[#1799] Add tests for cms cases-plugin

maykinmedia · Oct 18, 2023 · 750fc75 · 750fc75
1 parent 06227ab
commit 750fc75
Show file tree

Hide file tree

Showing 4 changed files with 399 additions and 107 deletions.
diff --git a/src/open_inwoner/cms/cases/cms_plugins.py b/src/open_inwoner/cms/cases/cms_plugins.py
@@ -7,6 +7,7 @@
 from open_inwoner.openzaak.cases import fetch_cases
 from open_inwoner.openzaak.formapi import fetch_open_submissions
 
+from ..utils.auth import check_user_access_rights, check_user_auth
 from ..utils.plugin_mixins import CMSActiveAppMixin
 
 
@@ -23,10 +24,18 @@ class CasesPlugin(CMSActiveAppMixin, CMSPluginBase):
 
     def render(self, context, instance, placeholder):
         request = context["request"]
+        user = request.user
+
+        if not check_user_auth(user, digid_required=True):
+            context["cases"] = None
+            return context
+
+        raw_cases = [case for case in fetch_cases(user.bsn) if not case.einddatum]
+
+        if not all(check_user_access_rights(user, case.url) for case in raw_cases):
+            context["cases"] = None
+            return context
 
-        raw_cases = [
-            case for case in fetch_cases(request.user.bsn) if not case.einddatum
-        ]
         # TODO
         # preprocessed_cases = preprocess_data(raw_cases)
 

diff --git a/src/open_inwoner/cms/cases/tests/test_plugin_cases.py b/src/open_inwoner/cms/cases/tests/test_plugin_cases.py
@@ -21,8 +21,16 @@ def setUpTestData(cls):
         super().setUpTestData()
         cms_tools.create_apphook_page(CasesApphook)
 
+    def test_cms_plugin_cases_not_rendered_for_anonymous_user(self, m):
+        self.setUpMocks(m)
+
+        html, context = cms_tools.render_plugin(CasesPlugin)
+
+        self.assertIsNone(context["cases"])
+
     def test_cms_plugin_cases_are_rendered(self, m):
-        self._setUpMocks(m)
+        self.setUpMocks(m)
+        self.setUpMocksExtra(m)  # create additional zaken
 
         html, context = cms_tools.render_plugin(CasesPlugin, user=self.user)
 

diff --git a/src/open_inwoner/cms/utils/auth.py b/src/open_inwoner/cms/utils/auth.py
@@ -0,0 +1,22 @@
+import logging
+
+from open_inwoner.openzaak.cases import fetch_roles_for_case_and_bsn
+
+logger = logging.getLogger(__name__)
+
+
+def check_user_auth(user, digid_required: bool = False) -> bool:
+    if not user.is_authenticated:
+        logger.debug("Permission denied: user not authenticated")
+        return False
+    if digid_required and not getattr(user, "bsn", None):
+        logger.debug("Permission denied: user has no BSN")
+        return False
+    return True
+
+
+def check_user_access_rights(user, case_url) -> bool:
+    if not fetch_roles_for_case_and_bsn(case_url, user.bsn):
+        f"Permission denied: no role for the case {case_url}"
+        return False
+    return True