From dd2b737d24bb505b45230ba51f8a2f77c38e181e Mon Sep 17 00:00:00 2001
From: Chris Hill-Scott <me@quis.cc>
Date: Fri, 3 Jul 2020 10:00:55 +0100
Subject: [PATCH] Use service_has_permission decorator on inbox

This proves that the decorator works, because the inbox code is already
tested:
https://github.com/alphagov/notifications-admin/blob/bad1e69cc3e658fa8bbd1c16d0ffff36f0548ee9/tests/app/main/views/test_dashboard.py#L353-L367
---
 app/main/views/dashboard.py            | 6 +++---
 app/utils.py                           | 2 ++
 tests/app/main/views/test_dashboard.py | 1 +
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/main/views/dashboard.py b/app/main/views/dashboard.py
index 890312cd6..2bca2afd8 100644
--- a/app/main/views/dashboard.py
+++ b/app/main/views/dashboard.py
@@ -33,6 +33,7 @@ from app.utils import (
     generate_next_dict,
     generate_previous_dict,
     get_current_financial_year,
+    service_has_permission,
     user_has_permissions,
 )
 
@@ -170,6 +171,7 @@ def monthly(service_id):
 
 @main.route("/services/<uuid:service_id>/inbox")
 @user_has_permissions('view_activity')
+@service_has_permission('inbound_sms')
 def inbox(service_id):
 
     return render_template(
@@ -181,6 +183,7 @@ def inbox(service_id):
 
 @main.route("/services/<uuid:service_id>/inbox.json")
 @user_has_permissions('view_activity')
+@service_has_permission('inbound_sms')
 def inbox_updates(service_id):
 
     return jsonify(get_inbox_partials(service_id))
@@ -212,9 +215,6 @@ def inbox_download(service_id):
 
 def get_inbox_partials(service_id):
     page = int(request.args.get('page', 1))
-    if not current_service.has_permission('inbound_sms'):
-        abort(403)
-
     inbound_messages_data = service_api_client.get_most_recent_inbound_sms(service_id, page=page)
     inbound_messages = inbound_messages_data['data']
     if not inbound_messages:
diff --git a/app/utils.py b/app/utils.py
index 0c23d43a9..344050314 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -83,7 +83,9 @@ def user_has_permissions(*permissions, **permission_kwargs):
 
 
 def service_has_permission(permission):
+
     from app import current_service
+
     def wrap(func):
         @wraps(func)
         def wrap_func(*args, **kwargs):
diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py
index 4845f45b2..e4633273f 100644
--- a/tests/app/main/views/test_dashboard.py
+++ b/tests/app/main/views/test_dashboard.py
@@ -396,6 +396,7 @@ def test_view_inbox_updates(
     mocker,
     mock_get_most_recent_inbound_sms_with_no_messages,
 ):
+    service_one['permissions'] += ['inbound_sms']
 
     mock_get_partials = mocker.patch(
         'app.main.views.dashboard.get_inbox_partials',