From 19e37f2cb74a5b51132e9573d54de44d9421e36b Mon Sep 17 00:00:00 2001 From: Oliwia Zaremba Date: Thu, 20 Jul 2023 15:51:20 +0200 Subject: [PATCH] Make the detail view of provider request always accessible for admins --- apps/accounts/tests/test_provider_request.py | 15 +++++++++++++++ apps/accounts/views.py | 6 ++++++ 2 files changed, 21 insertions(+) diff --git a/apps/accounts/tests/test_provider_request.py b/apps/accounts/tests/test_provider_request.py index 21c48e7e..f5f65e0e 100644 --- a/apps/accounts/tests/test_provider_request.py +++ b/apps/accounts/tests/test_provider_request.py @@ -247,6 +247,21 @@ def test_detail_view_accessible_by_creator(client): assert response.context_data["providerrequest"] == pr +@pytest.mark.django_db +@override_flag("provider_request", active=True) +def test_detail_view_accessible_by_admin(client, greenweb_staff_user): + # given: provider request exists + pr = ProviderRequestFactory.create() + + # when: accessing its detail view by greenweb_staff_user + client.force_login(greenweb_staff_user) + response = client.get(urls.reverse("provider_request_detail", args=[str(pr.id)])) + + # then: page for the correct provider request is rendered + assert response.status_code == 200 + assert response.context_data["providerrequest"] == pr + + @pytest.mark.django_db @override_flag("provider_request", active=True) def test_detail_view_forbidden_for_others(client, user): diff --git a/apps/accounts/views.py b/apps/accounts/views.py index c5145a91..c1effc40 100644 --- a/apps/accounts/views.py +++ b/apps/accounts/views.py @@ -213,6 +213,12 @@ class ProviderRequestDetailView(LoginRequiredMixin, WaffleFlagMixin, DetailView) model = ProviderRequest def get_queryset(self) -> "QuerySet[ProviderRequest]": + """ + Admins can retrieve any ProviderRequest object, + regular users can only retrieve objects that they created. + """ + if self.request.user.is_admin: + return ProviderRequest.objects.all() return ProviderRequest.objects.filter(created_by=self.request.user)