fixes repeated matches

Author: pcrespov

packages/postgres-database/src/simcore_postgres_database/utils_tags.py

@@ -7,7 +7,7 @@
 
 from .utils_repos import pass_or_acquire_connection, transaction_context
 from .utils_tags_sql import (
-    count_users_with_access_rights_stmt,
+    count_users_with_given_access_rights_stmt,
     create_tag_stmt,
     delete_tag_stmt,
     get_tag_stmt,
@@ -67,7 +67,7 @@ async def access_count(
         Returns >0 if it does and represents the number of groups granting this access to the user
         """
         async with pass_or_acquire_connection(self.engine, connection) as conn:
-            count_stmt = count_users_with_access_rights_stmt(
+            count_stmt = count_users_with_given_access_rights_stmt(
                 user_id=user_id, tag_id=tag_id, read=read, write=write, delete=delete
             )
             permissions_count: int | None = await conn.scalar(count_stmt)
@@ -89,6 +89,7 @@ async def create(
         write: bool = True,
         delete: bool = True,
     ) -> TagDict:
+        """Creates tag and defaults to full access rights to `user_id`"""
         values = {
             "name": name,
             "color": color,
@@ -220,3 +221,38 @@ async def delete(
             if not deleted:
                 msg = f"Could not delete {tag_id=}. Not found or insuficient access."
                 raise TagOperationNotAllowedError(msg)
+
+    #
+    # ACCESS RIGHTS
+    #
+
+    async def create_access_rights(
+        self,
+        connection: AsyncConnection | None = None,
+        *,
+        user_id: int,
+        tag_id: int,
+        group_id: int,
+        read: bool,
+        write: bool,
+        delete: bool,
+    ):
+        ...
+
+    async def update_access_rights(
+        self,
+        connection: AsyncConnection | None = None,
+        *,
+        user_id: int,
+        tag_id: int,
+        group_id: int,
+        read: bool,
+        write: bool,
+        delete: bool,
+    ):
+        ...
+
+    async def delete_access_rights(
+        self, connection: AsyncConnection | None = None, *, user_id: int, tag_id: int
+    ):
+        ...

packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py

@@ -23,9 +23,6 @@
 ]
 
 
-_COLUMNS = _TAG_COLUMNS + _ACCESS_RIGHTS_COLUMNS
-
-
 def _join_user_groups_tag(*, access_condition, tag_id: int, user_id: int):
     return user_to_groups.join(
         tags_access_rights,
@@ -57,24 +54,31 @@ def get_tag_stmt(
     user_id: int,
     tag_id: int,
 ):
-    return sa.select(*_COLUMNS).select_from(
+    return sa.select(*_TAG_COLUMNS, *_ACCESS_RIGHTS_COLUMNS).select_from(
         _join_user_to_given_tag(
             access_condition=tags_access_rights.c.read.is_(True),
-            tag_id=tag_id,
+            tag_id=tag_id,  # makes it unique result or None
             user_id=user_id,
         )
     )
 
 
 def list_tags_stmt(*, user_id: int):
     return (
-        sa.select(*_COLUMNS)
+        sa.select(
+            *_TAG_COLUMNS,
+            # MOST permisive aggregation of access-rights
+            sa.func.bool_or(tags_access_rights.c.read).label("read"),
+            sa.func.bool_or(tags_access_rights.c.write).label("write"),
+            sa.func.bool_or(tags_access_rights.c.delete).label("delete")
+        )
         .select_from(
             _join_user_to_tags(
                 access_condition=tags_access_rights.c.read.is_(True),
                 user_id=user_id,
             )
         )
+        .group_by(tags.c.id)  # makes it tag.id uniqueness
         .order_by(tags.c.id)
     )
 
@@ -83,7 +87,7 @@ def create_tag_stmt(**values):
     return tags.insert().values(**values).returning(*_TAG_COLUMNS)
 
 
-def count_users_with_access_rights_stmt(
+def count_users_with_given_access_rights_stmt(
     *,
     user_id: int,
     tag_id: int,
@@ -92,7 +96,7 @@ def count_users_with_access_rights_stmt(
     delete: bool | None
 ):
     """
-    How many users are given these access permissions
+    How many users are given EXACTLY these access permissions
     """
     access = []
     if read is not None:
@@ -146,7 +150,7 @@ def update_tag_stmt(*, user_id: int, tag_id: int, **updates):
             & (user_to_groups.c.uid == user_id)
         )
         .values(**updates)
-        .returning(*_COLUMNS)
+        .returning(*_TAG_COLUMNS, *_ACCESS_RIGHTS_COLUMNS)
     )
 
 
@@ -166,6 +170,11 @@ def delete_tag_stmt(*, user_id: int, tag_id: int):
     )
 
 
+#
+# PROJECT TAGS
+#
+
+
 def get_tags_for_project_stmt(*, project_index: int):
     return sa.select(projects_tags.c.tag_id).where(
         projects_tags.c.project_id == project_index
@@ -183,6 +192,11 @@ def add_tag_to_project_stmt(*, project_index: int, tag_id: int):
     )
 
 
+#
+# SERVICE TAGS
+#
+
+
 def get_tags_for_services_stmt(*, key: str, version: str):
     return sa.select(services_tags.c.tag_id).where(
         (services_tags.c.service_key == key)

packages/postgres-database/tests/test_utils_tags.py

@@ -27,6 +27,7 @@
     get_tag_stmt,
     get_tags_for_project_stmt,
     get_tags_for_services_stmt,
+    list_tags_stmt,
     set_tag_access_rights_stmt,
     update_tag_stmt,
 )
@@ -436,6 +437,49 @@ async def test_tags_repo_list_and_get(
     )
 
 
+async def test_tags_repo_uniquely_list_shared_tags(
+    asyncpg_engine: AsyncEngine,
+    connection: SAConnection,
+    user: RowProxy,
+    group: RowProxy,
+):
+    conn = connection
+    tags_repo = TagsRepo(asyncpg_engine)
+
+    # (setup): create a tag and share with group
+    expected_tag_id = await create_tag(
+        conn,
+        name="T1",
+        description=f"tag for {user.id}",
+        color="blue",
+        group_id=user.primary_gid,
+        read=True,
+        write=False,  # <-- cannot write
+        delete=True,
+    )
+    await create_tag_access(
+        conn,
+        tag_id=expected_tag_id,
+        group_id=group.gid,
+        read=True,
+        write=True,  # < -- group can write
+        delete=False,
+    )
+
+    # (check) can read
+    got = await tags_repo.get(user_id=user.id, tag_id=expected_tag_id)
+    assert got
+    assert got["write"] is False
+
+    user_tags = await tags_repo.list_all(user_id=user.id)
+    assert len(user_tags) == 1
+    # checks that the agregattion is the MOST permisive
+    assert user_tags[0]["id"] == expected_tag_id
+    assert user_tags[0]["read"] is True
+    assert user_tags[0]["write"] is True
+    assert user_tags[0]["delete"] is True
+
+
 async def test_tags_repo_update(
     asyncpg_engine: AsyncEngine,
     connection: SAConnection,
@@ -619,6 +663,11 @@ def _check(func_smt, **kwargs):
     service_key = "simcore/services/comp/isolve"
     service_version = "2.0.85"
 
+    _check(
+        list_tags_stmt,
+        user_id=user_id,
+    )
+
     _check(
         get_tag_stmt,
         user_id=user_id,