Fix juror permission issue (#370)

[Santhini16]

Fix juror permission validation issue (#370)

Problem

Jurors were encountering a "Permission denied" error when attempting to access rounds or campaigns, even though:

• Their usernames were correctly listed as jurors
• The round was active and properly configured

The issue was caused by the permission check relying on username-based matching:

Round.jurors.any(username=self.user.username)

This approach is unreliable due to potential inconsistencies such as:

• Case sensitivity differences
• Username normalization issues
• Mismatch between stored and runtime values

Solution

Updated the permission validation logic to use the user's unique identifier (id) instead of username for comparison:

Round.jurors.any(id=self.user.id)

Additionally, _get_round_juror was updated to consistently use user_id:

.filter_by(user_id=self.user.id, round_id=round_id)

Impact

• Ensures accurate and reliable permission checks for jurors
• Eliminates false "Permission denied" errors
• Aligns permission logic with best practices (using primary keys instead of string fields)

Scope of Changes

• Modified get_campaign and get_round methods in JurorDAO
• Updated _get_round_juror for consistency

Notes

This change is minimal and does not affect other query logic or relationships. Existing functionality remains intact while improving correctness of access control.

Please let me know if any further adjustments or tests are required.

[Santhini16]

Hi, I have submitted a pull request to fix this issue. Please review it and let me know if any changes are required. Thank you!