Don’t respect the whitelist for one off sending

The whitelist was built to help developers and designers making
prototypes to do realistic usability testing of them, without having to
go through the whole go live process.

These users are sending messages using the API. The whitelist wasn’t
made available to users uploading spreadsheets. The users sending one
off messages are similar to those uploading spreadsheets, not those
using the API. Therefore they shouldn’t be able to use the whitelist to
expand the range of recipients they can send to.

Passing the argument through three methods doesn’t feel that great, but
can’t think of a better way without major refactoring…

app/service/send_notification.py

@@ -49,7 +49,8 @@ def send_one_off_notification(service_id, post_data):
         send_to=post_data['to'],
         key_type=KEY_TYPE_NORMAL,
         service=service,
-        notification_type=template.template_type
+        notification_type=template.template_type,
+        allow_whitelisted_recipients=False,
     )
 
     validate_created_by(service, post_data['created_by'])

app/service/utils.py

@@ -26,7 +26,7 @@ def get_whitelist_objects(service_id, request_json):
     ]
 
 
-def service_allowed_to_send_to(recipient, service, key_type):
+def service_allowed_to_send_to(recipient, service, key_type, allow_whitelisted_recipients=True):
     if key_type == KEY_TYPE_TEST:
         return True
 
@@ -38,6 +38,7 @@ def service_allowed_to_send_to(recipient, service, key_type):
     )
     whitelist_members = [
         member.recipient for member in service.whitelist
+        if allow_whitelisted_recipients
     ]
 
     if (