(PC-30235)[BO] feat: search Titelive with READ_OFFERS permission

pass-culture · Jun 11, 2024 · d96eab9 · d96eab9
1 parent 972fe4f
commit d96eab9
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 16 deletions.
diff --git a/api/src/pcapi/routes/backoffice/templates/layouts/connected.html b/api/src/pcapi/routes/backoffice/templates/layouts/connected.html
@@ -81,8 +81,6 @@ <h6 class="mdc-deprecated-list-group__subheader">{{ name }}</h6>
                     {{ menu_section_item('Offres collectives', 'backoffice_web.collective_offer.list_collective_offers') }}
                     {{ menu_section_item('Offres collectives vitrine', 'backoffice_web.collective_offer_template.list_collective_offer_templates') }}
                     {{ menu_section_item('Opérations sur plusieurs offres', 'backoffice_web.multiple_offers.multiple_offers_home') }}
-                  {% endif %}
-                  {% if has_permission("PRO_FRAUD_ACTIONS") %}
                     {{ menu_section_item('Recherche EAN via Tite Live', 'backoffice_web.titelive.search_titelive') }}
                   {% endif %}
                   {% if has_permission("READ_TAGS") %}{{ menu_section_item('Tags des offres et lieux', 'backoffice_web.tags.list_tags') }}{% endif %}

diff --git a/api/src/pcapi/routes/backoffice/templates/titelive/search_result.html b/api/src/pcapi/routes/backoffice/templates/titelive/search_result.html
@@ -90,18 +90,20 @@ <h5 class="card-title">{{ json.oeuvre.titre|unescape }}</h5>
                       </li>
                     {% endif %}
                   </ul>
-                  <div class="card-body text-end">
-                    {% if not product_whitelist %}
-                      <button type="button"
-                              class="btn btn-outline-primary"
-                              data-bs-toggle="modal"
-                              data-bs-target="#add-whitelist-confirmation">Ajouter le livre dans la whitelist</button>
-                      {{ build_lazy_modal(url_for("backoffice_web.titelive.get_add_product_whitelist_confirmation_form", ean=json.ean, title=json.oeuvre.titre) , "add-whitelist-confirmation", "true") }}
-                    {% else %}
-                      <a href="{{ url_for("backoffice_web.titelive.delete_product_whitelist", ean=json.ean) }}"
-                         class="btn btn-outline-primary">Retirer le livre de la whitelist</a>
-                    {% endif %}
-                  </div>
+                  {% if has_permission("PRO_FRAUD_ACTIONS") %}
+                    <div class="card-body text-end">
+                      {% if not product_whitelist %}
+                        <button type="button"
+                                class="btn btn-outline-primary"
+                                data-bs-toggle="modal"
+                                data-bs-target="#add-whitelist-confirmation">Ajouter le livre dans la whitelist</button>
+                        {{ build_lazy_modal(url_for("backoffice_web.titelive.get_add_product_whitelist_confirmation_form", ean=json.ean, title=json.oeuvre.titre) , "add-whitelist-confirmation", "true") }}
+                      {% else %}
+                        <a href="{{ url_for("backoffice_web.titelive.delete_product_whitelist", ean=json.ean) }}"
+                           class="btn btn-outline-primary">Retirer le livre de la whitelist</a>
+                      {% endif %}
+                    </div>
+                  {% endif %}
                 </div>
               </div>
             </div>

diff --git a/api/src/pcapi/routes/backoffice/titelive/blueprint.py b/api/src/pcapi/routes/backoffice/titelive/blueprint.py
@@ -31,7 +31,7 @@
     "titelive",
     __name__,
     url_prefix="/pro/titelive",
-    permission=perm_models.Permissions.PRO_FRAUD_ACTIONS,
+    permission=perm_models.Permissions.READ_OFFERS,
 )
 
 
@@ -87,6 +87,7 @@ def search_titelive() -> utils.BackofficeResponse:
 
 
 @titelive_blueprint.route("/<string:ean>/<string:title>/add-product-whitelist-confirmation-form", methods=["GET"])
+@utils.permission_required(perm_models.Permissions.PRO_FRAUD_ACTIONS)
 def get_add_product_whitelist_confirmation_form(ean: str, title: str) -> utils.BackofficeResponse:
     form = forms.OptionalCommentForm()
     return render_template(
@@ -100,6 +101,7 @@ def get_add_product_whitelist_confirmation_form(ean: str, title: str) -> utils.B
 
 
 @titelive_blueprint.route("/<string:ean>/<string:title>/add", methods=["POST"])
+@utils.permission_required(perm_models.Permissions.PRO_FRAUD_ACTIONS)
 def add_product_whitelist(ean: str, title: str) -> utils.BackofficeResponse:
     form = forms.OptionalCommentForm()
     try:
@@ -164,6 +166,7 @@ def add_product_whitelist(ean: str, title: str) -> utils.BackofficeResponse:
 
 
 @titelive_blueprint.route("/<string:ean>/delete", methods=["GET"])
+@utils.permission_required(perm_models.Permissions.PRO_FRAUD_ACTIONS)
 def delete_product_whitelist(ean: str) -> utils.BackofficeResponse:
     try:
         product_whitelist = fraud_models.ProductWhitelist.query.filter(

diff --git a/api/tests/routes/backoffice/titelive_test.py b/api/tests/routes/backoffice/titelive_test.py
@@ -19,6 +19,7 @@
 
 from ...connectors.titelive import fixtures
 from ...connectors.titelive.fixtures import BOOK_BY_EAN_FIXTURE
+from .helpers import button as button_helpers
 from .helpers import html_parser
 from .helpers.get import GetEndpointHelper
 from .helpers.post import PostEndpointHelper
@@ -33,7 +34,7 @@
 class SearchEanTest(GetEndpointHelper):
     endpoint = "backoffice_web.titelive.search_titelive"
     endpoint_kwargs = {"ean": "9782070455379"}
-    needed_permission = perm_models.Permissions.PRO_FRAUD_ACTIONS
+    needed_permission = perm_models.Permissions.READ_OFFERS
 
     # session + current user + query
     expected_num_queries = 3
@@ -104,6 +105,23 @@ def test_search_ean_whitelisted(self, mock_get_by_ean13, authenticated_client):
         assert "Commentaire : Superbe livre !" in card_text[0]
 
 
+class WhitelistButtonTest(button_helpers.ButtonHelper):
+    needed_permission = perm_models.Permissions.PRO_FRAUD_ACTIONS
+    button_label = "Ajouter le livre dans la whitelist"
+
+    @property
+    def path(self):
+        return url_for("backoffice_web.titelive.search_titelive", ean="9782070455379")
+
+    def test_button_when_can_add_one(self, authenticated_client):
+        with patch("pcapi.routes.backoffice.titelive.blueprint.get_by_ean13", return_value=BOOK_BY_EAN_FIXTURE):
+            super().test_button_when_can_add_one(authenticated_client)
+
+    def test_no_button(self, client, roles_with_permissions):
+        with patch("pcapi.routes.backoffice.titelive.blueprint.get_by_ean13", return_value=BOOK_BY_EAN_FIXTURE):
+            super().test_no_button(client, roles_with_permissions)
+
+
 class ProductBlackListFormTest(GetEndpointHelper):
     endpoint = "backoffice_web.titelive.get_add_product_whitelist_confirmation_form"
     endpoint_kwargs = {"ean": "9782070455379", "title": "Immortelle randonnée ; Compostelle malgré moi"}