Allow staff view users to see data access mechanisms

ACM staff view users should be able to see the data access mechanisms for a given user. Update the template and tests to ensure this is the case.
UW-GAC · Jun 18, 2024 · 4e4d9d2 · 4e4d9d2
1 parent 9edcecc
commit 4e4d9d2
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/primed/templates/users/user_detail.html b/primed/templates/users/user_detail.html
@@ -98,11 +98,11 @@ <h5>Verified Date</h5>
         </div><i class="bi bi-c-square"></i>
       </div>
 
-      {% if object == request.user %}
+      {% if perms.anvil_consortium_manager.anvil_consortium_manager_staff_view or object == request.user %}
 
       <div class='card card-shadow-sm mt-3'>
         <div class='card-header'>
-          <h3><i class="bi bi-clipboard-check"></i> My data access mechanisms </h3>
+          <h3><i class="bi bi-clipboard-check"></i> {% if object == request.user %}My{% else %}User{% endif %} data access mechanisms </h3>
         </div>
         <div class='card-body'>
           <h4>dbGaP</h4>

diff --git a/primed/users/tests/test_views.py b/primed/users/tests/test_views.py
@@ -303,6 +303,31 @@ def test_other_dbgap_applications(self):
         self.assertIn("dbgap_applications", response.context)
         self.assertEqual(len(response.context["dbgap_applications"]), 0)
 
+    def test_acm_staff_view(self):
+        """Users with staff view permission see dbGaP application info."""
+        self.user.user_permissions.add(
+            Permission.objects.get(codename=AnVILProjectManagerAccess.STAFF_VIEW_PERMISSION_CODENAME)
+        )
+        other_user = UserFactory.create()
+        dbgap_application_1 = dbGaPApplicationFactory.create(principal_investigator=other_user)
+        dbgap_application_2 = dbGaPApplicationFactory.create()
+        dbgap_application_2.collaborators.add(other_user)
+        self.client.force_login(self.user)
+        response = self.client.get(other_user.get_absolute_url())
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "User data access mechanisms")
+        self.assertContains(response, "Principal Investigator")
+        self.assertContains(response, "Collaborator")
+        self.assertNotContains(response, "No dbGaP applications")
+        self.assertContains(response, dbgap_application_1.dbgap_project_id)
+        self.assertContains(response, dbgap_application_1.get_absolute_url())
+        self.assertContains(response, dbgap_application_2.dbgap_project_id)
+        self.assertContains(response, dbgap_application_2.get_absolute_url())
+        self.assertIn("dbgap_applications", response.context)
+        self.assertEqual(len(response.context["dbgap_applications"]), 2)
+        self.assertIn(dbgap_application_1, response.context["dbgap_applications"])
+        self.assertIn(dbgap_application_2, response.context["dbgap_applications"])
+
 
 class UserAutocompleteTest(TestCase):
     def setUp(self):