diff --git a/app/main/views/templates.py b/app/main/views/templates.py index 732023f65..16b18cf59 100644 --- a/app/main/views/templates.py +++ b/app/main/views/templates.py @@ -48,7 +48,10 @@ page_headings = { @login_required @user_has_permissions('view_activity', 'send_messages') def view_template(service_id, template_id): - if not current_user.has_permissions('view_activity'): + if ( + current_user.has_permissions('send_messages') and + not current_user.has_permissions('manage_templates', 'manage_api_keys') + ): return redirect(url_for( '.send_one_off', service_id=service_id, template_id=template_id )) diff --git a/tests/app/main/views/test_templates.py b/tests/app/main/views/test_templates.py index 0d7215b33..b2c28df84 100644 --- a/tests/app/main/views/test_templates.py +++ b/tests/app/main/views/test_templates.py @@ -187,6 +187,32 @@ def test_caseworker_redirected_to_one_off( ) +def test_user_with_only_send_and_view_redirected_to_one_off( + client_request, + mock_get_service_templates, + active_user_with_permissions, + mocker, + fake_uuid, +): + active_user_with_permissions._permissions[SERVICE_ONE_ID] = [ + 'send_messages', + 'view_activity', + ] + client_request.login(active_user_with_permissions) + client_request.get( + 'main.view_template', + service_id=SERVICE_ONE_ID, + template_id=fake_uuid, + _expected_status=302, + _expected_redirect=url_for( + 'main.send_one_off', + service_id=SERVICE_ONE_ID, + template_id=fake_uuid, + _external=True, + ), + ) + + @pytest.mark.parametrize('permissions, links_to_be_shown, permissions_warning_to_be_shown', [ ( ['view_activity'], @@ -203,11 +229,6 @@ def test_caseworker_redirected_to_one_off( ['.edit_service_template'], None, ), - ( - ['send_messages'], - ['.set_sender'], - None, - ), ( ['send_messages', 'manage_templates'], ['.set_sender', '.edit_service_template'],