diff --git a/src/dashboard/apps/consent/templates/consent/manage.html b/src/dashboard/apps/consent/templates/consent/manage.html index 029fa689..8d05ae86 100644 --- a/src/dashboard/apps/consent/templates/consent/manage.html +++ b/src/dashboard/apps/consent/templates/consent/manage.html @@ -43,11 +43,15 @@

{% trans "Manage consents" %}

name="status" value="{{ consent.id }}" id="{{ consent.id }}" - {% if consent.status == 'VALIDATED' %} checked{% endif %} + {% if consent.status == 'VALIDATED' %} checked="checked" disabled="disabled"{% endif %} aria-describedby="{{ consent.id }}-messages" data-fr-js-checkbox-input="true" data-fr-js-checkbox-actionee="true" /> - +
diff --git a/src/dashboard/apps/consent/tests/test_views.py b/src/dashboard/apps/consent/tests/test_views.py index 41e1ca14..41dbe678 100644 --- a/src/dashboard/apps/consent/tests/test_views.py +++ b/src/dashboard/apps/consent/tests/test_views.py @@ -7,7 +7,7 @@ from django.urls import reverse from apps.auth.factories import UserFactory -from apps.consent import AWAITING, VALIDATED +from apps.consent import AWAITING, REVOKED, VALIDATED from apps.consent.factories import ConsentFactory from apps.consent.models import Consent from apps.consent.views import ConsentFormView @@ -62,6 +62,16 @@ def test_bulk_update_consent_status(rf): # and checks that the data has changed to VALIDATED after the update. assert all(c == VALIDATED for c in Consent.objects.values_list("status", flat=True)) + # bulk update from VALIDATED to AWAITING: no data must be updated + assert view._bulk_update_consent(ids, AWAITING) == 0 + # and checks that the status has not changed after the update. + assert all(c == VALIDATED for c in Consent.objects.values_list("status", flat=True)) + + # bulk update from VALIDATED to REVOKED: no data must be updated + assert view._bulk_update_consent(ids, REVOKED) == 0 + # and checks that the status has not changed after the update. + assert all(c == VALIDATED for c in Consent.objects.values_list("status", flat=True)) + @pytest.mark.django_db def test_bulk_update_consent_status_with_fake_id(rf): diff --git a/src/dashboard/apps/consent/views.py b/src/dashboard/apps/consent/views.py index 94d64de6..cd8b8fec 100644 --- a/src/dashboard/apps/consent/views.py +++ b/src/dashboard/apps/consent/views.py @@ -84,9 +84,12 @@ def _get_entities(self) -> list: return list(user.get_entities()) def _bulk_update_consent(self, ids: list[str], status: str) -> int: - """Bulk update of the consent status for a given status and list of entities.""" + """Bulk update of the consent status for a given status and list of entities. + + Only `AWAITING` consents can be updated by users. + """ return ( - Consent.objects.filter(id__in=ids) + Consent.objects.filter(id__in=ids, status=AWAITING) .filter( Q(delivery_point__entity__users=self.request.user) | Q(delivery_point__entity__proxies__users=self.request.user) diff --git a/src/dashboard/templates/blocks/main_menu.html b/src/dashboard/templates/blocks/main_menu.html index 30571c32..92c60eb2 100644 --- a/src/dashboard/templates/blocks/main_menu.html +++ b/src/dashboard/templates/blocks/main_menu.html @@ -18,7 +18,7 @@