Check existence and permission on superseded_score_set_urn and meta_analyzes_score_set_urns on score set updates

The `score_set_update` router function, used but the scoreset PUT and PATCH endpoints, allowed for updating `superseded_score_set_urn` and `meta_analyzes_score_set_urns`, but was not validating their existence and user permissions. This change adds both checks for those values.

Author: davereinhart

src/mavedb/routers/score_sets.py

@@ -264,6 +264,38 @@ async def score_set_update(
             logger.error(msg="Could not find ORCID user with the provided user ID.", extra=logging_context())
             raise HTTPException(status_code=422, detail=str(e))
 
+    if "superseded_score_set_urn" in item_update_dict:
+        superseded_urn = item_update_dict.get("superseded_score_set_urn")
+        if superseded_urn:
+            superseded_score_set = await fetch_score_set_by_urn(db, superseded_urn, user_data, user_data, True)
+
+            if superseded_score_set is None:
+                logger.info(
+                    msg="Failed to create score set; The requested superseded score set does not exist.",
+                    extra=logging_context(),
+                )
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail="Unknown superseded score set",
+                )
+
+    if "meta_analyzes_score_set_urns" in item_update_dict:
+        meta_analyzed_urns = item_update_dict.get("meta_analyzes_score_set_urns") or []
+        existing_meta_analyses = find_meta_analyses_for_experiment_sets(db, meta_analyzed_urns, item.experiment)
+        existing_meta_analyses_urns = [ma.urn for ma in existing_meta_analyses]
+
+        # compare list of urns with existing meta analyses to find any urns that do not correspond to existing score sets
+        missing_urns = [urn for urn in meta_analyzed_urns if urn not in existing_meta_analyses_urns]
+        if len(missing_urns) > 0:
+            logger.info(
+                msg="Failed to create score set; The following meta analysis URNs do not correspond to existing score sets.",
+                extra=logging_context(),
+            )
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Unknown meta analysis URNs: {missing_urns}",
+            )
+
     # Score set has not been published and attributes affecting scores may still be edited.
     if item.private:
         if "score_ranges" in item_update_dict: