From 0194e02bc991b9a09ffc70ebbe2f4de9b47df87f Mon Sep 17 00:00:00 2001 From: Struan Donald Date: Wed, 4 Dec 2024 11:43:26 +0000 Subject: [PATCH] fix downloading RoR response CSV for users with assignments Was relying on the marker's assigned council which is not true for all users so if that's missing look at assignments too. Also throw a 403 if none of them matches. --- .../tests/test_right_of_reply_views.py | 31 +++++++++++++++++++ crowdsourcer/views/rightofreply.py | 24 ++++++++++---- 2 files changed, 49 insertions(+), 6 deletions(-) diff --git a/crowdsourcer/tests/test_right_of_reply_views.py b/crowdsourcer/tests/test_right_of_reply_views.py index 95550db..e44bbbc 100644 --- a/crowdsourcer/tests/test_right_of_reply_views.py +++ b/crowdsourcer/tests/test_right_of_reply_views.py @@ -611,6 +611,11 @@ def get_download_df(self): return df + def test_wrong_council(self): + url = reverse("authority_ror_download", args=("Adur District Council",)) + response = self.client.get(url) + self.assertEqual(response.status_code, 403) + def test_download(self): df = self.get_download_df() @@ -635,6 +640,32 @@ def test_download(self): self.assertEqual(b_and_h_q5.agree_with_mark, "No") self.assertEqual(b_and_h_q5.council_notes, "a council objection") + def test_download_with_two_councils(self): + self.user.marker.authority = None + self.user.marker.save() + + rt = ResponseType.objects.get(type="Right of Reply") + ms = MarkingSession.objects.get(label="Default") + Assigned.objects.create( + user=self.user, + response_type=rt, + authority=PublicAuthority.objects.get(name="Aberdeenshire Council"), + marking_session=ms, + ) + Assigned.objects.create( + user=self.user, + response_type=rt, + authority=PublicAuthority.objects.get(name="Aberdeen City Council"), + marking_session=ms, + ) + + df = self.get_download_df() + self.assertEqual(df.shape[0], 2) + + url = reverse("authority_ror_download", args=("Adur District Council",)) + response = self.client.get(url) + self.assertEqual(response.status_code, 403) + def test_download_with_props(self): sp = SessionProperties.objects.get(name="ror_property") SessionPropertyValues.objects.create( diff --git a/crowdsourcer/views/rightofreply.py b/crowdsourcer/views/rightofreply.py index 331ee91..4d17c8e 100644 --- a/crowdsourcer/views/rightofreply.py +++ b/crowdsourcer/views/rightofreply.py @@ -241,15 +241,27 @@ def get_queryset(self): user = self.request.user rt = ResponseType.objects.get(type="Right of Reply") + authority_name = self.kwargs["name"] + requested_authority = PublicAuthority.objects.get(name=authority_name) + authority = None if user.is_superuser: - authority_name = self.kwargs["name"] - authority = PublicAuthority.objects.get(name=authority_name) - else: + authority = requested_authority + elif ( + self.request.user.marker.authority is not None + and self.request.user.marker.authority == requested_authority + ): authority = self.request.user.marker.authority - - self.authority = authority + else: + if Assigned.objects.filter( + user=self.request.user, + authority=requested_authority, + marking_session=self.request.current_session, + response_type=rt, + ).exists(): + authority = requested_authority if authority is not None: + self.authority = authority return ( Response.objects.filter( question__section__marking_session=self.request.current_session, @@ -264,7 +276,7 @@ def get_queryset(self): ) ) - return None + raise PermissionDenied def get_first_mark_responses(self): rt = ResponseType.objects.get(type="First Mark")