diff --git a/atst/routes/task_orders/new.py b/atst/routes/task_orders/new.py index a806bda7..8d91ca7d 100644 --- a/atst/routes/task_orders/new.py +++ b/atst/routes/task_orders/new.py @@ -2,6 +2,7 @@ from flask import g, redirect, render_template, request as http_request, url_for from . import task_orders_bp from atst.domain.authz.decorator import user_can_access_decorator as user_can +from atst.domain.exceptions import NoAccessError from atst.domain.task_orders import TaskOrders from atst.forms.task_order import TaskOrderForm, SignatureForm from atst.models.permissions import Permissions @@ -128,6 +129,11 @@ def submit_form_step_three_add_clins(task_order_id): @task_orders_bp.route("/task_orders//form/step_4") @user_can(Permissions.CREATE_TASK_ORDER, message="view task order form") def form_step_four_review(task_order_id): + task_order = TaskOrders.get(task_order_id) + + if task_order.is_completed == False: + raise NoAccessError("task order form review") + return render_task_orders_edit( "task_orders/step_4.html", task_order_id=task_order_id ) @@ -136,6 +142,11 @@ def form_step_four_review(task_order_id): @task_orders_bp.route("/task_orders//form/step_5") @user_can(Permissions.CREATE_TASK_ORDER, message="view task order form") def form_step_five_confirm_signature(task_order_id): + task_order = TaskOrders.get(task_order_id) + + if task_order.is_completed == False: + raise NoAccessError("task order form signature") + return render_task_orders_edit( "task_orders/step_5.html", task_order_id=task_order_id, form=SignatureForm() ) diff --git a/tests/routes/task_orders/test_new.py b/tests/routes/task_orders/test_new.py index ab221bca..22c24296 100644 --- a/tests/routes/task_orders/test_new.py +++ b/tests/routes/task_orders/test_new.py @@ -25,6 +25,18 @@ def task_order(): return TaskOrderFactory.create(creator=user, portfolio=portfolio) +@pytest.fixture +def completed_task_order(): + portfolio = PortfolioFactory.create() + task_order = TaskOrderFactory.create( + creator=portfolio.owner, + portfolio=portfolio, + create_clins=["1234567890123456789012345678901234567890123"], + ) + + return task_order + + @pytest.fixture def portfolio(): return PortfolioFactory.create() @@ -114,22 +126,49 @@ def test_task_orders_submit_form_step_three_add_clins(client, user_session, task assert len(task_order.clins) == 2 -def test_task_orders_form_step_four_review(client, user_session, task_order): - user_session(task_order.creator) +def test_task_orders_form_step_four_review(client, user_session, completed_task_order): + user_session(completed_task_order.creator) response = client.get( - url_for("task_orders.form_step_four_review", task_order_id=task_order.id) + url_for( + "task_orders.form_step_four_review", task_order_id=completed_task_order.id + ) ) assert response.status_code == 200 -def test_task_orders_form_step_five_confirm_signature(client, user_session, task_order): +def test_task_orders_form_step_four_review_incomplete_to( + client, user_session, task_order +): + user_session(task_order.creator) + response = client.get( + url_for("task_orders.form_step_four_review", task_order_id=task_order.id) + ) + assert response.status_code == 404 + + +def test_task_orders_form_step_five_confirm_signature( + client, user_session, completed_task_order +): + user_session(completed_task_order.creator) + response = client.get( + url_for( + "task_orders.form_step_five_confirm_signature", + task_order_id=completed_task_order.id, + ) + ) + assert response.status_code == 200 + + +def test_task_orders_form_step_five_confirm_signature_incomplete_to( + client, user_session, task_order +): user_session(task_order.creator) response = client.get( url_for( "task_orders.form_step_five_confirm_signature", task_order_id=task_order.id ) ) - assert response.status_code == 200 + assert response.status_code == 404 def test_task_orders_form_step_one_add_pdf_existing_to( @@ -275,18 +314,6 @@ def test_task_orders_update_invalid_data(client, user_session, portfolio): assert "There were some errors" in response.data.decode() -@pytest.mark.skip(reason="Reevaluate if user can see review page w/ incomplete TO") -def test_cannot_get_to_review_screen_with_incomplete_data( - client, user_session, portfolio -): - user_session(portfolio.owner) - data = {"number": "0123456789"} - response = client.post( - url_for("task_orders.update", portfolio_id=portfolio.id, review=True), data=data - ) - assert response.status_code == 400 - - @pytest.mark.skip(reason="Update after implementing errors on TO form") def test_task_order_form_shows_errors(client, user_session, task_order): creator = task_order.creator diff --git a/tests/test_access.py b/tests/test_access.py index 893cdecc..eefa2160 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -467,7 +467,11 @@ def test_task_orders_new_get_routes(get_url_assert_status): rando = user_with() portfolio = PortfolioFactory.create(owner=owner) - task_order = TaskOrderFactory.create(portfolio=portfolio, creator=owner) + task_order = TaskOrderFactory.create( + creator=owner, + portfolio=portfolio, + create_clins=["1234567890123456789012345678901234567890123"], + ) for route in get_routes: url = url_for(route, task_order_id=task_order.id)