From d21a3935f004234b0186288f747d576b24bf60ae Mon Sep 17 00:00:00 2001
From: Matt Riley <mriley@dimagi.com>
Date: Tue, 5 Sep 2023 16:01:45 -0400
Subject: [PATCH] Added tests to verify duplicate case filter security

---
 .../apps/reports/tests/standard/__init__.py   |  0
 .../reports/tests/standard/cases/__init__.py  |  0
 .../tests/standard/cases/filters/__init__.py  |  0
 .../test_duplicate_case_rule_filter.py        | 35 +++++++++++++++++++
 4 files changed, 35 insertions(+)
 create mode 100644 corehq/apps/reports/tests/standard/__init__.py
 create mode 100644 corehq/apps/reports/tests/standard/cases/__init__.py
 create mode 100644 corehq/apps/reports/tests/standard/cases/filters/__init__.py
 create mode 100644 corehq/apps/reports/tests/standard/cases/filters/test_duplicate_case_rule_filter.py

diff --git a/corehq/apps/reports/tests/standard/__init__.py b/corehq/apps/reports/tests/standard/__init__.py
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/corehq/apps/reports/tests/standard/cases/__init__.py b/corehq/apps/reports/tests/standard/cases/__init__.py
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/corehq/apps/reports/tests/standard/cases/filters/__init__.py b/corehq/apps/reports/tests/standard/cases/filters/__init__.py
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/corehq/apps/reports/tests/standard/cases/filters/test_duplicate_case_rule_filter.py b/corehq/apps/reports/tests/standard/cases/filters/test_duplicate_case_rule_filter.py
new file mode 100644
index 000000000000..6c96e4aeade9
--- /dev/null
+++ b/corehq/apps/reports/tests/standard/cases/filters/test_duplicate_case_rule_filter.py
@@ -0,0 +1,35 @@
+from django.test import TestCase
+from django.test.client import RequestFactory
+
+from corehq.apps.data_interfaces.models import AutomaticUpdateRule
+from corehq.apps.reports.standard.cases.filters import DuplicateCaseRuleFilter
+
+
+class TestDuplicateCaseRuleFilter(TestCase):
+    def test_get_value_returns_rule(self):
+        dedupe_rule = self._create_rule(domain='domain')
+        request = self._create_request_for_rule(dedupe_rule)
+
+        value = DuplicateCaseRuleFilter.get_value(request, domain='domain')
+        self.assertEqual(value, str(dedupe_rule.id))
+
+    def test_get_value_returns_none_on_data_from_other_domain(self):
+        unauthorized_rule = self._create_rule(domain='unauthorized-domain')
+        request = self._create_request_for_rule(unauthorized_rule)
+
+        self.assertIsNone(DuplicateCaseRuleFilter.get_value(request, domain='domain'))
+
+    def setUp(self):
+        self.factory = RequestFactory()
+
+    def _create_rule(self, domain):
+        return AutomaticUpdateRule.objects.create(
+            domain=domain,
+            name='test-rule',
+            case_type='test-case-type',
+            workflow=AutomaticUpdateRule.WORKFLOW_DEDUPLICATE,
+            active=True
+        )
+
+    def _create_request_for_rule(self, rule):
+        return self.factory.get('dedupe_report_url', data={'duplicate_case_rule': rule.id})