, app: web.Application
 ) -> ProjectState:
     # for templates: the project is never locked and never opened. also the running state is always unknown
-    lock_state = ProjectLocked(value=False, status=ProjectStatus.CLOSED)
     running_state = RunningState.UNKNOWN
     lock_state, computation_task = await logged_gather(
         _get_project_lock_state(user_id, project_uuid, app),
@@ -1566,6 +1568,7 @@ async def get_project_states_for_user(
 
 
 async def add_project_states_for_user(
+    *,
     user_id: int,
     project: ProjectDict,
     is_template: bool,
diff --git a/services/web/server/src/simcore_service_webserver/projects/_security_service.py b/services/web/server/src/simcore_service_webserver/projects/_security_service.py
@@ -34,17 +34,13 @@ async def _can_update_node_inputs(context):
 
     diffs = jsondiff.diff(current_project, updated_project)
 
-    # TODO: depends on schema. Shall change if schema changes!?
     if "workbench" in diffs:
         try:
             for node in diffs["workbench"]:
                 # can ONLY modify `inputs` fields set as ReadAndWrite
                 access = current_project["workbench"][node]["inputAccess"]
                 inputs = diffs["workbench"][node]["inputs"]
-                for key in inputs:
-                    if access.get(key) != "ReadAndWrite":
-                        return False
-                return True
+                return all(access.get(key) == "ReadAndWrite" for key in inputs)
         except KeyError:
             pass
         return False
@@ -58,7 +54,6 @@ def setup_projects_access(app: web.Application):
     """
     hrba = get_access_model(app)
 
-    # TODO: add here also named permissions, i.e. all project.* operations
     hrba.roles[UserRole.GUEST].check[
         "project.workbench.node.inputs.update"
     ] = _can_update_node_inputs
