diff --git a/app/main/views/dashboard.py b/app/main/views/dashboard.py index 890312cd6..2bca2afd8 100644 --- a/app/main/views/dashboard.py +++ b/app/main/views/dashboard.py @@ -33,6 +33,7 @@ from app.utils import ( generate_next_dict, generate_previous_dict, get_current_financial_year, + service_has_permission, user_has_permissions, ) @@ -170,6 +171,7 @@ def monthly(service_id): @main.route("/services//inbox") @user_has_permissions('view_activity') +@service_has_permission('inbound_sms') def inbox(service_id): return render_template( @@ -181,6 +183,7 @@ def inbox(service_id): @main.route("/services//inbox.json") @user_has_permissions('view_activity') +@service_has_permission('inbound_sms') def inbox_updates(service_id): return jsonify(get_inbox_partials(service_id)) @@ -212,9 +215,6 @@ def inbox_download(service_id): def get_inbox_partials(service_id): page = int(request.args.get('page', 1)) - if not current_service.has_permission('inbound_sms'): - abort(403) - inbound_messages_data = service_api_client.get_most_recent_inbound_sms(service_id, page=page) inbound_messages = inbound_messages_data['data'] if not inbound_messages: diff --git a/app/utils.py b/app/utils.py index 0c23d43a9..344050314 100644 --- a/app/utils.py +++ b/app/utils.py @@ -83,7 +83,9 @@ def user_has_permissions(*permissions, **permission_kwargs): def service_has_permission(permission): + from app import current_service + def wrap(func): @wraps(func) def wrap_func(*args, **kwargs): diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py index 4845f45b2..e4633273f 100644 --- a/tests/app/main/views/test_dashboard.py +++ b/tests/app/main/views/test_dashboard.py @@ -396,6 +396,7 @@ def test_view_inbox_updates( mocker, mock_get_most_recent_inbound_sms_with_no_messages, ): + service_one['permissions'] += ['inbound_sms'] mock_get_partials = mocker.patch( 'app.main.views.dashboard.get_inbox_partials',