diff --git a/smash/web/migrations/0154_add_permission_to_existing_workers.py b/smash/web/migrations/0154_add_permission_to_existing_workers.py
new file mode 100644
index 0000000000000000000000000000000000000000..76d2ca30d1e461f10b09a110f1b3d66d036dff4f
--- /dev/null
+++ b/smash/web/migrations/0154_add_permission_to_existing_workers.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.5 on 2020-03-19 13:01
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+ dependencies = [
+ ('web', '0153_auto_20200320_0932'),
+ ]
+
+ operations = [
+ migrations.RunSQL("insert into web_workerstudyrole_permissions(workerstudyrole_id, permission_id) "
+ "select web_workerstudyrole.id, auth_permission.id from web_workerstudyrole,auth_permission "
+ "where codename='add_subject';"),
+
+ ]
diff --git a/smash/web/templates/subjects/index.html b/smash/web/templates/subjects/index.html
index cfe954bcc1251c81a64dffee7c12a18b62893bda..29a4d2308145826a49e5d49091eb949a3157b524 100644
--- a/smash/web/templates/subjects/index.html
+++ b/smash/web/templates/subjects/index.html
@@ -31,7 +31,7 @@
padding-left: 2px;
}
.visit_row > span > a{
- color: inherit;
+ color: inherit;
}
.appointment_type_list{
margin-top: 10px;
@@ -57,7 +57,11 @@
{% block maincontent %}
<div>
- <a href="{% url 'web.views.subject_add' %}" class="btn btn-app">
+ <a href="{% url 'web.views.subject_add' %}" class="btn btn-app"
+ {% if not "add_subject" in permissions %}
+ disabled
+ {% endif %}
+ >
<i class="fa fa-plus"></i>
Add new subject
</a>
diff --git a/smash/web/tests/view/test_study.py b/smash/web/tests/view/test_study.py
index 6b7f18b6e90f2190f03ea9ef233a390807c668af..40df2f29ea6df924021cb5f854c40e6731562b1d 100644
--- a/smash/web/tests/view/test_study.py
+++ b/smash/web/tests/view/test_study.py
@@ -10,9 +10,9 @@ from web.tests.functions import get_test_study, format_form_field
logger = logging.getLogger(__name__)
-class SubjectsViewTests(LoggedInWithWorkerTestCase):
+class StudyViewTests(LoggedInWithWorkerTestCase):
def setUp(self):
- super(SubjectsViewTests, self).setUp()
+ super(StudyViewTests, self).setUp()
self.study = get_test_study()
def test_render_study_edit(self):
diff --git a/smash/web/tests/view/test_subjects.py b/smash/web/tests/view/test_subjects.py
index c1a99e76530f7aa12f79e6edb0edd5b08d00ef4a..71f0d3e773fa9cfba8d2cd6c5c3d5988c9bf6eaf 100644
--- a/smash/web/tests/view/test_subjects.py
+++ b/smash/web/tests/view/test_subjects.py
@@ -1,6 +1,7 @@
import datetime
import logging
+from django.contrib.auth.models import Permission
from django.core.files.uploadedfile import SimpleUploadedFile
from django.urls import reverse
@@ -23,6 +24,7 @@ class SubjectsViewTests(LoggedInWithWorkerTestCase):
self.study = get_test_study()
def test_render_subjects_add(self):
+ self.worker.roles.all()[0].permissions.add(Permission.objects.get(codename="add_subject"))
self.worker.save()
response = self.client.get(reverse('web.views.subject_add'))
@@ -161,6 +163,8 @@ class SubjectsViewTests(LoggedInWithWorkerTestCase):
return form_data
def test_subjects_add_2(self):
+ self.worker.roles.all()[0].permissions.add(Permission.objects.get(codename="add_subject"))
+ self.worker.save()
form_data = self.create_add_form_data_for_study_subject()
form_data["study_subject-type"] = SUBJECT_TYPE_CHOICES_CONTROL
@@ -176,6 +180,8 @@ class SubjectsViewTests(LoggedInWithWorkerTestCase):
" as default location prefix is not defined and subject type is control")
def test_subjects_add_with_referral_letter_file(self):
+ self.worker.roles.all()[0].permissions.add(Permission.objects.get(codename="add_subject"))
+ self.worker.save()
StudyColumns.objects.all().update(referral_letter=True)
form_data = self.create_add_form_data_for_study_subject()
@@ -213,6 +219,8 @@ class SubjectsViewTests(LoggedInWithWorkerTestCase):
form_data["study_subject-last_name"] = "Doe"
def test_subjects_add_patient(self):
+ self.worker.roles.all()[0].permissions.add(Permission.objects.get(codename="add_subject"))
+ self.worker.save()
form_data = self.create_add_form_data_for_study_subject()
form_data["study_subject-default_location"] = get_test_location().id
@@ -227,6 +235,8 @@ class SubjectsViewTests(LoggedInWithWorkerTestCase):
" as default location prefix is not defined and subject type is patient")
def test_subjects_add_invalid(self):
+ self.worker.roles.all()[0].permissions.add(Permission.objects.get(codename="add_subject"))
+ self.worker.save()
form_data = self.create_add_form_data_for_study_subject()
form_data["study_subject-type"] = SUBJECT_TYPE_CHOICES_CONTROL
form_data["study_subject-default_location"] = get_test_location().id
@@ -237,6 +247,8 @@ class SubjectsViewTests(LoggedInWithWorkerTestCase):
self.assertTrue("Invalid data" in response.content)
def test_subjects_add_with_prefixed_location(self):
+ self.worker.roles.all()[0].permissions.add(Permission.objects.get(codename="add_subject"))
+ self.worker.save()
form_data = self.create_add_form_data_for_study_subject()
form_data["study_subject-type"] = SUBJECT_TYPE_CHOICES_CONTROL
diff --git a/smash/web/views/subject.py b/smash/web/views/subject.py
index cb8cf69d285f57f1496dd66e092e08bf9365cc1d..ef65d5f486e0aa018a762fa8deb0091a09fdf72a 100644
--- a/smash/web/views/subject.py
+++ b/smash/web/views/subject.py
@@ -4,6 +4,7 @@ import logging
from django.contrib import messages
from django.shortcuts import redirect, get_object_or_404
+from web.decorators import PermissionDecorator
from . import wrap_response
from ..forms import VisitDetailForm, SubjectAddForm, SubjectEditForm, StudySubjectAddForm, StudySubjectEditForm
from ..models import StudySubject, MailTemplate, Worker, Study, Provenance, Subject
@@ -27,6 +28,7 @@ def subjects(request):
return subject_list(request, SUBJECT_LIST_GENERIC)
+@PermissionDecorator('add_subject', 'subject')
def subject_add(request):
study = Study.objects.filter(id=GLOBAL_STUDY_ID)[0]
if request.method == 'POST':