From 3f663daafe325e3d21b7206f3a5d1ae341b8afdb Mon Sep 17 00:00:00 2001
From: Leo Hemsted <leo.hemsted@digital.cabinet-office.gov.uk>
Date: Wed, 28 Jun 2017 17:03:12 +0100
Subject: [PATCH] redacting a template now 400s if no updated_by_id supplied

---
 app/template/rest.py            | 21 +++++++++++++++------
 tests/app/template/test_rest.py | 13 +++++++++----
 2 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/app/template/rest.py b/app/template/rest.py
index 867ecad8e..d4f7c4e64 100644
--- a/app/template/rest.py
+++ b/app/template/rest.py
@@ -59,12 +59,8 @@ def update_template(service_id, template_id):
     data = request.get_json()
 
     # if redacting, don't update anything else
-    if data.get('redact_personalisation') is True and 'updated_by_id' in data:
-        # we also don't need to check what was passed in redact_personalisation - its presence in the dict is enough.
-        # also, only
-        if not fetched_template.redact_personalisation:
-            dao_redact_template(fetched_template, data['updated_by_id'])
-        return 'null', 200
+    if data.get('redact_personalisation') is True:
+        return redact_template(fetched_template, data)
 
     current_data = dict(template_schema.dump(fetched_template).data.items())
     updated_template = dict(template_schema.dump(fetched_template).data.items())
@@ -143,3 +139,16 @@ def _template_has_not_changed(current_data, updated_template):
         current_data[key] == updated_template[key]
         for key in ('name', 'content', 'subject', 'archived', 'process_type')
     )
+
+
+def redact_template(template, data):
+    # we also don't need to check what was passed in redact_personalisation - its presence in the dict is enough.
+    if 'updated_by_id' not in data:
+        message = 'Field is required'
+        errors = {'updated_by_id': [message]}
+        raise InvalidRequest(errors, status_code=400)
+
+    # if it's already redacted, then just return 200 straight away.
+    if not template.redact_personalisation:
+        dao_redact_template(template, data['updated_by_id'])
+    return 'null', 200
diff --git a/tests/app/template/test_rest.py b/tests/app/template/test_rest.py
index a8646feb8..07db2b020 100644
--- a/tests/app/template/test_rest.py
+++ b/tests/app/template/test_rest.py
@@ -617,15 +617,20 @@ def test_update_redact_template_does_nothing_if_already_redacted(admin_request,
     assert sample_template.template_redacted.updated_at == dt
 
 
-
-def test_update_redact_template_does_nothing_if_no_updated_by(admin_request, sample_template):
+def test_update_redact_template_400s_if_no_updated_by(admin_request, sample_template):
     original_updated_time = sample_template.template_redacted.updated_at
-    admin_request.post(
+    resp = admin_request.post(
         'template.update_template',
         service_id=sample_template.service_id,
         template_id=sample_template.id,
-        _data={'redact_personalisation': True}
+        _data={'redact_personalisation': True},
+        _expected_status=400
     )
 
+    assert resp == {
+        'result': 'error',
+        'message': {'updated_by_id': ['Field is required']}
+    }
+
     assert sample_template.redact_personalisation is False
     assert sample_template.template_redacted.updated_at == original_updated_time