From 93cdaf1811007366308d5eacbcfdaf9977b6ef67 Mon Sep 17 00:00:00 2001
From: Leo Hemsted <leo.hemsted@digital.cabinet-office.gov.uk>
Date: Mon, 31 Oct 2016 18:01:31 +0000
Subject: [PATCH] allow users to see letters even if they dont have edit
 permissions

same way as we handle seeing emails/sms
---
 app/main/views/letters.py             |  1 -
 tests/app/main/views/test_letters.py  | 26 ++------------------------
 tests/app/main/views/test_main_nav.py | 18 ++++++++++++++++++
 3 files changed, 20 insertions(+), 25 deletions(-)

diff --git a/app/main/views/letters.py b/app/main/views/letters.py
index 4c8e1bd12..bf268a12e 100644
--- a/app/main/views/letters.py
+++ b/app/main/views/letters.py
@@ -8,7 +8,6 @@ from app.utils import user_has_permissions
 
 @main.route("/services/<service_id>/letters")
 @login_required
-@user_has_permissions('manage_templates', 'send_letters', admin_override=True, any_=True)
 def letters(service_id):
     if not current_service['can_send_letters']:
         abort(403)
diff --git a/tests/app/main/views/test_letters.py b/tests/app/main/views/test_letters.py
index 8eef4599a..0051d3df3 100644
--- a/tests/app/main/views/test_letters.py
+++ b/tests/app/main/views/test_letters.py
@@ -17,30 +17,7 @@ def test_letters_access_restricted(logged_in_client, mocker, can_send_letters, r
     assert response.status_code == response_code
 
 
-@pytest.mark.parametrize('permission', [
-    'send_letters',
-    'manage_templates'
-])
-def test_letters_lets_in_with_permissions(
-    client,
-    mocker,
-    mock_login,
-    mock_has_permissions,
-    api_user_active,
-    permission,
-):
-    service = service_json(can_send_letters=True)
-    mocker.patch('app.service_api_client.get_service', return_value={"data": service})
-
-    api_user_active._permissions[str(service['id'])] = [permission]
-
-    client.login(api_user_active)
-    response = client.get(url_for('main.letters', service_id=service['id']))
-
-    assert response.status_code == 200
-
-
-def test_letters_rejects_without_permissions(
+def test_letters_lets_in_without_permission(
     client,
     mocker,
     mock_login,
@@ -53,4 +30,5 @@ def test_letters_rejects_without_permissions(
     client.login(api_user_active)
     response = client.get(url_for('main.letters', service_id=service['id']))
 
+    assert api_user_active.permissions == {}
     assert response.status_code == 200
diff --git a/tests/app/main/views/test_main_nav.py b/tests/app/main/views/test_main_nav.py
index f0cf23870..4d4296c42 100644
--- a/tests/app/main/views/test_main_nav.py
+++ b/tests/app/main/views/test_main_nav.py
@@ -24,3 +24,21 @@ def test_cant_see_letters_if_not_allowed(logged_in_client, mocker):
     assert response.status_code == 200
     page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
     assert 'Letter templates' not in page.find('nav', class_='navigation').text
+
+
+def test_can_see_letters_without_permissions(
+    client,
+    mocker,
+    mock_login,
+    mock_has_permissions,
+    api_user_active
+):
+    service = service_json(can_send_letters=True)
+    mocker.patch('app.service_api_client.get_service', return_value={"data": service})
+
+    client.login(api_user_active)
+    response = client.get(url_for('main.service_settings', service_id=service['id']))
+
+    assert response.status_code == 200
+    page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
+    assert 'Letter templates' in page.find('nav', class_='navigation').text