diff --git a/atst/routes/portfolios/task_orders.py b/atst/routes/portfolios/task_orders.py index 553d226d..a3c77631 100644 --- a/atst/routes/portfolios/task_orders.py +++ b/atst/routes/portfolios/task_orders.py @@ -231,6 +231,7 @@ def task_order_invitations(portfolio_id, task_order_id): portfolio=portfolio, task_order=task_order, form=form, + user=g.current_user, ) else: raise NotFoundError("task_order") diff --git a/templates/portfolios/task_orders/invitations.html b/templates/portfolios/task_orders/invitations.html index b5d46386..92955268 100644 --- a/templates/portfolios/task_orders/invitations.html +++ b/templates/portfolios/task_orders/invitations.html @@ -99,21 +99,23 @@ {{ Link("Update", "edit", onClick="edit") }} {% set invite_type = [prefix + "_invite"] %} - {{ - ConfirmationButton( - btn_text="Resend Invitation", - confirm_btn=('task_orders.invitations.resend_btn' | translate), - confirm_msg=('task_orders.invitations.resend_confirmation_message' | translate), - action=url_for( - "portfolios.resend_invite", - portfolio_id=portfolio.id, - task_order_id=task_order.id, - invite_type=invite_type, - ), - btn_icon=Icon('avatar'), - btn_class="icon-link", - ) - }} + {% if not (user == task_order.creator and user == task_order[officer_type]) %} + {{ + ConfirmationButton( + btn_text="Resend Invitation", + confirm_btn=('task_orders.invitations.resend_btn' | translate), + confirm_msg=('task_orders.invitations.resend_confirmation_message' | translate), + action=url_for( + "portfolios.resend_invite", + portfolio_id=portfolio.id, + task_order_id=task_order.id, + invite_type=invite_type, + ), + btn_icon=Icon('avatar'), + btn_class="icon-link", + ) + }} + {% endif %} {{ Link("Remove", "trash", classes="remove") }} diff --git a/tests/routes/portfolios/test_task_orders.py b/tests/routes/portfolios/test_task_orders.py index 48aaefd0..224464ca 100644 --- a/tests/routes/portfolios/test_task_orders.py +++ b/tests/routes/portfolios/test_task_orders.py @@ -289,6 +289,57 @@ class TestTaskOrderInvitations: assert response.status_code == 404 assert time_updated == other_task_order.time_updated + def test_does_not_render_resend_invite_if_user_is_mo_and_user_is_cor( + self, client, user_session + ): + task_order = TaskOrderFactory.create( + portfolio=self.portfolio, + creator=self.portfolio.owner, + cor_first_name=self.portfolio.owner.first_name, + cor_last_name=self.portfolio.owner.last_name, + cor_email=self.portfolio.owner.email, + cor_phone_number=self.portfolio.owner.phone_number, + cor_dod_id=self.portfolio.owner.dod_id, + cor_invite=True, + ) + user_session(self.portfolio.owner) + response = client.get( + url_for( + "portfolios.task_order_invitations", + portfolio_id=self.portfolio.id, + task_order_id=task_order.id, + ) + ) + assert "Resend Invitation" not in response.data.decode() + + def test_renders_resend_invite_if_user_is_mo_and_user_is_not_cor( + self, client, user_session + ): + cor = UserFactory.create() + task_order = TaskOrderFactory.create( + portfolio=self.portfolio, + creator=self.portfolio.owner, + contracting_officer_representative=cor, + cor_invite=True, + ) + portfolio_role = PortfolioRoleFactory.create(portfolio=self.portfolio, user=cor) + invitation = InvitationFactory.create( + inviter=self.portfolio.owner, + portfolio_role=portfolio_role, + user=cor, + status=InvitationStatus.PENDING, + ) + + user_session(self.portfolio.owner) + response = client.get( + url_for( + "portfolios.task_order_invitations", + portfolio_id=self.portfolio.id, + task_order_id=task_order.id, + ) + ) + assert "Resend Invitation" in response.data.decode() + def test_ko_can_view_task_order(client, user_session, portfolio, user): PortfolioRoleFactory.create(