mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-06-03 13:00:03 -04:00
3da9e84ece
At the moment we mostly have `user_has_permissions` execute first. It shouldn’t matter, but it feels right for us to check that a user is logged in before we check their permissions to a service. Otherwise a malicious user could (maybe) check if a service ID belongs to a real service, and go on to do something malicious with that information. This commit adds some extra test code to enforce that the order is always the same. N.B. decorators in Python execute from closest to furthest (from the line on which the function is defined).