From cbf9ba7b0701565308117919504bed8285aadc2e Mon Sep 17 00:00:00 2001
From: Romain Le Cellier <romain.le-cellier@passculture.app>
Date: Wed, 4 Aug 2021 09:58:01 +0200
Subject: [PATCH] [PC-10215] routes.pro.booking: allow access to admin

---
 src/pcapi/domain/users.py                 |  8 ------
 src/pcapi/routes/pro/bookings.py          |  3 ---
 tests/domain/users_test.py                | 30 -----------------------
 tests/routes/pro/get_all_bookings_test.py | 19 ++++++--------
 4 files changed, 8 insertions(+), 52 deletions(-)
 delete mode 100644 tests/domain/users_test.py

diff --git a/src/pcapi/domain/users.py b/src/pcapi/domain/users.py
index bfb7b25323..06757dd3f4 100644
--- a/src/pcapi/domain/users.py
+++ b/src/pcapi/domain/users.py
@@ -1,11 +1,3 @@
-from pcapi.core.users.models import User
-
-
-def check_is_authorized_to_access_bookings_recap(user: User):
-    if user.isAdmin:
-        raise UnauthorizedForAdminUser()
-
-
 class ClientError(Exception):
     def __init__(self, field: str, error: str):
         super().__init__()
diff --git a/src/pcapi/routes/pro/bookings.py b/src/pcapi/routes/pro/bookings.py
index daeb6663d2..c8228b9531 100644
--- a/src/pcapi/routes/pro/bookings.py
+++ b/src/pcapi/routes/pro/bookings.py
@@ -8,7 +8,6 @@
 import pcapi.core.bookings.repository as booking_repository
 import pcapi.core.bookings.validation as bookings_validation
 from pcapi.domain.users import UnauthorizedForAdminUser
-from pcapi.domain.users import check_is_authorized_to_access_bookings_recap
 from pcapi.flask_app import private_api
 from pcapi.flask_app import public_api
 from pcapi.models import EventType
@@ -77,8 +76,6 @@ def get_all_bookings(query: ListBookingsQueryModel) -> ListBookingsResponseModel
     event_date = query.event_date
     booking_period = (query.booking_period_beginning_date, query.booking_period_ending_date)
 
-    check_is_authorized_to_access_bookings_recap(current_user)
-
     # FIXME: due to generalisation, the performance issue has led to DDOS many
     # users checking the many bookings of these offerers
     temporarily_banned_sirens = ["334473352", "434001954", "343282380"]
diff --git a/tests/domain/users_test.py b/tests/domain/users_test.py
deleted file mode 100644
index dcc239e9b0..0000000000
--- a/tests/domain/users_test.py
+++ /dev/null
@@ -1,30 +0,0 @@
-import pytest
-
-from pcapi.core.users import factories as users_factories
-from pcapi.domain.users import UnauthorizedForAdminUser
-from pcapi.domain.users import check_is_authorized_to_access_bookings_recap
-
-
-class CheckUserIsNotAdminTest:
-    def test_when_user_is_admin_should_prevent_from_accessing_bookings_list(self):
-        # Given
-        user = users_factories.AdminFactory.build()
-
-        # When
-        with pytest.raises(UnauthorizedForAdminUser) as exception:
-            check_is_authorized_to_access_bookings_recap(user)
-
-        # Then
-        assert exception.value.errors["global"] == [
-            "Le statut d'administrateur ne permet pas d'accéder au suivi des réservations"
-        ]
-
-    def test_when_user_is_not_admin_should_allow_accessing_bookings_list(self):
-        # Given
-        user = users_factories.UserFactory.build(isAdmin=False, isBeneficiary=False)
-
-        # When
-        check_is_authorized_to_access_bookings_recap(user)
-
-        # Then
-        assert True
diff --git a/tests/routes/pro/get_all_bookings_test.py b/tests/routes/pro/get_all_bookings_test.py
index 1802663408..c9603e0729 100644
--- a/tests/routes/pro/get_all_bookings_test.py
+++ b/tests/routes/pro/get_all_bookings_test.py
@@ -76,6 +76,14 @@ def test_call_repository_with_venue_id(self, find_by_pro_user_id, app):
 
 @pytest.mark.usefixtures("db_session")
 class Returns200Test:
+    def when_user_is_admin(self, app):
+        admin = users_factories.AdminFactory()
+
+        client = TestClient(app.test_client()).with_auth(admin.email)
+        response = client.get(f"/bookings/pro?{BOOKING_PERIOD_PARAMS}")
+
+        assert response.status_code == 200
+
     def when_user_is_linked_to_a_valid_offerer(self, app):
         booking = bookings_factories.BookingFactory(
             dateCreated=datetime(2020, 8, 11, 12, 0, 0),
@@ -218,17 +226,6 @@ def when_booking_period_is_not_given(self, app):
 
 @pytest.mark.usefixtures("db_session")
 class Returns401Test:
-    def when_user_is_admin(self, app):
-        admin = users_factories.AdminFactory()
-
-        client = TestClient(app.test_client()).with_auth(admin.email)
-        response = client.get(f"/bookings/pro?{BOOKING_PERIOD_PARAMS}")
-
-        assert response.status_code == 401
-        assert response.json == {
-            "global": ["Le statut d'administrateur ne permet pas d'accéder au suivi des réservations"]
-        }
-
     @override_features(DISABLE_BOOKINGS_RECAP_FOR_SOME_PROS=True)
     def when_user_is_blacklisted(self, app):
         pro = users_factories.ProFactory(offerers=[offers_factories.OffererFactory(siren="334473352")])