From 5b409bd3c3ecb7204c2cba64abcb4e31c0a446e1 Mon Sep 17 00:00:00 2001
From: David McDonald <david.mcdonald@digital.cabinet-office.gov.uk>
Date: Tue, 15 Jun 2021 17:27:21 +0100
Subject: [PATCH] Add test coverage for broadcast status transition

This was mentioned in an old pen test report that you could send a
request twice to set a broadcast message as broadcasting which would
trigger us to send two alerts.

It looks like this is now fixed and this test coverage backs that up.

Note, it's unlikely that it would have been an issue anyway as the CBC
would likely have rejected the message as it would notice it is a
duplicate.

Note, this test coverage is not supposed to be exhaustive of all the
potential transitions but covers the vast majority of ones that we care
about.

See `BroadcastStatusType.ALLOWED_STATUS_TRANSITIONS` for allowed
transitions.
---
 tests/app/broadcast_message/test_rest.py | 27 +++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/tests/app/broadcast_message/test_rest.py b/tests/app/broadcast_message/test_rest.py
index 77185ba48..492d808a0 100644
--- a/tests/app/broadcast_message/test_rest.py
+++ b/tests/app/broadcast_message/test_rest.py
@@ -804,10 +804,31 @@ def test_update_broadcast_message_status_rejects_approval_from_user_not_on_that_
 
 @pytest.mark.parametrize('current_status, new_status', [
     (BroadcastStatusType.DRAFT, BroadcastStatusType.DRAFT),
-    (BroadcastStatusType.BROADCASTING, BroadcastStatusType.PENDING_APPROVAL),
-    (BroadcastStatusType.COMPLETED, BroadcastStatusType.BROADCASTING),
-    (BroadcastStatusType.CANCELLED, BroadcastStatusType.DRAFT),
     (BroadcastStatusType.DRAFT, BroadcastStatusType.BROADCASTING),
+    (BroadcastStatusType.DRAFT, BroadcastStatusType.CANCELLED),
+
+    (BroadcastStatusType.PENDING_APPROVAL, BroadcastStatusType.PENDING_APPROVAL),
+    (BroadcastStatusType.PENDING_APPROVAL, BroadcastStatusType.CANCELLED),
+    (BroadcastStatusType.PENDING_APPROVAL, BroadcastStatusType.COMPLETED),
+
+    (BroadcastStatusType.REJECTED, BroadcastStatusType.REJECTED),
+    (BroadcastStatusType.REJECTED, BroadcastStatusType.BROADCASTING),
+    (BroadcastStatusType.REJECTED, BroadcastStatusType.CANCELLED),
+    (BroadcastStatusType.REJECTED, BroadcastStatusType.COMPLETED),
+
+    (BroadcastStatusType.BROADCASTING, BroadcastStatusType.DRAFT),
+    (BroadcastStatusType.BROADCASTING, BroadcastStatusType.PENDING_APPROVAL),
+    (BroadcastStatusType.BROADCASTING, BroadcastStatusType.BROADCASTING),
+
+    (BroadcastStatusType.COMPLETED, BroadcastStatusType.DRAFT),
+    (BroadcastStatusType.COMPLETED, BroadcastStatusType.PENDING_APPROVAL),
+    (BroadcastStatusType.COMPLETED, BroadcastStatusType.BROADCASTING),
+    (BroadcastStatusType.COMPLETED, BroadcastStatusType.CANCELLED),
+
+    (BroadcastStatusType.CANCELLED, BroadcastStatusType.DRAFT),
+    (BroadcastStatusType.CANCELLED, BroadcastStatusType.PENDING_APPROVAL),
+    (BroadcastStatusType.CANCELLED, BroadcastStatusType.BROADCASTING),
+    (BroadcastStatusType.CANCELLED, BroadcastStatusType.COMPLETED),
 ])
 def test_update_broadcast_message_status_restricts_status_transitions_to_explicit_list(
     admin_request,