[PC-10215] routes.pro.booking: allow access to admin

pass-culture · Aug 11, 2021 · cbf9ba7 · cbf9ba7
1 parent 0b32751
commit cbf9ba7
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 52 deletions.
diff --git a/src/pcapi/domain/users.py b/src/pcapi/domain/users.py
@@ -1,11 +1,3 @@
-from pcapi.core.users.models import User
-
-
-def check_is_authorized_to_access_bookings_recap(user: User):
-    if user.isAdmin:
-        raise UnauthorizedForAdminUser()
-
-
 class ClientError(Exception):
     def __init__(self, field: str, error: str):
         super().__init__()

diff --git a/src/pcapi/routes/pro/bookings.py b/src/pcapi/routes/pro/bookings.py
@@ -8,7 +8,6 @@
 import pcapi.core.bookings.repository as booking_repository
 import pcapi.core.bookings.validation as bookings_validation
 from pcapi.domain.users import UnauthorizedForAdminUser
-from pcapi.domain.users import check_is_authorized_to_access_bookings_recap
 from pcapi.flask_app import private_api
 from pcapi.flask_app import public_api
 from pcapi.models import EventType
@@ -77,8 +76,6 @@ def get_all_bookings(query: ListBookingsQueryModel) -> ListBookingsResponseModel
     event_date = query.event_date
     booking_period = (query.booking_period_beginning_date, query.booking_period_ending_date)
 
-    check_is_authorized_to_access_bookings_recap(current_user)
-
     # FIXME: due to generalisation, the performance issue has led to DDOS many
     # users checking the many bookings of these offerers
     temporarily_banned_sirens = ["334473352", "434001954", "343282380"]

diff --git a/tests/domain/users_test.py b/tests/domain/users_test.py
diff --git a/tests/routes/pro/get_all_bookings_test.py b/tests/routes/pro/get_all_bookings_test.py
@@ -76,6 +76,14 @@ def test_call_repository_with_venue_id(self, find_by_pro_user_id, app):
 
 @pytest.mark.usefixtures("db_session")
 class Returns200Test:
+    def when_user_is_admin(self, app):
+        admin = users_factories.AdminFactory()
+
+        client = TestClient(app.test_client()).with_auth(admin.email)
+        response = client.get(f"/bookings/pro?{BOOKING_PERIOD_PARAMS}")
+
+        assert response.status_code == 200
+
     def when_user_is_linked_to_a_valid_offerer(self, app):
         booking = bookings_factories.BookingFactory(
             dateCreated=datetime(2020, 8, 11, 12, 0, 0),
@@ -218,17 +226,6 @@ def when_booking_period_is_not_given(self, app):
 
 @pytest.mark.usefixtures("db_session")
 class Returns401Test:
-    def when_user_is_admin(self, app):
-        admin = users_factories.AdminFactory()
-
-        client = TestClient(app.test_client()).with_auth(admin.email)
-        response = client.get(f"/bookings/pro?{BOOKING_PERIOD_PARAMS}")
-
-        assert response.status_code == 401
-        assert response.json == {
-            "global": ["Le statut d'administrateur ne permet pas d'accéder au suivi des réservations"]
-        }
-
     @override_features(DISABLE_BOOKINGS_RECAP_FOR_SOME_PROS=True)
     def when_user_is_blacklisted(self, app):
         pro = users_factories.ProFactory(offerers=[offers_factories.OffererFactory(siren="334473352")])