diff --git a/met-api/src/met_api/models/engagement.py b/met-api/src/met_api/models/engagement.py index 64b336da5..5334f3fc7 100644 --- a/met-api/src/met_api/models/engagement.py +++ b/met-api/src/met_api/models/engagement.py @@ -271,9 +271,11 @@ def _filter_by_assigned_engagements(query, external_user_id: int, exception_stat engagement_id for engagement_id, in ( db.session.query(Engagement.id) - .join(MembershipModel) + .join(MembershipModel, MembershipModel.engagement_id == Engagement.id) .join(StaffUser, StaffUser.external_id == external_user_id) .filter(MembershipModel.user_id == StaffUser.id) + .filter(MembershipModel.is_latest.is_(True)) + .filter(MembershipModel.status == MembershipStatus.ACTIVE.value) .all() ) ] diff --git a/met-api/src/met_api/services/membership_service.py b/met-api/src/met_api/services/membership_service.py index 38fdb40e8..668883c52 100644 --- a/met-api/src/met_api/services/membership_service.py +++ b/met-api/src/met_api/services/membership_service.py @@ -10,7 +10,9 @@ from met_api.services.staff_user_service import KEYCLOAK_SERVICE, StaffUserService from met_api.utils.enums import KeycloakGroups, MembershipStatus from met_api.utils.constants import Groups -from ..exceptions.business_exception import BusinessException +from met_api.services import authorization +from met_api.exceptions.business_exception import BusinessException +from met_api.utils.roles import Role class MembershipService: @@ -138,6 +140,12 @@ def update_membership_status(engagement_id: int, user_id: int, action: str): if membership.engagement_id != int(engagement_id): raise ValueError('Membership does not belong to this engagement.') + one_of_roles = ( + MembershipType.TEAM_MEMBER.name, + Role.EDIT_MEMBERS.value + ) + authorization.check_auth(one_of_roles=one_of_roles, engagement_id=engagement_id) + if not membership: raise ValueError('Invalid Membership.')