♻️ Refactor service ownership and rights evaluation to include product name parameter

pcrespov · pcrespov · commit f2bb780c0ae4 · 2025-05-30T11:42:00.000+02:00
diff --git a/services/catalog/src/simcore_service_catalog/core/background_tasks.py b/services/catalog/src/simcore_service_catalog/core/background_tasks.py
@@ -77,7 +77,9 @@ def _by_version(t: tuple[ServiceKey, ServiceVersion]) -> Version:
                 owner_gid,
                 service_access_rights,
             ) = await access_rights.evaluate_service_ownership_and_rights(
-                app, service_metadata
+                app,
+                service=service_metadata,
+                product_name=app.state.default_product_name,
             )
 
             # AUTO-UPGRADE PATCH policy
diff --git a/services/catalog/src/simcore_service_catalog/service/access_rights.py b/services/catalog/src/simcore_service_catalog/service/access_rights.py
@@ -9,6 +9,7 @@
 import arrow
 from fastapi import FastAPI
 from models_library.groups import GroupID
+from models_library.products import ProductName
 from models_library.services import ServiceMetaDataPublished
 from models_library.services_types import ServiceKey, ServiceVersion
 from packaging.version import Version
@@ -48,7 +49,7 @@ async def _is_old_service(app: FastAPI, service: ServiceMetaDataPublished) -> bo
 
 
 async def evaluate_service_ownership_and_rights(
-    app: FastAPI, service: ServiceMetaDataPublished
+    app: FastAPI, *, service: ServiceMetaDataPublished, product_name: ProductName
 ) -> tuple[GroupID | None, list[ServiceAccessRightsDB]]:
     """Evaluates the owner (group_id) and the access rights for a service
 
@@ -114,7 +115,7 @@ async def evaluate_service_ownership_and_rights(
             write_access=(
                 gid == owner_gid
             ),  # we add the owner with full rights, unless it's everyone
-            product_name=app.state.default_product_name,
+            product_name=product_name,
         )
         for gid in set(group_ids)
     ]
@@ -191,7 +192,7 @@ async def inherit_from_previous_release(
         return inherited_data
 
     # 1. ACCESS-RIGHTS:
-    #    Inherit access rights
+    #    Inherit access rights (from all products) from the previous release
     previous_access_rights = await services_repo.get_service_access_rights(
         previous_release.key, previous_release.version
     )
diff --git a/services/catalog/tests/unit/with_dbs/test_service_access_rights.py b/services/catalog/tests/unit/with_dbs/test_service_access_rights.py
@@ -123,6 +123,7 @@ async def test_auto_upgrade_policy(
     new_service_metadata.version = TypeAdapter(ServiceVersion).validate_python("1.0.11")
     new_service_metadata.icon = None  # Remove icon to test inheritance
 
+    # latest-release
     latest_release_service, *latest_release_service_access_rights = (
         create_fake_service_data(
             new_service_metadata.key,
@@ -133,6 +134,23 @@ async def test_auto_upgrade_policy(
         )
     )
     latest_release_service["icon"] = "https://foo/previous_icon.svg"
+    latest_release = (latest_release_service, *latest_release_service_access_rights)
+
+    # latest-release in other product
+    _, *latest_release_service_access_rights_in_other_product = (
+        create_fake_service_data(
+            new_service_metadata.key,
+            latest_release_service["version"],
+            team_access="x",
+            everyone_access=None,
+            product=other_product,  # <-- different product
+        ),
+    )
+
+    latest_release_in_other_product = (
+        latest_release_service,
+        *latest_release_service_access_rights_in_other_product,  # <-- different product
+    )
 
     # we have three versions of the service in the database for which the sorting matters: (1.0.11 should inherit from 1.0.10 not 1.0.9)
     await services_db_tables_injector(
@@ -153,7 +171,8 @@ async def test_auto_upgrade_policy(
             ),
             # new release is a patch on released 1.0.X
             # which were released in two different product
-            (latest_release_service, *latest_release_service_access_rights),
+            latest_release,
+            latest_release_in_other_product,
         ]
     )
 
@@ -168,7 +187,7 @@ async def test_auto_upgrade_policy(
 
     # DEFAULT policies
     owner_gid, service_access_rights = await evaluate_service_ownership_and_rights(
-        app, new_service_metadata
+        app, service=new_service_metadata, product_name=target_product
     )
     assert owner_gid == user_gid
     assert len(service_access_rights) == 1
