fix: move the policy check_permission to the beginning of send_message

Author: martynia

diracx-routers/src/diracx/routers/pilot_logging/access_policies.py

@@ -5,7 +5,7 @@
 
 from fastapi import Depends, HTTPException, status
 
-from diracx.core.properties import GENERIC_PILOT, OPERATOR, SERVICE_ADMINISTRATOR
+from diracx.core.properties import GENERIC_PILOT, PILOT, OPERATOR, SERVICE_ADMINISTRATOR
 from diracx.db.os import PilotLogsDB
 from diracx.routers.access_policies import BaseAccessPolicy
 
@@ -43,13 +43,15 @@ async def policy(
         assert action, "action is a mandatory parameter"
         assert pilot_db, "pilot_db is a mandatory parameter"
 
+        if GENERIC_PILOT in user_info.properties:
+            return
+        if PILOT in user_info.properties:
+            return
         if SERVICE_ADMINISTRATOR in user_info.properties:
             return
         if OPERATOR in user_info.properties:
             return
-        if GENERIC_PILOT in user_info.properties:
-            return
-        # return  # to ignore a sender
+
         raise HTTPException(status.HTTP_403_FORBIDDEN, detail=user_info.properties)
 
 

diracx-routers/src/diracx/routers/pilot_logging/remote_logger.py

@@ -28,6 +28,8 @@ async def send_message(
     check_permissions: CheckPilotLogsPolicyCallable,
 ):
     logger.warning(f"Message received '{data}'")
+    await check_permissions(action=ActionType.CREATE, pilot_db=pilot_logs_db)
+
     pilot_id = 1234  # need to get pilot id from pilot_stamp (via pilot DB)
 
     docs = []
@@ -40,6 +42,5 @@ async def send_message(
                 "Message": line.line,
             }
         )
-    await check_permissions(action=ActionType.CREATE, pilot_db=pilot_logs_db)
     await pilot_logs_db.bulk_insert(pilot_logs_db.index_name(pilot_id), docs)
     return data