fix: hide internal well comments from public users (#193)

bcgov · Nov 19, 2024 · 7e0e74d · 7e0e74d
1 parent 54edc51
commit 7e0e74d
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 2 deletions.
diff --git a/backend/wells/fixtures/well_detail_fixture.json b/backend/wells/fixtures/well_detail_fixture.json
@@ -55,6 +55,7 @@
               "utm_easting": null,
               "well_location_description": "",
               "comments": null,
+              "internal_comments": null,
               "well_identification_plate_attached": null,
               "well_yield_unit": null,
               "finished_well_depth": null,

diff --git a/backend/wells/serializers.py b/backend/wells/serializers.py
@@ -706,6 +706,7 @@ class Meta:
             "well_cap_type",
             "well_disinfected_status",
             "comments",
+            "internal_comments",
             "alternative_specs_submitted",
             "technical_report",
             "drinking_water_protection_area_ind",

diff --git a/backend/wells/tests/test_wells.py b/backend/wells/tests/test_wells.py
@@ -122,3 +122,31 @@ def test_well_history_after_geom_update(self):
         url = reverse('well-history', kwargs={'well_id': 123, 'version': 'v1'})
         response = self.client.get(url)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+class TestWellDetailAuthenticated(APITestCase):
+    # Tbh, I don't know if all of these fixtures are necessary but I don't feel like tracing through the code to find out
+    fixtures = ['gwells-codetables', 'wellsearch-codetables', 'wellsearch', 'registries', 'registries-codetables', 'well_detail_fixture']
+
+    def setUp(self):
+        roles = [WELLS_VIEWER_ROLE]
+        for role in roles:
+            Group.objects.get_or_create(name=role)
+        user, _created = User.objects.get_or_create(username='test')
+        user.profile.username = user.username
+        user.save()
+        roles_to_groups(user, roles)
+        self.client.force_authenticate(user)
+
+    def test_well_detail_authenticated(self):
+        url = reverse('well-detail', kwargs={'well_id': 123, 'version': 'v1'})
+        response = self.client.get(url)
+        self.assertTrue('internal_comments' in response.data)
+
+class TestWellDetailUnauthenticated(APITestCase):
+    # Same comment as above
+    fixtures = ['gwells-codetables', 'wellsearch-codetables', 'wellsearch', 'registries', 'registries-codetables', 'well_detail_fixture']
+
+    def test_well_detail_unauthenticated(self):
+        url = reverse('well-detail', kwargs={'well_id': 123, 'version': 'v1'})
+        response = self.client.get(url)
+        self.assertFalse('internal_comments' in response.data)
diff --git a/backend/wells/views.py b/backend/wells/views.py
@@ -119,9 +119,15 @@ def get_queryset(self):
             qs = Well.objects.all()
         else:
             qs = Well.objects.all().exclude(well_publication_status='Unpublished')
-
         return qs
 
+    def get(self, request, *args, **kwargs):
+        """ Removes internal-only fields for public user """
+        response = super().get(self, request, *args, **kwargs)
+        if not(request.user.groups.filter(name=WELLS_VIEWER_ROLE).exists()):
+            response.data.pop('internal_comments')
+        return response
+
 
 class WellStaffEditDetail(RetrieveAPIView):
     """

diff --git a/frontend/src/wells/views/WellDetail.vue b/frontend/src/wells/views/WellDetail.vue
@@ -561,7 +561,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
         <fieldset id="well_internal_comments_fieldset" class="my-3 detail-section" v-if="hasViewRole">
           <legend>Internal Comments</legend>
           <p>
-            {{ well.internalComments ? well.internalComments : 'No internal comments submitted' }}
+            {{ well.internal_comments ? well.internal_comments : 'No internal comments submitted' }}
           </p>
         </fieldset>