From a9c2a6d2d510900d149126c1edc99df1001f32ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micka=C3=ABl=20Misbach?= <mickael@misba.ch>
Date: Tue, 19 Mar 2024 14:41:20 +0100
Subject: [PATCH] ensure use of a valid scope for request

---
 .../resources/astm/f3548/v21/dss.py           | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py b/monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py
index bfc139559b..b0bc9fbef1 100644
--- a/monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py
+++ b/monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py
@@ -106,11 +106,15 @@ def _uses_scope(self, *scopes: Tuple[str]) -> None:
                     f"{fullname(type(self))} client called {calling_function_name(1)} which requires the use of the scope `{scope}`, but this DSSInstance is only authorized to perform actions with the scopes {' or '.join(self._scopes_authorized)}"
                 )
 
-    def _uses_any_scope(self, *scopes: str) -> None:
-        if not any([scope in self._scopes_authorized for scope in scopes]):
-            raise ValueError(
-                f"{fullname(type(self))} client called {calling_function_name(1)} which requires the use of any of the scopes `{', '.join(scopes)}`, but this DSSInstance is only authorized to perform actions with the scopes {' or '.join(self._scopes_authorized)}"
-            )
+    def _uses_any_scope(self, *scopes: str) -> str:
+        """Validates that at least a required scope is authorized for a request.
+        Additionally, returns a valid scope that may be used for the request."""
+        for scope in scopes:
+            if scope in self._scopes_authorized:
+                return scope
+        raise ValueError(
+            f"{fullname(type(self))} client called {calling_function_name(1)} which requires the use of any of the scopes `{', '.join(scopes)}`, but this DSSInstance is only authorized to perform actions with the scopes {' or '.join(self._scopes_authorized)}"
+        )
 
     def can_use_scope(self, scope: str) -> bool:
         return scope in self._scopes_authorized
@@ -390,7 +394,7 @@ def make_report(
         Raises:
             * QueryError: if request failed, if HTTP status code is different than 201, or if the parsing of the response failed.
         """
-        self._uses_any_scope(
+        use_scope = self._uses_any_scope(
             Scope.ConstraintManagement,
             Scope.ConstraintProcessing,
             Scope.StrategicCoordination,
@@ -406,9 +410,7 @@ def make_report(
             op.path,
             QueryType.F3548v21DSSMakeDssReport,
             self.participant_id,
-            scope=next(
-                iter(self._scopes_authorized)
-            ),  # any scope is valid for this endpoint
+            scope=use_scope,
             json=req,
         )