From 647daa6ca40c07773bf07412c90c6b8b3cbb7eb3 Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Mon, 3 Jun 2019 13:29:28 +0100 Subject: [PATCH] Make organisation settings platform admin only MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit At the moment the only setting that a normal organisation team member can change is the name of the organisation is its name. And we don’t even want them to be able to change this. So this commit hides the settings page entirely for non-platform-admin users. --- app/main/views/organisations.py | 4 ++-- .../views/organisations/test_organisation.py | 20 ++++++------------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/app/main/views/organisations.py b/app/main/views/organisations.py index 58c8e3b48..cefbcdd60 100644 --- a/app/main/views/organisations.py +++ b/app/main/views/organisations.py @@ -180,7 +180,7 @@ def cancel_invited_org_user(org_id, invited_user_id): @main.route("/organisations//settings/", methods=['GET']) @login_required -@user_has_permissions() +@user_is_platform_admin def organisation_settings(org_id): email_branding = 'GOV.UK' @@ -206,7 +206,7 @@ def organisation_settings(org_id): @main.route("/organisations//settings/edit-name", methods=['GET', 'POST']) @login_required -@user_has_permissions() +@user_is_platform_admin def edit_organisation_name(org_id): form = RenameOrganisationForm() diff --git a/tests/app/main/views/organisations/test_organisation.py b/tests/app/main/views/organisations/test_organisation.py index e3c2964c6..416ad52e2 100644 --- a/tests/app/main/views/organisations/test_organisation.py +++ b/tests/app/main/views/organisations/test_organisation.py @@ -161,24 +161,16 @@ def test_organisation_trial_mode_services_doesnt_work_if_not_platform_admin( ) -def test_organisation_settings( +def test_organisation_settings_platform_admin_only( client_request, mock_get_organisation, organisation_one ): - expected_rows = [ - 'Label Value Action', - 'Organisation name Org 1 Change', - ] - - page = client_request.get('.organisation_settings', org_id=organisation_one['id']) - - assert page.find('h1').text == 'Settings' - rows = page.select('tr') - assert len(rows) == len(expected_rows) - for index, row in enumerate(expected_rows): - assert row == " ".join(rows[index].text.split()) - mock_get_organisation.assert_called_with(organisation_one['id']) + client_request.get( + '.organisation_settings', + org_id=organisation_one['id'], + _expected_status=403, + ) def test_organisation_settings_for_platform_admin(