diff --git a/src/backend/app/tasks/task_crud.py b/src/backend/app/tasks/task_crud.py index c0748760..4044abc8 100644 --- a/src/backend/app/tasks/task_crud.py +++ b/src/backend/app/tasks/task_crud.py @@ -205,14 +205,15 @@ async def get_requested_user_id( async def get_project_task_by_id(db: Database, user_id: str): - """Get a list of pending tasks for a specific user(project creator).""" + """Get a list of pending tasks created by a specific user (project creator).""" raw_sql = """ SELECT t.id AS task_id, te.event_id, te.user_id, te.project_id, te.comment, te.state, te.created_at FROM tasks t LEFT JOIN task_events te ON t.id = te.task_id - WHERE te.user_id = :user_id + LEFT JOIN projects p ON te.project_id = p.id + WHERE p.author_id = :user_id AND te.state = 'REQUEST_FOR_MAPPING' ORDER BY t.project_task_index; """ - db_tasks = await db.fetch_all(raw_sql, {"user_id": user_id}) + db_tasks = await db.fetch_all(query=raw_sql, values={"user_id": user_id}) return db_tasks diff --git a/src/backend/app/tasks/task_routes.py b/src/backend/app/tasks/task_routes.py index 43cc6e32..87caebcf 100644 --- a/src/backend/app/tasks/task_routes.py +++ b/src/backend/app/tasks/task_routes.py @@ -218,16 +218,15 @@ async def get_pending_tasks( """Get a list of pending tasks for a project creator.""" user_id = user_data.id query = """SELECT role FROM user_profile WHERE user_id = :user_id""" - record = await db.fetch_one(query, {"user_id": user_id}) - - if not record: + records = await db.fetch_all(query, {"user_id": user_id}) + if not records: raise HTTPException(status_code=404, detail="User profile not found") - if record.role != UserRole.PROJECT_CREATOR.name: + roles = [record["role"] for record in records] + if UserRole.PROJECT_CREATOR.name not in roles: raise HTTPException( status_code=403, detail="Access forbidden for non-Project Creator users" ) - pending_tasks = await task_crud.get_project_task_by_id(db, user_id) if pending_tasks is None: raise HTTPException(status_code=404, detail="Project not found")