Add tests to ensure non gov user cannot see, access or create service

tests/app/main/views/test_add_service.py

@@ -1,8 +1,7 @@
 from flask import url_for, session
 from unittest.mock import ANY
 import app
-from app.utils import user_in_whitelist
-from tests.conftest import api_user_active as create_active_user
+from app.utils import is_gov_user
 
 
 def test_get_should_render_add_service_template(app_,
@@ -105,9 +104,23 @@ def test_should_return_form_errors_with_duplicate_service_name_regardless_of_cas
             assert not mock_create_service.called
 
 
-def test_non_whitelist_user_cannot_add_service(app_, mocker, client, fake_uuid):
-    non_whitelist_user = create_active_user(fake_uuid, 'someuser@notonwhitelist.com')
-    client.login(non_whitelist_user, mocker)
-    assert not user_in_whitelist(non_whitelist_user.email_address)
+def test_non_whitelist_user_cannot_access_create_service_page(app_,
+                                                              client,
+                                                              mock_login,
+                                                              mock_get_non_govuser,
+                                                              api_nongov_user_active):
+    client.login(api_nongov_user_active)
+    assert not is_gov_user(api_nongov_user_active.email_address)
     response = client.get(url_for('main.add_service'))
     assert response.status_code == 403
+
+
+def test_non_whitelist_user_cannot_create_service(app_,
+                                                  client,
+                                                  mock_login,
+                                                  mock_get_non_govuser,
+                                                  api_nongov_user_active):
+    client.login(api_nongov_user_active)
+    assert not is_gov_user(api_nongov_user_active.email_address)
+    response = client.post(url_for('main.add_service'), data={'name': 'SERVICE TWO'})
+    assert response.status_code == 403

tests/app/main/views/test_all_services.py

@@ -30,6 +30,17 @@ def test_all_service_returns_403_when_not_a_platform_admin(app_,
             assert response.status_code == 403
 
 
+def test_non_gov_user_cannot_see_add_service_button(app_,
+                                                    client,
+                                                    mock_login,
+                                                    mock_get_non_govuser,
+                                                    api_nongov_user_active):
+    client.login(api_nongov_user_active)
+    response = client.get(url_for('main.choose_service'))
+    assert 'Add a new service' not in response.get_data(as_text=True)
+    assert response.status_code == 200
+
+
 def _login_user(client, mocker, platform_admin_user, service_one):
     mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user)
     client.login(platform_admin_user)

tests/app/main/views/test_manage_users.py

@@ -3,7 +3,7 @@ from flask import url_for
 from bs4 import BeautifulSoup
 import app
 from app.notify_client.models import InvitedUser
-from app.utils import user_in_whitelist
+from app.utils import is_gov_user
 from tests.conftest import service_one as create_sample_service
 
 
@@ -131,7 +131,7 @@ def test_should_show_page_for_inviting_user(
         assert response.status_code == 200
 
 
-@pytest.mark.parametrize('email_address, whitelist_user', [
+@pytest.mark.parametrize('email_address, gov_user', [
     ('test@example.gov.uk', True),
     ('test@nonwhitelist.com', False)
 ])
@@ -141,7 +141,7 @@ def test_invite_user(
         mocker,
         sample_invite,
         email_address,
-        whitelist_user
+        gov_user
 ):
     service = create_sample_service(active_user_with_permissions)
     sample_invite['email_address'] = 'test@example.gov.uk'
@@ -150,7 +150,7 @@ def test_invite_user(
     with app_.test_request_context():
         with app_.test_client() as client:
             client.login(active_user_with_permissions, mocker, service)
-            assert user_in_whitelist(email_address) == whitelist_user
+            assert is_gov_user(email_address) == gov_user
             mocker.patch('app.invite_api_client.get_invites_for_service', return_value=data)
             mocker.patch('app.user_api_client.get_users_for_service', return_value=[active_user_with_permissions])
             mocker.patch('app.invite_api_client.create_invite', return_value=InvitedUser(**sample_invite))

tests/conftest.py

@@ -505,6 +505,24 @@ def api_user_active(fake_uuid, email_address='test@user.gov.uk'):
     return user
 
 
+@pytest.fixture(scope='function')
+def api_nongov_user_active(fake_uuid):
+    from app.notify_client.user_api_client import User
+    user_data = {'id': fake_uuid,
+                 'name': 'Test User',
+                 'password': 'somepassword',
+                 'email_address': 'someuser@notonwhitelist.com',
+                 'mobile_number': '07700 900762',
+                 'state': 'active',
+                 'failed_login_count': 0,
+                 'permissions': {},
+                 'platform_admin': False,
+                 'password_changed_at': str(datetime.utcnow())
+                 }
+    user = User(user_data)
+    return user
+
+
 @pytest.fixture(scope='function')
 def active_user_with_permissions(fake_uuid):
     from app.notify_client.user_api_client import User
@@ -597,6 +615,19 @@ def mock_register_user(mocker, api_user_pending):
     return mocker.patch('app.user_api_client.register_user', side_effect=_register)
 
 
+@pytest.fixture(scope='function')
+def mock_get_non_govuser(mocker, user=None):
+    if user is None:
+        user = api_user_active(fake_uuid(), email_address='someuser@notonwhitelist.com')
+
+    def _get_user(id_):
+        user.id = id_
+        return user
+
+    return mocker.patch(
+        'app.user_api_client.get_user', side_effect=_get_user)
+
+
 @pytest.fixture(scope='function')
 def mock_get_user(mocker, user=None):
     if user is None: