mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-03-01 14:51:04 -05:00
a84705f834
We've added new broadcast roles in the database (`create_broadcasts` and `approve_broadcasts`). Adding these has meant we've needed to do a bit of a rewrite of the roles and permissions code since this had been based on the assumption that each database permission only belongs to one admin role - this is no longer true. This means that flipping the roles dict round to create a dict which contains database permissions as the keys is no longer possible. We can't necessarily tell which admin role someone has given a database permission. To check if a user has an admin role given a list of database permissions, the user must now have ALL the database permissions mapped to that role (instead of just one). This works because no one has the `manage_users` permission without also having the `manage_settings` (and similar for the other admin roles which map to multiple database permissions). Some test data was changed because it was using admin roles where database permissions are actually used when the app is running. I've kept the functionality of the `translate_permissions_from_db_to_admin_roles` function passing through any unknown roles it is passed as an argument. This is not necessary, so can be changed later if we decide it will not ever be used. However, removing it would require updating a lot of tests since the tests rely on this behaviour.