Add permission check in for v2 post notification

2025-12-15 01:32:20 -05:00 · 2017-06-29 11:13:32 +01:00
parent 46a55c1cdb
commit e0fbcb0dc6
4 changed files with 58 additions and 16 deletions
--- a/app/notifications/validators.py
+++ b/app/notifications/validators.py
@@ -73,6 +73,19 @@ def service_can_send_to_recipient(send_to, key_type, service):
        raise BadRequestError(message=message)


+def service_has_permission(service, permission):
+    if permission not in [p.permission for p in service.permissions]:
+        action = 'send'
+        permission_text = permission + 's'
+        if permission == SMS_TYPE:
+            permission_text = 'text messages'
+        elif permission == SCHEDULE_NOTIFICATIONS:
+            action = 'schedule'
+            permission_text = "notifications (this feature is invite-only)"
+
+        raise BadRequestError(message="Cannot {} {}".format(action, permission_text))
+
+
 def validate_and_format_recipient(send_to, key_type, service, notification_type):
    service_can_send_to_recipient(send_to, key_type, service)

@@ -98,12 +111,6 @@ def check_sms_content_char_count(content_count):
        raise BadRequestError(message=message)


-def service_can_schedule_notification(service, scheduled_for):
-    if scheduled_for:
-        if SCHEDULE_NOTIFICATIONS not in [p.permission for p in service.permissions]:
-            raise BadRequestError(message="Cannot schedule notifications (this feature is invite-only)")
-
-
 def validate_template(template_id, personalisation, service, notification_type):
    try:
        template = templates_dao.dao_get_template_by_id_and_service_id(