From 28bedb1c07b48ecc11d5e4f177532e7567ad24f3 Mon Sep 17 00:00:00 2001 From: Rithvik Nishad Date: Tue, 28 May 2024 16:12:09 +0530 Subject: [PATCH] Fixes state and district admin not able to see users of same user type level (#2200) * Fixes state and district admin not able to see users of same user type level * correct test --------- Co-authored-by: Vignesh Hari --- care/users/api/viewsets/users.py | 4 +-- care/users/tests/test_facility_user_create.py | 32 ++++++++++++++----- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/care/users/api/viewsets/users.py b/care/users/api/viewsets/users.py index 7916d08418..f2152d3762 100644 --- a/care/users/api/viewsets/users.py +++ b/care/users/api/viewsets/users.py @@ -127,7 +127,7 @@ def get_queryset(self): if self.request.user.user_type >= User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]: query |= Q( state=self.request.user.state, - user_type__lt=User.TYPE_VALUE_MAP["StateAdmin"], + user_type__lte=User.TYPE_VALUE_MAP["StateAdmin"], is_superuser=False, ) elif ( @@ -135,7 +135,7 @@ def get_queryset(self): ): query |= Q( district=self.request.user.district, - user_type__lt=User.TYPE_VALUE_MAP["DistrictAdmin"], + user_type__lte=User.TYPE_VALUE_MAP["DistrictAdmin"], is_superuser=False, ) else: diff --git a/care/users/tests/test_facility_user_create.py b/care/users/tests/test_facility_user_create.py index 54d7edea3b..e8af56e9cd 100644 --- a/care/users/tests/test_facility_user_create.py +++ b/care/users/tests/test_facility_user_create.py @@ -16,6 +16,12 @@ def setUpTestData(cls) -> None: cls.super_user = cls.create_super_user("su", cls.district) cls.facility = cls.create_facility(cls.super_user, cls.district, cls.local_body) cls.user = cls.create_user("staff1", cls.district, home_facility=cls.facility) + cls.state_admin = cls.create_user( + "stateadmin1", + cls.district, + home_facility=cls.facility, + user_type=User.TYPE_VALUE_MAP["StateAdmin"], + ) def get_base_url(self): return "/api/v1/users/add_user/" @@ -46,8 +52,8 @@ def get_detail_representation(self, obj: User = None) -> dict: "ward": getattr(obj.ward, "id", None), } - def get_new_user_data(self): - return { + def get_user_data(self, **kwargs): + data = { "username": "roopak", "user_type": "Staff", "phone_number": "+917795937091", @@ -60,18 +66,28 @@ def get_new_user_data(self): "verified": True, "facilities": [self.facility.external_id], } + data.update(kwargs) + return data.copy() def test_create_facility_user__should_fail__when_higher_level(self): - data = self.get_new_user_data().copy() - data.update({"user_type": "DistrictAdmin"}) - + data = self.get_user_data(user_type="DistrictAdmin") response = self.client.post(self.get_base_url(), data=data, format="json") self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) def test_create_facility_user__should_fail__when_different_location(self): new_district = self.clone_object(self.district) - data = self.get_new_user_data().copy() - data.update({"district": new_district.id}) - + data = self.get_user_data(district=new_district.id) response = self.client.post(self.get_base_url(), data=data, format="json") self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) + + def test_create_user_of_same_type(self): + self.client.force_authenticate(self.state_admin) + + data = self.get_user_data( + username="stateadmin2", user_type=User.TYPE_VALUE_MAP["StateAdmin"] + ) + res = self.client.post(self.get_base_url(), data=data, format="json") + self.assertEqual(res.status_code, status.HTTP_201_CREATED) + + res = self.client.get("/api/v1/users/", {"username": "stateadmin2"}) + self.assertContains(res, "stateadmin2")