Skip to content

Commit

Permalink
ECIL-546 Add permissions to replace search_all_cases.
Browse files Browse the repository at this point in the history
  • Loading branch information
@MattHolmes123
MattHolmes123 committed Feb 25, 2025
1 parent 308f095 commit 35d763e
Show file tree
Hide file tree
Showing 5 changed files with 99 additions and 2 deletions.
13 changes: 13 additions & 0 deletions web/management/commands/create_icms_groups.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,10 @@ def get_groups():
Perms.sys.edit_firearm_authorities,
Perms.sys.edit_section_5_firearm_authorities,
Perms.sys.commodity_admin,
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_export_cases,
Perms.sys.search_import_cases,
Perms.sys.access_reports,
],
#
Expand Down Expand Up @@ -80,14 +83,18 @@ def get_groups():
Perms.page.view_report_firearms_licences,
Perms.page.view_report_supplementary_firearms,
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
Perms.sys.access_reports,
],
StaffUserGroups.HOME_OFFICE_CASE_OFFICER.value: {
# Page permissions
Perms.page.view_import_case_search,
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
Perms.sys.importer_regulator,
Perms.sys.edit_section_5_firearm_authorities,
},
Expand All @@ -102,7 +109,9 @@ def get_groups():
Perms.sys.importer_admin,
Perms.sys.commodity_admin,
Perms.sys.manage_sanction_contacts,
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
Perms.sys.access_reports,
Perms.page.view_report_import_licences,
Perms.page.view_report_firearms_licences,
Expand All @@ -124,15 +133,19 @@ def get_groups():
Perms.page.view_import_case_search,
#
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_import_cases,
},
StaffUserGroups.EXPORT_SEARCH_USER.value: {
#
# Page permissions
Perms.page.view_export_case_search,
#
# Sys permissions
# TODO: Remove in ECIL-624
Perms.sys.search_all_cases,
Perms.sys.search_export_cases,
},
"ICMS Admin Site User": {
Perms.sys.is_icms_data_admin,
Expand Down
70 changes: 70 additions & 0 deletions web/migrations/0058_alter_globalpermission_options.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# Generated by Django 5.1.5 on 2025-02-25 11:07

from django.db import migrations


class Migration(migrations.Migration):

dependencies = [
("web", "0057_alter_accessrequest_agent_name_and_more"),
]

operations = [
migrations.AlterModelOptions(
name="globalpermission",
options={
"default_permissions": [],
"managed": False,
"permissions": [
("can_view_permission_harness", "Can view the permission test harness"),
("can_view_l10n_harness", "Can view the L10N test harness"),
("can_view_importer_details", "Can view the importer details list page."),
("can_view_exporter_details", "Can view the exporter details list page."),
("can_view_import_case_search", "Can view search import applications page"),
(
"can_view_export_case_search",
"Can view search certificate applications page",
),
("view_imi", "Can view IMI pages."),
(
"can_view_documents_constabulary",
"Can view issued documents within constabulary region page",
),
("can_view_report_issued_certificates", "Can view Issued Certificate Report"),
("can_view_report_access_requests", "Can view Access Requests Report"),
("can_view_report_import_licences", "Can view Import Licences Report"),
(
"can_view_report_supplementary_firearms",
"Can view Supplementary Firearms Report",
),
("can_view_report_firearms_licences", "Can view Firearms Licences Report"),
("can_view_report_active_users", "Can view Active Users Report"),
(
"can_view_one_login_test_account_setup",
"Can view One Login Test Account Setup",
),
("importer_access", "Can act as an importer"),
("exporter_access", "Can act as an exporter"),
("ilb_admin", "Is an ILB administrator"),
("sanctions_case_officer", "Is a sanctions caseworker"),
("importer_regulator", "Is an Importer Regulator"),
("importer_admin", "Can manage Importer records."),
("exporter_admin", "Can manage Exporter records."),
("commodity_admin", "Is a commodity administrator"),
("manage_sanction_contacts", "Manage sanction email contacts"),
("manage_signatures", "Manage signatures"),
("access_reports", "Access reports"),
("edit_firearm_authorities", "Can edit Importer Verified Firearms Authorities"),
(
"edit_section_5_firearm_authorities",
"Can edit Importer Verified Section 5 Firearm Authorities",
),
("search_all_cases", "Can search across all cases."),
("search_import_cases", "Can search across all import cases."),
("search_export_cases", "Can search across all export cases."),
("is_icms_data_admin", "Can maintain data in the ICMS admin site."),
("view_ecil_prototype", "Can view ECIL prototype."),
],
},
),
]
3 changes: 3 additions & 0 deletions web/permissions/perms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,10 @@ class SysPerms(PermissionTextChoice):
"web.edit_section_5_firearm_authorities",
"Can edit Importer Verified Section 5 Firearm Authorities",
)
# TODO: ECIL-624 Remove search_all_cases
search_all_cases = ("web.search_all_cases", "Can search across all cases.")
search_import_cases = ("web.search_import_cases", "Can search across all import cases.")
search_export_cases = ("web.search_export_cases", "Can search across all export cases.")
is_icms_data_admin = "web.is_icms_data_admin", "Can maintain data in the ICMS admin site."
view_ecil_prototype = ("web.view_ecil_prototype", "Can view ECIL prototype.")

Expand Down
9 changes: 9 additions & 0 deletions web/permissions/service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,15 @@ def can_view(self):
is_import_app = self.app.is_import_application()
can_search_all_cases = self.user.has_perm(Perms.sys.search_all_cases)

# TODO: ECIL-624 Use this logic when search_all_cases has been removed.
# # Logic for users who can search all import applications e.g. NCA Case Officers
# if is_import_app and self.user.has_perm(Perms.sys.search_import_cases):
# return True
#
# # Logic for users who can search all export applications e.g. Export Search User
# if not is_import_app and self.user.has_perm(Perms.sys.search_export_cases):
# return True

# TODO: ECIL-546
# Split Perms.sys.search_all_cases in to the following to simplify can_view logic:
# - Perms.sys.search_all_import_cases
Expand Down
6 changes: 4 additions & 2 deletions web/utils/search/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ def get_order_by_datetime(case_type: str) -> Any:
def get_user_import_applications(user: User) -> models.QuerySet[ImportApplication]:
"""Returns Import Applications the user has access to."""

if user.has_perm(Perms.sys.search_all_cases):
# TODO: ECIL-624 Remove search_all_cases
if user.has_perm(Perms.sys.search_all_cases) or user.has_perm(Perms.sys.search_import_cases):
return ImportApplication.objects.all()

perms_to_check = [
Expand Down Expand Up @@ -59,7 +60,8 @@ def get_user_import_applications(user: User) -> models.QuerySet[ImportApplicatio
def get_user_export_applications(user: User) -> models.QuerySet[ExportApplication]:
"""Returns Export Applications the user has access to."""

if user.has_perm(Perms.sys.search_all_cases):
# TODO: ECIL-624 Remove search_all_cases
if user.has_perm(Perms.sys.search_all_cases) or user.has_perm(Perms.sys.search_export_cases):
return ExportApplication.objects.all()

perms_to_check = [
Expand Down

0 comments on commit 35d763e

Please sign in to comment.