ITISFoundation · pcrespov · Sep 9, 2025 · Sep 4, 2025 · Sep 4, 2025 · Sep 4, 2025
@@ -1,7 +1,7 @@
 import re
 from datetime import date, datetime
 from enum import Enum
-from typing import Annotated, Any, Literal, Self
+from typing import Annotated, Any, Literal, Self, TypeAlias
 
 import annotated_types
 from common_library.basic_types import DEFAULT_FACTORY
@@ -18,6 +18,7 @@
     StringConstraints,
     ValidationInfo,
     field_validator,
+    model_validator,
 )
 from pydantic.config import JsonDict
 
@@ -83,7 +84,14 @@ class MyProfileRestGet(OutputSchemaWithoutCamelCase):
     login: LowerCaseEmailStr
     phone: str | None = None
 
-    role: Literal["ANONYMOUS", "GUEST", "USER", "TESTER", "PRODUCT_OWNER", "ADMIN"]
+    role: Literal[
+        "ANONYMOUS",
+        "GUEST",
+        "USER",
+        "TESTER",
+        "PRODUCT_OWNER",
+        "ADMIN",
+    ]
     groups: MyGroupsGet | None = None
     gravatar_id: Annotated[str | None, Field(deprecated=True)] = None
 
@@ -306,15 +314,40 @@ class UserAccountReject(InputSchema):
     email: EmailStr
 
 
+GlobString: TypeAlias = Annotated[
+    str,
+    StringConstraints(
+        min_length=3, max_length=200, strip_whitespace=True, pattern=r"^[^%]*$"
+    ),
+]
+
+
 class UserAccountSearchQueryParams(RequestParameters):
     email: Annotated[
-        str,
+        GlobString | None,
         Field(
-            min_length=3,
-            max_length=200,
             description="complete or glob pattern for an email",
         ),
-    ]
+    ] = None
+    primary_group_id: Annotated[
+        GroupID | None,
+        Field(
+            description="Filter by primary group ID",
+        ),
+    ] = None
+    user_name: Annotated[
+        GlobString | None,
+        Field(
+            description="complete or glob pattern for a username",
+        ),
+    ] = None
+
+    @model_validator(mode="after")
+    def _validate_at_least_one_filter(self) -> Self:
+        if not any([self.email, self.primary_group_id, self.user_name]):
+            msg = "At least one filter (email, primary_group_id, or user_name) must be provided"
+            raise ValueError(msg)
+        return self
 
 
 class UserAccountGet(OutputSchema):
@@ -340,9 +373,9 @@ class UserAccountGet(OutputSchema):
     # pre-registration NOTE: that some users have no pre-registartion and therefore all options here can be none
     pre_registration_id: int | None
     pre_registration_created: datetime | None
-    invited_by: str | None = None
+    invited_by: UserNameID | None = None
     account_request_status: AccountRequestStatus | None
-    account_request_reviewed_by: UserID | None = None
+    account_request_reviewed_by: UserNameID | None = None
     account_request_reviewed_at: datetime | None = None
 
     # user status

@@ -2,7 +2,6 @@
 from typing import Annotated, TypeAlias
 
 from common_library.users_enums import UserRole
-from models_library.basic_types import IDStr
 from pydantic import BaseModel, ConfigDict, Field, PositiveInt, StringConstraints
 from pydantic.config import JsonDict
 from typing_extensions import (  # https://docs.pydantic.dev/latest/api/standard_library_types/#typeddict
@@ -12,8 +11,9 @@
 from .emails import LowerCaseEmailStr
 
 UserID: TypeAlias = PositiveInt
-UserNameID: TypeAlias = IDStr
-
+UserNameID: TypeAlias = Annotated[
+    str, StringConstraints(strip_whitespace=True, min_length=1, max_length=100)
+]
 
 FirstNameStr: TypeAlias = Annotated[
     str, StringConstraints(strip_whitespace=True, max_length=255)

@@ -11,12 +11,12 @@ commit_args = --no-verify
 asyncio_mode = auto
 asyncio_default_fixture_loop_scope = function
 addopts = --strict-markers
-markers = 
+markers =
 	slow: marks tests as slow (deselect with '-m "not slow"')
 	acceptance_test: "marks tests as 'acceptance tests' i.e. does the system do what the user expects? Typically those are workflows."
 	testit: "marks test to run during development"
 
 [mypy]
-plugins = 
+plugins =
 	pydantic.mypy
 	sqlalchemy.ext.mypy.plugin
@@ -13,8 +13,7 @@ class ProfileCommon(BaseModel):
     last_name: LastNameStr | None = Field(None, examples=["Maxwell"])
 
 
-class ProfileUpdate(ProfileCommon):
-    ...
+class ProfileUpdate(ProfileCommon): ...
 
 
 class UserRoleEnum(StrAutoEnum):

@@ -1 +1 @@
-0.77.0
+0.77.2
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.77.0
+current_version = 0.77.2
 commit = True
 message = services/webserver api version: {current_version} → {new_version}
 tag = False
@@ -13,13 +13,13 @@ commit_args = --no-verify
 addopts = --strict-markers
 asyncio_mode = auto
 asyncio_default_fixture_loop_scope = function
-markers =
+markers = 
 	slow: marks tests as slow (deselect with '-m "not slow"')
 	acceptance_test: "marks tests as 'acceptance tests' i.e. does the system do what the user expects? Typically those are workflows."
 	testit: "marks test to run during development"
 	heavy_load: "mark tests that require large amount of data"
 
 [mypy]
-plugins =
+plugins = 
 	pydantic.mypy
 	sqlalchemy.ext.mypy.plugin
@@ -1,8 +1,8 @@
 openapi: 3.1.0
 info:
   title: simcore-service-webserver
   description: Main service with an interface (http-API & websockets) to the web front-end
-  version: 0.77.0
+  version: 0.77.2
 servers:
 - url: ''
   description: webserver
@@ -1798,12 +1798,36 @@
       parameters:
       - name: email
         in: query
-        required: true
+        required: false
         schema:
-          type: string
-          minLength: 3
-          maxLength: 200
+          anyOf:
+          - type: string
+            minLength: 3
+            maxLength: 200
+            pattern: ^[^%]*$
+          - type: 'null'
           title: Email
+      - name: primary_group_id
+        in: query
+        required: false
+        schema:
+          anyOf:
+          - type: integer
+            exclusiveMinimum: true
+            minimum: 0
+          - type: 'null'
+          title: Primary Group Id
+      - name: user_name
+        in: query
+        required: false
+        schema:
+          anyOf:
+          - type: string
+            minLength: 3
+            maxLength: 200
+            pattern: ^[^%]*$
+          - type: 'null'
+          title: User Name
       responses:
         '200':
           description: Successful Response
@@ -18361,6 +18385,8 @@
         invitedBy:
           anyOf:
           - type: string
+            maxLength: 100
+            minLength: 1
           - type: 'null'
           title: Invitedby
         accountRequestStatus:
@@ -18369,9 +18395,9 @@
           - type: 'null'
         accountRequestReviewedBy:
           anyOf:
-          - type: integer
-            exclusiveMinimum: true
-            minimum: 0
+          - type: string
+            maxLength: 100
+            minLength: 1
           - type: 'null'
           title: Accountrequestreviewedby
         accountRequestReviewedAt:

@@ -6,7 +6,6 @@
 from aiohttp import web
 from common_library.groups_enums import GroupType
 from common_library.users_enums import UserRole
-from models_library.basic_types import IDStr
 from models_library.groups import (
     AccessRightsDict,
     Group,
@@ -17,7 +16,7 @@
     StandardGroupCreate,
     StandardGroupUpdate,
 )
-from models_library.users import UserID
+from models_library.users import UserID, UserNameID
 from simcore_postgres_database.aiopg_errors import UniqueViolation
 from simcore_postgres_database.models.users import users
 from simcore_postgres_database.utils_products import get_or_create_product_group
@@ -732,14 +731,30 @@ async def is_user_by_email_in_group(
         return user_id is not None
 
 
+async def is_user_in_group(
+    app: web.Application,
+    connection: AsyncConnection | None = None,
+    *,
+    user_id: UserID,
+    group_id: GroupID,
+) -> bool:
+    async with pass_or_acquire_connection(get_asyncpg_engine(app), connection) as conn:
+        result = await conn.scalar(
+            sa.select(user_to_groups.c.uid).where(
+                (user_to_groups.c.uid == user_id) & (user_to_groups.c.gid == group_id)
+            )
+        )
+        return result is not None
+
+
 async def add_new_user_in_group(
     app: web.Application,
     connection: AsyncConnection | None = None,
     *,
     group_id: GroupID,
     # either user_id or user_name
     new_user_id: UserID | None = None,
-    new_user_name: IDStr | None = None,
+    new_user_name: UserNameID | None = None,
     access_rights: AccessRightsDict | None = None,
 ) -> None:
     """

@@ -1,7 +1,6 @@
 from contextlib import suppress
 
 from aiohttp import web
-from models_library.basic_types import IDStr
 from models_library.emails import LowerCaseEmailStr
 from models_library.groups import (
     AccessRightsDict,
@@ -13,7 +12,7 @@
     StandardGroupUpdate,
 )
 from models_library.products import ProductName
-from models_library.users import UserID
+from models_library.users import UserID, UserNameID
 from pydantic import EmailStr
 
 from ..products.models import Product
@@ -262,6 +261,14 @@ async def is_user_by_email_in_group(
     )
 
 
+async def is_user_in_group(
+    app: web.Application, *, user_id: UserID, group_id: GroupID
+) -> bool:
+    return await _groups_repository.is_user_in_group(
+        app, user_id=user_id, group_id=group_id
+    )
+
+
 async def auto_add_user_to_groups(app: web.Application, user_id: UserID) -> None:
     user: dict = await users_service.get_user(app, user_id)
     return await _groups_repository.auto_add_user_to_groups(app, user=user)
@@ -288,7 +295,7 @@ async def add_user_in_group(
     *,
     # identifies
     new_by_user_id: UserID | None = None,
-    new_by_user_name: IDStr | None = None,
+    new_by_user_name: UserNameID | None = None,
     new_by_user_email: EmailStr | None = None,
     access_rights: AccessRightsDict | None = None,
 ) -> None:

@@ -9,6 +9,7 @@
     get_product_group_for_user,
     get_user_profile_groups,
     is_user_by_email_in_group,
+    is_user_in_group,
     list_all_user_groups_ids,
     list_group_members,
     list_user_groups_ids_with_read_access,
@@ -23,6 +24,7 @@
     "get_product_group_for_user",
     "get_user_profile_groups",
     "is_user_by_email_in_group",
+    "is_user_in_group",
     "list_all_user_groups_ids",
     "list_group_members",
     "list_user_groups_ids_with_read_access",

@@ -10,7 +10,10 @@
 
 from ..._meta import API_VTAG as VTAG
 from ...login.decorators import login_required
-from ...security.decorators import permission_required
+from ...security.decorators import (
+    group_or_role_permission_required,
+    permission_required,
+)
 from ...utils_aiohttp import envelope_json_response
 from .. import _service, products_web
 from .._repository import ProductRepository
@@ -46,7 +49,7 @@ async def _get_current_product_price(request: web.Request):
 
 @routes.get(f"/{VTAG}/products/{{product_name}}", name="get_product")
 @login_required
-@permission_required("product.details.*")
+@group_or_role_permission_required("product.details.*")
 @handle_rest_requests_exceptions
 async def _get_product(request: web.Request):
     req_ctx = ProductsRequestContext.model_validate(request)

@@ -4,10 +4,12 @@
 import aiofiles
 from aiohttp import web
 from models_library.products import ProductName
+from models_library.users import UserID
 from simcore_postgres_database.utils_products_prices import ProductPriceInfo
 
 from .._resources import webserver_resources
 from ..constants import RQ_PRODUCT_KEY
+from ..groups import api as groups_service
 from . import _service
 from ._web_events import APP_PRODUCTS_TEMPLATES_DIR_KEY
 from .errors import (
@@ -38,6 +40,22 @@ def get_current_product(request: web.Request) -> Product:
     return current_product
 
 
+async def is_user_in_product_support_group(
+    request: web.Request, *, user_id: UserID
+) -> bool:
+    """Checks if the user belongs to the support group of the given product.
+    If the product does not have a support group, returns False.
+    """
+    product = get_current_product(request)
+    if product.support_standard_group_id is None:
+        return False
+    return await groups_service.is_user_in_group(
+        app=request.app,
+        user_id=user_id,
+        group_id=product.support_standard_group_id,
+    )
+
+
 def _get_current_product_or_none(request: web.Request) -> Product | None:
     with contextlib.suppress(ProductNotFoundError, UnknownProductError):
         product: Product = get_current_product(request)
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		0.77.0
		0.77.2
pcrespov marked this conversation as resolved. Show resolved Hide resolved