Don’t let people actually start a letter job

Who knows what would happen if a job with a letter template actually got into the database. `403`ing the page is a quick and dirty hack to stop this from happening.
2026-04-03 00:50:29 -04:00 · 2016-11-08 13:10:38 +00:00
parent 0c5a224fef
commit 70eec8fe73
3 changed files with 50 additions and 0 deletions
--- a/app/main/views/send.py
+++ b/app/main/views/send.py
@@ -310,6 +310,14 @@ def start_job(service_id, upload_id):

    session.pop('upload_data')

+    template = service_api_client.get_service_template(
+        service_id,
+        upload_data.get('template_id')
+    )['data']
+
+    if template['template_type'] == 'letter':
+        abort(403)
+
    job_api_client.create_job(
        upload_id,
        service_id,
--- a/tests/app/main/views/test_send.py
+++ b/tests/app/main/views/test_send.py
@@ -405,6 +405,33 @@ def test_create_job_should_call_api(
    )


+def test_cant_start_letters_job(
+    app_,
+    client,
+    service_one,
+    mock_get_service,
+    active_user_with_permissions,
+    mock_create_job,
+    mock_get_service_letter_template,
+    mocker,
+    fake_uuid
+):
+    client.login(active_user_with_permissions, mocker, service_one)
+    with client.session_transaction() as session:
+        session['upload_data'] = {
+            'original_file_name': 'example.csv',
+            'template_id': fake_uuid,
+            'notification_count': 123,
+            'valid': True
+        }
+    response = client.post(
+        url_for('main.start_job', service_id=fake_uuid, upload_id=fake_uuid),
+        data={}
+    )
+    assert response.status_code == 403
+    mock_create_job.assert_not_called()
+
+
 def test_check_messages_should_revalidate_file_when_uploading_file(
    app_,
    service_one,
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -335,6 +335,21 @@ def mock_get_service_email_template(mocker):
        'app.service_api_client.get_service_template', side_effect=_create)


+@pytest.fixture(scope='function')
+def mock_get_service_letter_template(mocker):
+    def _create(service_id, template_id):
+        template = template_json(
+            service_id,
+            template_id,
+            "Two week reminder",
+            "letter",
+            "Your vehicle tax is about to expire", "Subject")
+        return {'data': template}
+
+    return mocker.patch(
+        'app.service_api_client.get_service_template', side_effect=_create)
+
+
@pytest.fixture(scope='function')
 def mock_create_service_template(mocker, fake_uuid):
    def _create(name, type_, content, service, subject=None):