Merge remote-tracking branch 'origin/master' into jimfuqian/BB2-3216-SPIKE-add-tests-coverage

JFU-NAVA-PBC · JFU-NAVA-PBC · commit 258009248c24 · 2024-06-04T21:10:03.000-07:00
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -54,7 +54,7 @@ Submitters should complete the following questionnaire:
     * Does this PR add any new software dependencies? **Yes** or **No**.
     * Does this PR modify or invalidate any of our security controls? **Yes** or **No**.
     * Does this PR store or transmit data that was not stored or transmitted before? **Yes** or **No**.
-* If the answer to any of the questions below is **Yes**, then please add StewGoin as a reviewer, and note that this PR should not be merged unless/until he also approves it.
+* If the answer to any of the questions below is **Yes**, then please add a Security Engineer and ISSO  as a reviewer, and note that this PR should not be merged unless/until he also approves it.
     * Do you think this PR requires additional review of its security implications for other reasons? **Yes** or **No**.
 
 
diff --git a/apps/authorization/models.py b/apps/authorization/models.py
@@ -43,7 +43,7 @@ def update_expiration_date(self):
         # For THIRTEEN_MONTH type update expiration_date
         if self.application:
             flag = get_waffle_flag_model().get("limit_data_access")
-            if flag.id is not None and flag.is_active_for_user(self.application.user):
+            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.application.user)):
                 if self.application.data_access_type == "THIRTEEN_MONTH":
                     self.expiration_date = datetime.now().replace(
                         tzinfo=pytz.UTC
@@ -52,7 +52,7 @@ def update_expiration_date(self):
 
     def has_expired(self):
         flag = get_waffle_flag_model().get("limit_data_access")
-        if flag.id is not None and flag.is_active_for_user(self.application.user):
+        if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.application.user)):
             if self.application.data_access_type == "THIRTEEN_MONTH":
                 if self.expiration_date:
                     if self.expiration_date < datetime.now().replace(tzinfo=pytz.UTC):
diff --git a/apps/dot_ext/models.py b/apps/dot_ext/models.py
@@ -229,7 +229,7 @@ def store_media_file(self, file, filename):
     def has_one_time_only_data_access(self):
         if self.data_access_type == "ONE_TIME":
             flag = get_waffle_flag_model().get("limit_data_access")
-            if flag.id is not None and flag.is_active_for_user(self.user):
+            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.user)):
                 return True
         return False
 
diff --git a/apps/dot_ext/views/authorization.py b/apps/dot_ext/views/authorization.py
@@ -115,12 +115,12 @@ def sensitive_info_check(self, request):
     def get_template_names(self):
         flag = get_waffle_flag_model().get("limit_data_access")
         if waffle.switch_is_active('require-scopes'):
-            if flag.id is not None and flag.is_active_for_user(self.application.user):
+            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.application.user)):
                 return ["design_system/new_authorize_v2.html"]
             else:
                 return ["design_system/authorize_v2.html"]
         else:
-            if flag.id is not None and flag.is_active_for_user(self.user):
+            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.user)):
                 return ["design_system/new_authorize_v2.html"]
             else:
                 return ["design_system/authorize.html"]
diff --git a/apps/logging/loggers.py b/apps/logging/loggers.py
@@ -341,7 +341,7 @@ def log_global_state_metrics(group_timestamp=None, report_flag=True):
         grant_counts = get_grant_bene_counts(application=app)
 
         flag = get_waffle_flag_model().get("limit_data_access")
-        user_limit_data_access = flag.is_active_for_user(app.user) if flag.id is not None else None
+        user_limit_data_access = flag.rollout or (flag.is_active_for_user(app.user) if flag.id is not None else None)
 
         log_dict = {
             "type": "global_state_metrics_per_app",
diff --git a/docker-compose/readme.md b/docker-compose/readme.md
@@ -534,5 +534,4 @@ or
 The argument can be the remote ENV's name, it can also be the URL alternatively:
 ```
 ./docker-compose/run_selenium_tests_remote.sh -p https://sandbox.bluebutton.cms.gov/
-```
-
+```
