Add private endpoint to get notification by ID

We need this for the two way stuff in the admin app. We already have this as a public endpoint, but the admin app can’t use it, because the admin app auths with its own key, not that of the service it’s acting on behalf of. This endpoint makes sure that a request originating from one service can’t be used to see notifications belonging to another service.
2026-05-27 09:28:03 -04:00 · 2017-06-06 16:21:57 +01:00
parent 43aade9ab5
commit 635fb8fe44
2 changed files with 46 additions and 0 deletions
--- a/app/service/rest.py
+++ b/app/service/rest.py
@@ -300,6 +300,19 @@ def get_all_notifications_for_service(service_id):
    ), 200


+@service_blueprint.route('/<uuid:service_id>/notifications/<uuid:notification_id>', methods=['GET'])
+def get_notification_for_service(service_id, notification_id):
+
+    notification = notifications_dao.get_notification_with_personalisation(
+        service_id,
+        notification_id,
+        key_type=None,
+    )
+    return jsonify(
+        notification_with_template_schema.dump(notification).data,
+    ), 200
+
+
 def search_for_notification_by_to_field(service_id, search_term, statuses):
    results = notifications_dao.dao_get_notifications_by_to_field(service_id, search_term, statuses)
    return jsonify(
--- a/tests/app/service/test_rest.py
+++ b/tests/app/service/test_rest.py
@@ -1248,6 +1248,39 @@ def test_get_all_notifications_for_service_in_order(notify_api, notify_db, notif
        assert response.status_code == 200


+def test_get_notification_for_service(client, notify_db, notify_db_session):
+
+    service_1 = create_service(notify_db, notify_db_session, service_name="1", email_from='1')
+    service_2 = create_service(notify_db, notify_db_session, service_name="2", email_from='2')
+
+    service_1_notifications = [
+        create_sample_notification(notify_db, notify_db_session, service=service_1),
+        create_sample_notification(notify_db, notify_db_session, service=service_1),
+        create_sample_notification(notify_db, notify_db_session, service=service_1),
+    ]
+
+    service_2_notifications = [
+        create_sample_notification(notify_db, notify_db_session, service=service_2)
+    ]
+
+    for notification in service_1_notifications:
+        response = client.get(
+            path='/service/{}/notifications/{}'.format(service_1.id, notification.id),
+            headers=[create_authorization_header()]
+        )
+        resp = json.loads(response.get_data(as_text=True))
+        assert str(resp['id']) == str(notification.id)
+        assert response.status_code == 200
+
+        service_2_response = client.get(
+            path='/service/{}/notifications/{}'.format(service_2.id, notification.id),
+            headers=[create_authorization_header()]
+        )
+        assert service_2_response.status_code == 404
+        service_2_response = json.loads(service_2_response.get_data(as_text=True))
+        assert service_2_response == {'message': 'No result found', 'result': 'error'}
+
+
@pytest.mark.parametrize(
    'include_from_test_key, expected_count_of_notifications',
    [