fix audit year check and remaining tests

rcpch · Jan 1, 2025 · 25bb388 · 25bb388
1 parent aa49c6d
commit 25bb388
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/project/npda/tests/permissions_tests/test_mixins_against_session.py b/project/npda/tests/permissions_tests/test_mixins_against_session.py
@@ -95,12 +95,16 @@ def test_users_with_correct_permissions_cannot_save_patient_in_different_audit_y
         """
         # Create a patient
         form = PatientForm(VALID_FIELDS)
-
+        print(audit_dates)
         # Modify the session
         session = self.client.session
-        session["selected_audit_year"] = audit_dates[0].year + 1
+        session["selected_audit_year"] = (
+            audit_dates[0].year + 2
+        )  # 2 years in the future will always be a different audit year
         session.save()
 
+        print(self.client.session["selected_audit_year"])
+
         # url
         url = reverse("patient-add")
 

diff --git a/project/npda/views/mixins.py b/project/npda/views/mixins.py
@@ -9,6 +9,7 @@
 from django.contrib.auth.mixins import AccessMixin
 from django.http import HttpResponseForbidden
 
+from project.npda.general_functions.audit_period import get_audit_period_for_date
 from project.npda.models.npda_user import NPDAUser
 from project.npda.models.patient import Patient
 
@@ -171,8 +172,11 @@ class CheckCurrentAuditYearMixin(AccessMixin):
     """
 
     def dispatch(self, request, *args, **kwargs):
-        # Check if the user is trying to access data for the current audit year
-        if request.session.get("selected_audit_year") != datetime.today().year:
+        # Check if the user is trying to access data for the current audit period
+        audit_start_date, audit_end_data = get_audit_period_for_date(
+            datetime.now().date()
+        )
+        if request.session.get("selected_audit_year") < audit_start_date.year:
             logger.warning(
                 f"User {request.user} tried to create/edit or delete data in a previous audit year."
             )
@@ -182,6 +186,16 @@ def dispatch(self, request, *args, **kwargs):
 
             raise PermissionDenied()
 
+        if request.session.get("selected_audit_year") > audit_end_data.year:
+            logger.warning(
+                f"User {request.user} tried to create/edit or delete data in a future audit year."
+            )
+            if request.user.is_superuser or request.user.is_rcpch_audit_team_member:
+                # Allow superusers and RCPCH audit team members to create/edit or update  data for future audit years
+                return super().dispatch(request, *args, **kwargs)
+
+            raise PermissionDenied()
+
         return super().dispatch(request, *args, **kwargs)