Skip to content

Commit

Permalink
ECIL-624 Remove search_all_cases permission.
Browse files Browse the repository at this point in the history
  • Loading branch information
@MattHolmes123
MattHolmes123 committed Feb 25, 2025
1 parent 35d763e commit 286528e
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 43 deletions.
12 changes: 0 additions & 12 deletions web/management/commands/create_icms_groups.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,6 @@ def get_groups():
Perms.sys.edit_firearm_authorities,
Perms.sys.edit_section_5_firearm_authorities,
Perms.sys.commodity_admin,
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_export_cases,
Perms.sys.search_import_cases,
Perms.sys.access_reports,
Expand Down Expand Up @@ -83,17 +81,13 @@ def get_groups():
Perms.page.view_report_firearms_licences,
Perms.page.view_report_supplementary_firearms,
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
Perms.sys.access_reports,
],
StaffUserGroups.HOME_OFFICE_CASE_OFFICER.value: {
# Page permissions
Perms.page.view_import_case_search,
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
Perms.sys.importer_regulator,
Perms.sys.edit_section_5_firearm_authorities,
Expand All @@ -109,8 +103,6 @@ def get_groups():
Perms.sys.importer_admin,
Perms.sys.commodity_admin,
Perms.sys.manage_sanction_contacts,
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
Perms.sys.access_reports,
Perms.page.view_report_import_licences,
Expand All @@ -133,8 +125,6 @@ def get_groups():
Perms.page.view_import_case_search,
#
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
},
StaffUserGroups.EXPORT_SEARCH_USER.value: {
Expand All @@ -143,8 +133,6 @@ def get_groups():
Perms.page.view_export_case_search,
#
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_export_cases,
},
"ICMS Admin Site User": {
Expand Down
69 changes: 69 additions & 0 deletions web/migrations/0059_alter_globalpermission_options.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# Generated by Django 5.1.5 on 2025-02-25 11:38

from django.db import migrations


class Migration(migrations.Migration):

dependencies = [
("web", "0058_alter_globalpermission_options"),
]

operations = [
migrations.AlterModelOptions(
name="globalpermission",
options={
"default_permissions": [],
"managed": False,
"permissions": [
("can_view_permission_harness", "Can view the permission test harness"),
("can_view_l10n_harness", "Can view the L10N test harness"),
("can_view_importer_details", "Can view the importer details list page."),
("can_view_exporter_details", "Can view the exporter details list page."),
("can_view_import_case_search", "Can view search import applications page"),
(
"can_view_export_case_search",
"Can view search certificate applications page",
),
("view_imi", "Can view IMI pages."),
(
"can_view_documents_constabulary",
"Can view issued documents within constabulary region page",
),
("can_view_report_issued_certificates", "Can view Issued Certificate Report"),
("can_view_report_access_requests", "Can view Access Requests Report"),
("can_view_report_import_licences", "Can view Import Licences Report"),
(
"can_view_report_supplementary_firearms",
"Can view Supplementary Firearms Report",
),
("can_view_report_firearms_licences", "Can view Firearms Licences Report"),
("can_view_report_active_users", "Can view Active Users Report"),
(
"can_view_one_login_test_account_setup",
"Can view One Login Test Account Setup",
),
("importer_access", "Can act as an importer"),
("exporter_access", "Can act as an exporter"),
("ilb_admin", "Is an ILB administrator"),
("sanctions_case_officer", "Is a sanctions caseworker"),
("importer_regulator", "Is an Importer Regulator"),
("importer_admin", "Can manage Importer records."),
("exporter_admin", "Can manage Exporter records."),
("commodity_admin", "Is a commodity administrator"),
("manage_sanction_contacts", "Manage sanction email contacts"),
("manage_signatures", "Manage signatures"),
("access_reports", "Access reports"),
("edit_firearm_authorities", "Can edit Importer Verified Firearms Authorities"),
(
"edit_section_5_firearm_authorities",
"Can edit Importer Verified Section 5 Firearm Authorities",
),
("search_import_cases", "Can search across all import cases."),
("search_export_cases", "Can search across all export cases."),
("is_icms_data_admin", "Can maintain data in the ICMS admin site."),
("view_ecil_prototype", "Can view ECIL prototype."),
],
},
),
]
2 changes: 0 additions & 2 deletions web/permissions/perms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,6 @@ class SysPerms(PermissionTextChoice):
"web.edit_section_5_firearm_authorities",
"Can edit Importer Verified Section 5 Firearm Authorities",
)
# TODO: ECIL-624 Remove search_all_cases
search_all_cases = ("web.search_all_cases", "Can search across all cases.")
search_import_cases = ("web.search_import_cases", "Can search across all import cases.")
search_export_cases = ("web.search_export_cases", "Can search across all export cases.")
is_icms_data_admin = "web.is_icms_data_admin", "Can maintain data in the ICMS admin site."
Expand Down
28 changes: 3 additions & 25 deletions web/permissions/service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,35 +94,13 @@ def can_view(self):
return True

is_import_app = self.app.is_import_application()
can_search_all_cases = self.user.has_perm(Perms.sys.search_all_cases)

# TODO: ECIL-624 Use this logic when search_all_cases has been removed.
# # Logic for users who can search all import applications e.g. NCA Case Officers
# if is_import_app and self.user.has_perm(Perms.sys.search_import_cases):
# return True
#
# # Logic for users who can search all export applications e.g. Export Search User
# if not is_import_app and self.user.has_perm(Perms.sys.search_export_cases):
# return True

# TODO: ECIL-546
# Split Perms.sys.search_all_cases in to the following to simplify can_view logic:
# - Perms.sys.search_all_import_cases
# - Perms.sys.search_all_export_cases

# Logic for users who can search all import applications e.g. NCA Case Officers
if (
is_import_app
and can_search_all_cases
and self.user.has_perm(Perms.page.view_import_case_search)
):
if is_import_app and self.user.has_perm(Perms.sys.search_import_cases):
return True

# Logic for users who can search all export applications e.g. Export Search User
if (
not is_import_app
and can_search_all_cases
and self.user.has_perm(Perms.page.view_export_case_search)
):
if not is_import_app and self.user.has_perm(Perms.sys.search_export_cases):
return True

if not self.has_org_access:
Expand Down
6 changes: 2 additions & 4 deletions web/utils/search/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,7 @@ def get_order_by_datetime(case_type: str) -> Any:
def get_user_import_applications(user: User) -> models.QuerySet[ImportApplication]:
"""Returns Import Applications the user has access to."""

# TODO: ECIL-624 Remove search_all_cases
if user.has_perm(Perms.sys.search_all_cases) or user.has_perm(Perms.sys.search_import_cases):
if user.has_perm(Perms.sys.search_import_cases):
return ImportApplication.objects.all()

perms_to_check = [
Expand Down Expand Up @@ -60,8 +59,7 @@ def get_user_import_applications(user: User) -> models.QuerySet[ImportApplicatio
def get_user_export_applications(user: User) -> models.QuerySet[ExportApplication]:
"""Returns Export Applications the user has access to."""

# TODO: ECIL-624 Remove search_all_cases
if user.has_perm(Perms.sys.search_all_cases) or user.has_perm(Perms.sys.search_export_cases):
if user.has_perm(Perms.sys.search_export_cases):
return ExportApplication.objects.all()

perms_to_check = [
Expand Down

0 comments on commit 286528e

Please sign in to comment.