Merge pull request #2158 from uktrade/uat

prod release

api/applications/caseworker/permissions.py

@@ -21,6 +21,9 @@ def has_object_permission(self, request, view, application):
         if new_status == CaseStatusEnum.APPLICANT_EDITING:
             return False
 
+        if new_status == CaseStatusEnum.SUPERSEDED_BY_EXPORTER_EDIT:
+            return False
+
         if CaseStatusEnum.is_terminal(original_status) and not user.has_permission(GovPermissions.REOPEN_CLOSED_CASES):
             return False
 

api/applications/caseworker/tests/test_permissions.py

@@ -62,10 +62,11 @@ def test_has_object_permission_original_status_terminal_user_permitted(self, ori
         mock_request.data = {"status": CaseStatusEnum.OGD_ADVICE}
         assert self.permission_obj.has_object_permission(mock_request, None, self.application) is True
 
-    def test_has_object_permission_new_status_applicant_editing(self):
+    @parameterized.expand([CaseStatusEnum.APPLICANT_EDITING, CaseStatusEnum.SUPERSEDED_BY_EXPORTER_EDIT])
+    def test_has_object_permission_new_status_disallowed(self, new_status):
         mock_request = mock.Mock()
         mock_request.user = self.gov_user.baseuser_ptr
-        mock_request.data = {"status": CaseStatusEnum.APPLICANT_EDITING}
+        mock_request.data = {"status": new_status}
         assert self.permission_obj.has_object_permission(mock_request, None, self.application) is False
 
     def test_has_object_permission_new_status_finalised_user_permitted(self):

api/applications/libraries/application_helpers.py

@@ -1,18 +1,9 @@
-from django.http import JsonResponse
-
-from rest_framework import status
-from rest_framework.exceptions import PermissionDenied
-
 from api.audit_trail import service as audit_trail_service
 from api.audit_trail.enums import AuditType
-from api.cases.enums import CaseTypeSubTypeEnum
 from api.core.constants import GovPermissions
 from api.core.permissions import assert_user_has_permission
 from api.staticdata.statuses.enums import CaseStatusEnum
-from api.organisations.libraries.get_organisation import get_request_user_organisation_id
 from api.users.models import GovUser
-from lite_content.lite_api import strings
-from lite_routing.routing_rules_internal.enums import TeamIdEnum
 
 
 def optional_str_to_bool(optional_string: str):
@@ -26,27 +17,6 @@ def optional_str_to_bool(optional_string: str):
         raise ValueError("You provided " + optional_string + ', while the allowed values are None, "true" or "false"')
 
 
-# TODO: After release of LTD-5225, remove this function alongside legacy ApplicationManageStatus view
-def can_status_be_set_by_exporter_user(original_status: str, new_status: str) -> bool:
-    """Check that a status can be set by an exporter user. Exporter users cannot withdraw an application
-    that is already in a terminal state and they cannot set an application to `Applicant editing` if the
-    application is read only.
-    """
-    if new_status == CaseStatusEnum.WITHDRAWN:
-        if CaseStatusEnum.is_terminal(original_status):
-            return False
-    elif new_status == CaseStatusEnum.SURRENDERED:
-        if original_status != CaseStatusEnum.FINALISED:
-            return False
-    elif CaseStatusEnum.can_invoke_major_edit(original_status) and new_status == CaseStatusEnum.APPLICANT_EDITING:
-        return True
-    elif CaseStatusEnum.is_read_only(original_status) or new_status != CaseStatusEnum.APPLICANT_EDITING:
-        return False
-
-    return True
-
-
-# TODO: After release of LTD-5225, remove this function alongside legacy ApplicationManageStatus view
 def can_status_be_set_by_gov_user(user: GovUser, original_status: str, new_status: str, is_mod: bool) -> bool:
     """
     Check that a status can be set by a gov user. Gov users can not set a case's status to
@@ -91,51 +61,3 @@ def create_submitted_audit(user, application, old_status: str, additional_payloa
         ignore_case_status=True,
         send_notification=False,
     )
-
-
-# TODO: After release of LTD-5225, remove this function alongside legacy ApplicationManageStatus view
-def check_user_can_set_status(request, application, data):
-    """
-    Checks whether an user (internal/exporter) can set the requested status
-    Returns error response if user cannot set the status, None otherwise
-    """
-    if hasattr(request.user, "exporteruser"):
-        if get_request_user_organisation_id(request) != application.organisation.id:
-            raise PermissionDenied()
-
-        if data["status"] == CaseStatusEnum.FINALISED:
-            return JsonResponse(
-                data={"errors": [strings.Applications.Generic.Finalise.Error.SET_FINALISED]},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
-        if not can_status_be_set_by_exporter_user(application.status.status, data["status"]):
-            return JsonResponse(
-                data={"errors": [strings.Applications.Generic.Finalise.Error.EXPORTER_SET_STATUS]},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-    elif hasattr(request.user, "govuser"):
-        gov_user = request.user.govuser
-
-        if data["status"] == CaseStatusEnum.FINALISED:
-            lu_user = str(gov_user.team.id) == TeamIdEnum.LICENSING_UNIT
-            if lu_user and assert_user_has_permission(gov_user, GovPermissions.MANAGE_LICENCE_FINAL_ADVICE):
-                return None
-
-            return JsonResponse(
-                data={"errors": [strings.Applications.Generic.Finalise.Error.SET_FINALISED]},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
-        is_licence_application = application.case_type.sub_type != CaseTypeSubTypeEnum.EXHIBITION
-        if not can_status_be_set_by_gov_user(
-            gov_user, application.status.status, data["status"], is_licence_application
-        ):
-            return JsonResponse(
-                data={"errors": [strings.Applications.Generic.Finalise.Error.GOV_SET_STATUS]},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-    else:
-        return JsonResponse(data={"errors": ["Invalid user type"]}, status=status.HTTP_401_UNAUTHORIZED)
-
-    return None