feat: Returning the forbidden jobs in the error

Robin-Van-de-Merghel · Robin-Van-de-Merghel · commit 7124b0ce7883 · 2025-04-16T10:10:26.000+02:00
diff --git a/diracx-db/src/diracx/db/sql/pilot_agents/db.py b/diracx-db/src/diracx/db/sql/pilot_agents/db.py
@@ -44,7 +44,7 @@ async def add_pilot_references(
         stmt = insert(PilotAgents).values(values)
         await self.conn.execute(stmt)
 
-    async def get_pilot_by_reference(self, pilot_ref: str):
+    async def get_pilot_by_reference(self, pilot_ref: str) -> dict:
         stmt = select(PilotAgents).where(PilotAgents.pilot_job_reference == pilot_ref)
 
         # Execute the query and fetch one result
@@ -55,17 +55,17 @@ async def get_pilot_by_reference(self, pilot_ref: str):
 
         return dict(pilot._mapping)
 
-    async def get_pilot_job_ids(self, pilot_id: set) -> set[dict]:
+    async def get_pilot_job_ids(self, pilot_id: set) -> list[int]:
         stmt = select(JobToPilotMapping.job_id).where(
             JobToPilotMapping.pilot_id == pilot_id
         )
 
         # Execute the results
         result = await self.conn.execute(stmt)
 
-        return set(result.scalars().all())
+        return list(result.scalars().all())
 
-    async def associate_pilot_with_jobs(self, pilot_id: int, job_ids: set[int]):
+    async def associate_pilot_with_jobs(self, pilot_id: int, job_ids: list[int]):
 
         now = datetime.now(tz=timezone.utc)
 
diff --git a/diracx-routers/src/diracx/routers/jobs/access_policies.py b/diracx-routers/src/diracx/routers/jobs/access_policies.py
@@ -82,8 +82,11 @@ async def policy(
                 if set(job_ids) <= set(pilot_jobs):
                     return
 
+                forbidden_jobs_ids = set(job_ids) - set(pilot_jobs)
+
                 raise HTTPException(
-                    status.HTTP_403_FORBIDDEN, "this pilot can't access/modify this job"
+                    status.HTTP_403_FORBIDDEN,
+                    f"this pilot can't access/modify some jobs: ids={forbidden_jobs_ids}",
                 )
 
             raise HTTPException(status.HTTP_403_FORBIDDEN, "you are not a pilot")
diff --git a/diracx-routers/tests/jobs/test_wms_access_policy.py b/diracx-routers/tests/jobs/test_wms_access_policy.py
@@ -144,7 +144,8 @@ async def get_pilot_job_ids_patch(*args, **kwargs):
         )
 
     assert (
-        str(excinfo.value) == "403: " + "this pilot can't access/modify this job"
+        str(excinfo.value)
+        == "403: " + "this pilot can't access/modify some jobs: ids={1, 2}"
     ), excinfo
 
     # ------------------------- Pilot accessing some of his jobs -------------------------
@@ -181,7 +182,8 @@ async def get_pilot_job_ids_patch(*args, **kwargs):
         )
 
     assert (
-        str(excinfo.value) == "403: " + "this pilot can't access/modify this job"
+        str(excinfo.value)
+        == "403: " + "this pilot can't access/modify some jobs: ids={12}"
     ), excinfo
 
 

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,8 @@ async def get_pilot_job_ids_patch(args, *kwargs):`
`144`	`144`	`)`
`145`	`145`
`146`	`146`	`assert (`
`147`		`- str(excinfo.value) == "403: " + "this pilot can't access/modify this job"`
	`147`	`+ str(excinfo.value)`
	`148`	`+ == "403: " + "this pilot can't access/modify some jobs: ids={1, 2}"`
`148`	`149`	`), excinfo`
`149`	`150`
`150`	`151`	`# ------------------------- Pilot accessing some of his jobs -------------------------`
`@@ -181,7 +182,8 @@ async def get_pilot_job_ids_patch(args, *kwargs):`
`181`	`182`	`)`
`182`	`183`
`183`	`184`	`assert (`
`184`		`- str(excinfo.value) == "403: " + "this pilot can't access/modify this job"`
	`185`	`+ str(excinfo.value)`
	`186`	`+ == "403: " + "this pilot can't access/modify some jobs: ids={12}"`
`185`	`187`	`), excinfo`
`186`	`188`
`187`	`189`