Reviewer cannot access unaproved comments - Bug Fix (#1981)

bcgov · Aug 9, 2023 · bf30746 · bf30746
1 parent b7945e3
commit bf30746
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/met-api/src/met_api/services/comment_service.py b/met-api/src/met_api/services/comment_service.py
@@ -3,6 +3,7 @@
 from datetime import datetime
 
 from met_api.constants.comment_status import Status
+from met_api.constants.membership_type import MembershipType
 from met_api.models import Survey as SurveyModel
 from met_api.models.comment import Comment
 from met_api.models.membership import Membership as MembershipModel
@@ -66,7 +67,11 @@ def can_view_unapproved_comments(survey_id: int) -> bool:
             return False
 
         memberships = MembershipModel.find_by_engagement_and_user_id(engagement.engagement_id, user.id)
-        return bool(memberships)
+
+        # only Team member can view unapproved comments.Reviewer cant see unapproved comments.
+        has_team_member = any(membership.type == MembershipType.TEAM_MEMBER for membership in memberships)
+
+        return has_team_member
 
     @classmethod
     def get_comments_paginated(cls, survey_id, pagination_options: PaginationOptions, search_text=''):

diff --git a/met-api/tests/unit/api/test_submission.py b/met-api/tests/unit/api/test_submission.py
@@ -21,6 +21,7 @@
 
 import pytest
 
+from met_api.constants.membership_type import MembershipType
 from met_api.utils.enums import ContentType
 from tests.utilities.factory_scenarios import TestJwtClaims, TestSubmissionInfo
 from tests.utilities.factory_utils import (
@@ -116,15 +117,25 @@ def test_get_comment_filtering(client, jwt, session):  # pylint:disable=unused-a
     assert rv.status_code == 200
     assert len(rv.json.get('items')) == 2, 'Admin user can see unapproved and unapproved comments'
 
-    # create membership for the public user and see
+    # create membership for the reviewer user and see
     user = factory_staff_user_model()
-    factory_membership_model(user_id=user.id, engagement_id=eng.id)
-    claims = copy.deepcopy(TestJwtClaims.public_user_role.value)
+    factory_membership_model(user_id=user.id, engagement_id=eng.id, member_type=MembershipType.REVIEWER.name)
+    claims = copy.deepcopy(TestJwtClaims.reviewer_role.value)
     claims['sub'] = str(user.external_id)
     headers = factory_auth_header(jwt=jwt, claims=claims)
     rv = client.get(f'/api/submissions/survey/{survey.id}', headers=headers, content_type=ContentType.JSON.value)
     assert rv.status_code == 200
-    assert len(rv.json.get('items')) == 2, 'Publc user with team membership can see unapproved and unapproved comments'
+    assert len(rv.json.get('items')) == 1, 'Reviewer with reviewer team membership can see only approved comments'
+
+    # create membership for the team member and see
+    user = factory_staff_user_model()
+    factory_membership_model(user_id=user.id, engagement_id=eng.id, member_type=MembershipType.TEAM_MEMBER.name)
+    claims = copy.deepcopy(TestJwtClaims.team_member_role.value)
+    claims['sub'] = str(user.external_id)
+    headers = factory_auth_header(jwt=jwt, claims=claims)
+    rv = client.get(f'/api/submissions/survey/{survey.id}', headers=headers, content_type=ContentType.JSON.value)
+    assert rv.status_code == 200
+    assert len(rv.json.get('items')) == 2, 'Team Member with team membership can see unapproved and unapproved comments'
 
 
 def test_invalid_submission(client, jwt, session):  # pylint:disable=unused-argument