Admins won't see buttons for broadcast actions they can't do

These actions are creating, accepting and rejecting broadcasts.

app/templates/views/broadcast/dashboard.html

@@ -17,7 +17,7 @@
     'current_broadcasts'
   ) }}
 
-  {% if current_user.has_permissions('send_messages') %}
+  {% if current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
     <div class="js-stick-at-bottom-when-scrolling">
       {{ govukButton({
         "element": "a",

app/templates/views/broadcast/previous-broadcasts.html

@@ -13,7 +13,7 @@
 
   {% include('views/broadcast/partials/dashboard-table.html') %}
 
-  {% if current_user.has_permissions('send_messages') %}
+  {% if current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
     <div class="js-stick-at-bottom-when-scrolling">
       {{ govukButton({
         "element": "a",

app/templates/views/broadcast/view-message.html

@@ -19,9 +19,9 @@
 
 {% block service_page_title %}
   {% if broadcast_message.status == 'pending-approval' %}
-    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages') %}
+    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       {{ broadcast_message.template.name }} is waiting for approval
-    {% elif current_user.has_permissions('send_messages') %}
+    {% elif current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       {% if broadcast_message.created_by %}
         {{ broadcast_message.created_by.name }}
       {% else %}
@@ -42,7 +42,7 @@
   {{ govukBackLink({ "href": back_link }) }}
 
   {% if broadcast_message.status == 'pending-approval' %}
-    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages') %}
+    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       <div class="banner govuk-!-margin-bottom-6">
         <h1 class="govuk-heading-m govuk-!-margin-bottom-3">
           {{ broadcast_message.template.name }} is waiting for approval
@@ -81,7 +81,7 @@
           </details>
         {% endif %}
       </div>
-    {% elif current_user.has_permissions('send_messages') %}
+    {% elif current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       {% call form_wrapper(class="banner govuk-!-margin-bottom-6") %}
         <h1 class="govuk-heading-m govuk-!-margin-top-0 govuk-!-margin-bottom-3">
           {% if broadcast_message.created_by %}

tests/app/main/views/test_broadcast.py

@@ -388,6 +388,7 @@ def test_broadcast_dashboard(
     )
 
 
+@pytest.mark.parametrize("user_is_platform_admin", [True, False])
 @pytest.mark.parametrize('endpoint', (
     '.broadcast_dashboard', '.broadcast_dashboard_previous', '.broadcast_dashboard_rejected',
 ))
@@ -395,11 +396,17 @@ def test_broadcast_dashboard_does_not_have_button_for_view_only_user(
     client_request,
     service_one,
     active_user_view_permissions,
+    platform_admin_user_no_service_permissions,
     mock_get_broadcast_messages,
     endpoint,
+    user_is_platform_admin
 ):
+    if user_is_platform_admin:
+        client_request.login(platform_admin_user_no_service_permissions)
+    else:
+        client_request.login(active_user_view_permissions)
+
     service_one['permissions'] += ['broadcast']
-    client_request.login(active_user_view_permissions)
     page = client_request.get(
         endpoint,
         service_id=SERVICE_ONE_ID,
@@ -1841,14 +1848,17 @@ def test_can_approve_own_broadcast_in_trial_mode(
 
 
 @freeze_time('2020-02-22T22:22:22.000000')
+@pytest.mark.parametrize("user_is_platform_admin", [True, False])
 def test_view_only_user_cant_approve_broadcast(
     mocker,
     client_request,
     service_one,
     active_user_with_permissions,
     active_user_view_permissions,
+    platform_admin_user_no_service_permissions,
     mock_get_broadcast_template,
     fake_uuid,
+    user_is_platform_admin
 ):
     mocker.patch(
         'app.broadcast_message_api_client.get_broadcast_message',
@@ -1861,8 +1871,12 @@ def test_view_only_user_cant_approve_broadcast(
             status='pending-approval',
         ),
     )
+    if user_is_platform_admin:
+        current_user = platform_admin_user_no_service_permissions
+    else:
+        current_user = active_user_view_permissions
     mocker.patch('app.user_api_client.get_user', side_effect=[
-        active_user_view_permissions,  # Current user
+        current_user,  # Current user
         active_user_with_permissions,  # User who created broadcast
     ])
     service_one['permissions'] += ['broadcast']