From 0c0d9dd72f301d38df17cd1db093718878156f07 Mon Sep 17 00:00:00 2001
From: Pea Tyczynska <CrystalPea@users.noreply.github.com>
Date: Wed, 14 Apr 2021 18:13:18 +0100
Subject: [PATCH] Admins won't see buttons for broadcast actions they can't do

These actions are creating, accepting and rejecting broadcasts.
---
 app/templates/views/broadcast/dashboard.html   |  2 +-
 .../views/broadcast/previous-broadcasts.html   |  2 +-
 .../views/broadcast/view-message.html          |  8 ++++----
 tests/app/main/views/test_broadcast.py         | 18 ++++++++++++++++--
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/app/templates/views/broadcast/dashboard.html b/app/templates/views/broadcast/dashboard.html
index a0695de8e..5ebf590a7 100644
--- a/app/templates/views/broadcast/dashboard.html
+++ b/app/templates/views/broadcast/dashboard.html
@@ -17,7 +17,7 @@
     'current_broadcasts'
   ) }}
 
-  {% if current_user.has_permissions('send_messages') %}
+  {% if current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
     <div class="js-stick-at-bottom-when-scrolling">
       {{ govukButton({
         "element": "a",
diff --git a/app/templates/views/broadcast/previous-broadcasts.html b/app/templates/views/broadcast/previous-broadcasts.html
index 835c1a216..93416b670 100644
--- a/app/templates/views/broadcast/previous-broadcasts.html
+++ b/app/templates/views/broadcast/previous-broadcasts.html
@@ -13,7 +13,7 @@
 
   {% include('views/broadcast/partials/dashboard-table.html') %}
 
-  {% if current_user.has_permissions('send_messages') %}
+  {% if current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
     <div class="js-stick-at-bottom-when-scrolling">
       {{ govukButton({
         "element": "a",
diff --git a/app/templates/views/broadcast/view-message.html b/app/templates/views/broadcast/view-message.html
index cca6309ee..b9de5bcf2 100644
--- a/app/templates/views/broadcast/view-message.html
+++ b/app/templates/views/broadcast/view-message.html
@@ -19,9 +19,9 @@
 
 {% block service_page_title %}
   {% if broadcast_message.status == 'pending-approval' %}
-    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages') %}
+    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       {{ broadcast_message.template.name }} is waiting for approval
-    {% elif current_user.has_permissions('send_messages') %}
+    {% elif current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       {% if broadcast_message.created_by %}
         {{ broadcast_message.created_by.name }}
       {% else %}
@@ -42,7 +42,7 @@
   {{ govukBackLink({ "href": back_link }) }}
 
   {% if broadcast_message.status == 'pending-approval' %}
-    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages') %}
+    {% if broadcast_message.created_by and broadcast_message.created_by == current_user and current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       <div class="banner govuk-!-margin-bottom-6">
         <h1 class="govuk-heading-m govuk-!-margin-bottom-3">
           {{ broadcast_message.template.name }} is waiting for approval
@@ -81,7 +81,7 @@
           </details>
         {% endif %}
       </div>
-    {% elif current_user.has_permissions('send_messages') %}
+    {% elif current_user.has_permissions('send_messages', restrict_admin_usage=True) %}
       {% call form_wrapper(class="banner govuk-!-margin-bottom-6") %}
         <h1 class="govuk-heading-m govuk-!-margin-top-0 govuk-!-margin-bottom-3">
           {% if broadcast_message.created_by %}
diff --git a/tests/app/main/views/test_broadcast.py b/tests/app/main/views/test_broadcast.py
index 4bbde132d..6b7bece07 100644
--- a/tests/app/main/views/test_broadcast.py
+++ b/tests/app/main/views/test_broadcast.py
@@ -388,6 +388,7 @@ def test_broadcast_dashboard(
     )
 
 
+@pytest.mark.parametrize("user_is_platform_admin", [True, False])
 @pytest.mark.parametrize('endpoint', (
     '.broadcast_dashboard', '.broadcast_dashboard_previous', '.broadcast_dashboard_rejected',
 ))
@@ -395,11 +396,17 @@ def test_broadcast_dashboard_does_not_have_button_for_view_only_user(
     client_request,
     service_one,
     active_user_view_permissions,
+    platform_admin_user_no_service_permissions,
     mock_get_broadcast_messages,
     endpoint,
+    user_is_platform_admin
 ):
+    if user_is_platform_admin:
+        client_request.login(platform_admin_user_no_service_permissions)
+    else:
+        client_request.login(active_user_view_permissions)
+
     service_one['permissions'] += ['broadcast']
-    client_request.login(active_user_view_permissions)
     page = client_request.get(
         endpoint,
         service_id=SERVICE_ONE_ID,
@@ -1841,14 +1848,17 @@ def test_can_approve_own_broadcast_in_trial_mode(
 
 
 @freeze_time('2020-02-22T22:22:22.000000')
+@pytest.mark.parametrize("user_is_platform_admin", [True, False])
 def test_view_only_user_cant_approve_broadcast(
     mocker,
     client_request,
     service_one,
     active_user_with_permissions,
     active_user_view_permissions,
+    platform_admin_user_no_service_permissions,
     mock_get_broadcast_template,
     fake_uuid,
+    user_is_platform_admin
 ):
     mocker.patch(
         'app.broadcast_message_api_client.get_broadcast_message',
@@ -1861,8 +1871,12 @@ def test_view_only_user_cant_approve_broadcast(
             status='pending-approval',
         ),
     )
+    if user_is_platform_admin:
+        current_user = platform_admin_user_no_service_permissions
+    else:
+        current_user = active_user_view_permissions
     mocker.patch('app.user_api_client.get_user', side_effect=[
-        active_user_view_permissions,  # Current user
+        current_user,  # Current user
         active_user_with_permissions,  # User who created broadcast
     ])
     service_one['permissions'] += ['broadcast']