diff --git a/app/main/views/dashboard.py b/app/main/views/dashboard.py index aef002398..b78fadc13 100644 --- a/app/main/views/dashboard.py +++ b/app/main/views/dashboard.py @@ -12,6 +12,7 @@ from flask_login import login_required from app.main import main from app import ( + current_service, job_api_client, service_api_client, template_statistics_client @@ -139,6 +140,10 @@ def monthly(service_id): @login_required @user_has_permissions('manage_settings', admin_override=True) def inbox(service_id): + + if 'inbound_sms' not in current_service['permissions']: + abort(403) + return render_template( 'views/dashboard/inbox.html', messages=service_api_client.get_inbound_sms(service_id), @@ -178,7 +183,10 @@ def get_dashboard_partials(service_id): ), 'inbox': render_template( 'views/dashboard/_inbox.html', - inbound_sms_summary=service_api_client.get_inbound_sms_summary(service_id), + inbound_sms_summary=( + service_api_client.get_inbound_sms_summary(service_id) + if 'inbound_sms' in current_service['permissions'] else None + ), ), 'totals': render_template( 'views/dashboard/_totals.html', diff --git a/app/templates/views/dashboard/_inbox.html b/app/templates/views/dashboard/_inbox.html index 7cba62016..c79b0888f 100644 --- a/app/templates/views/dashboard/_inbox.html +++ b/app/templates/views/dashboard/_inbox.html @@ -1,19 +1,21 @@ {% from "components/big-number.html" import big_number, big_number_with_status %}
-
- {{ - big_number_with_status( - inbound_sms_summary.count, - 'text messages received', - link=url_for('.inbox', service_id=current_service.id), - show_failures=False - ) - }} -
- {% if inbound_sms_summary.latest_message %} - latest message {{ inbound_sms_summary.latest_message | format_delta }} - {% endif %} + {% if inbound_sms_summary != None %} +
+ {{ + big_number_with_status( + inbound_sms_summary.count, + 'text messages received', + link=url_for('.inbox', service_id=current_service.id), + show_failures=False + ) + }} +
+ {% if inbound_sms_summary.latest_message %} + latest message {{ inbound_sms_summary.latest_message | format_delta }} + {% endif %} +
-
+ {% endif %}
diff --git a/tests/__init__.py b/tests/__init__.py index 9454fe727..19e724a8a 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -55,10 +55,12 @@ def service_json( branding='govuk', created_at=None, letter_contact_block=None, - permissions=[] + permissions=None, ): if users is None: users = [] + if permissions is None: + permissions = [] return { 'id': id_, 'name': name, diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py index 32a2e5319..152d0a9d0 100644 --- a/tests/app/main/views/test_dashboard.py +++ b/tests/app/main/views/test_dashboard.py @@ -79,6 +79,27 @@ def test_get_started_is_hidden_once_templates_exist( assert 'Get started' not in response.get_data(as_text=True) +def test_inbound_messages_not_visible_to_service_without_permissions( + logged_in_client, + service_one, + mock_get_service_templates_when_no_templates_exist, + mock_get_jobs, + mock_get_detailed_service, + mock_get_template_statistics, + mock_get_usage, + mock_get_inbound_sms_summary, +): + + service_one['permissions'] = [] + + response = logged_in_client.get(url_for('main.service_dashboard', service_id=SERVICE_ONE_ID)) + page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') + + assert response.status_code == 200 + assert not page.select('.big-number-meta-wrapper') + assert mock_get_inbound_sms_summary.called is False + + @pytest.mark.parametrize('inbound_summary_mock, expected_text', [ (mock_get_inbound_sms_summary_with_no_messages, '0 text messages received'), (mock_get_inbound_sms_summary, '99 text messages received latest message just now'), @@ -86,6 +107,7 @@ def test_get_started_is_hidden_once_templates_exist( def test_inbound_messages_shows_count_of_messages( logged_in_client, mocker, + service_one, mock_get_service_templates_when_no_templates_exist, mock_get_jobs, mock_get_detailed_service, @@ -95,6 +117,7 @@ def test_inbound_messages_shows_count_of_messages( expected_text, ): + service_one['permissions'] = ['inbound_sms'] inbound_summary_mock(mocker) response = logged_in_client.get(url_for('main.service_dashboard', service_id=SERVICE_ONE_ID)) @@ -116,7 +139,7 @@ def test_inbound_messages_shows_count_of_messages( ])) def test_inbox_showing_inbound_messages( logged_in_client, - mocker, + service_one, mock_get_service_templates_when_no_templates_exist, mock_get_jobs, mock_get_detailed_service, @@ -127,6 +150,8 @@ def test_inbox_showing_inbound_messages( expected_row, ): + service_one['permissions'] = ['inbound_sms'] + response = logged_in_client.get(url_for('main.inbox', service_id=SERVICE_ONE_ID)) page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') @@ -138,7 +163,7 @@ def test_inbox_showing_inbound_messages( def test_empty_inbox( logged_in_client, - mocker, + service_one, mock_get_service_templates_when_no_templates_exist, mock_get_jobs, mock_get_detailed_service, @@ -147,6 +172,8 @@ def test_empty_inbox( mock_get_inbound_sms_with_no_messages, ): + service_one['permissions'] = ['inbound_sms'] + response = logged_in_client.get(url_for('main.inbox', service_id=SERVICE_ONE_ID)) page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') @@ -156,6 +183,16 @@ def test_empty_inbox( ) +def test_inbox_not_accessible_to_service_without_permissions( + logged_in_client, + service_one, +): + service_one['permissions'] = [] + response = logged_in_client.get(url_for('main.inbox', service_id=SERVICE_ONE_ID)) + + assert response.status_code == 403 + + def test_should_show_recent_templates_on_dashboard( logged_in_client, mocker, @@ -759,11 +796,12 @@ def test_should_show_all_jobs_with_valid_statuses( logged_in_client, mock_get_template_statistics, mock_get_detailed_service, + mock_get_service_templates_when_no_templates_exist, mock_get_jobs, mock_get_usage, mock_get_inbound_sms_summary, ): - get_dashboard_partials(service_id=SERVICE_ONE_ID) + logged_in_client.get(url_for('main.service_dashboard', service_id=SERVICE_ONE_ID)) first_call = mock_get_jobs.call_args_list[0] # first call - scheduled jobs only