Skip to content

Commit

Permalink
fix state admin access to daily rounds (#2203)
Browse files Browse the repository at this point in the history
  • Loading branch information
sainak authored May 28, 2024
1 parent 5c88ca1 commit 51235a9
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
3 changes: 1 addition & 2 deletions care/facility/models/daily_round.py
Original file line number Diff line number Diff line change
Expand Up @@ -589,8 +589,7 @@ def has_object_read_permission(self, request):
request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]
and (
self.consultation.patient.facility
and request.user.state
== self.consultation.patient.facility.district
and request.user.state == self.consultation.patient.facility.state
)
)
)
Expand Down
24 changes: 24 additions & 0 deletions care/facility/tests/test_patient_daily_rounds_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ def setUpTestData(cls) -> None:
cls.local_body = cls.create_local_body(cls.district)
cls.super_user = cls.create_super_user("su", cls.district)
cls.facility = cls.create_facility(cls.super_user, cls.district, cls.local_body)
cls.state_admin = cls.create_user(
"state_admin", cls.district, home_facility=cls.facility, user_type=40
)
cls.district_admin = cls.create_user(
"district_admin", cls.district, home_facility=cls.facility, user_type=30
)
cls.user = cls.create_user("staff1", cls.district, home_facility=cls.facility)
cls.patient = cls.create_patient(district=cls.district, facility=cls.facility)
cls.asset_location = cls.create_asset_location(cls.facility)
Expand Down Expand Up @@ -72,6 +78,24 @@ def test_action_in_log_update(
patient.action, PatientRegistration.ActionEnum.DISCHARGE_RECOMMENDED.value
)

def test_log_update_access_by_state_admin(self):
self.client.force_authenticate(user=self.state_admin)
response = self.client.post(
f"/api/v1/consultation/{self.consultation_with_bed.external_id}/daily_rounds/",
data=self.log_update,
format="json",
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)

def test_log_update_access_by_district_admin(self):
self.client.force_authenticate(user=self.district_admin)
response = self.client.post(
f"/api/v1/consultation/{self.consultation_with_bed.external_id}/daily_rounds/",
data=self.log_update,
format="json",
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)

def test_log_update_without_bed_for_admission(
self,
):
Expand Down

0 comments on commit 51235a9

Please sign in to comment.