Add roles to UserAssignment

malcolmbaig · malcolmbaig · commit 4f9d862f299d · 2025-09-30T11:40:51.000+01:00
Model roles as an array field on the UserAssignment record. This allows
us to map users to one or more roles with a specific provider. This will
be used to implement an authorization layer throughout the service.
diff --git a/manage_breast_screening/clinics/migrations/0018_userassignment_roles.py b/manage_breast_screening/clinics/migrations/0018_userassignment_roles.py
@@ -0,0 +1,20 @@
+# Generated by Django 5.2.6 on 2025-09-29 14:01
+
+import django.contrib.postgres.fields
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('clinics', '0017_alter_userassignment_options'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userassignment',
+            name='roles',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(choices=[('Clinical', 'Clinical'), ('Administrative', 'Administrative')], max_length=32), default=list, help_text='Roles granted to the user for this provider.', size=None, validators=[django.core.validators.MinLengthValidator(1)]),
+        ),
+    ]
diff --git a/manage_breast_screening/clinics/models.py b/manage_breast_screening/clinics/models.py
@@ -3,8 +3,11 @@
 from enum import StrEnum
 
 from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
+from django.core.validators import MinLengthValidator
 from django.db import models
 
+from ..auth.models import Role
 from ..core.models import BaseModel
 
 
@@ -189,6 +192,24 @@ class UserAssignment(BaseModel):
     provider = models.ForeignKey(
         Provider, on_delete=models.PROTECT, related_name="assignments"
     )
+    roles = ArrayField(
+        base_field=models.CharField(
+            max_length=32,
+            choices=[
+                (Role.CLINICAL.value, Role.CLINICAL.value),
+                (Role.ADMINISTRATIVE.value, Role.ADMINISTRATIVE.value),
+            ],
+        ),
+        default=list,
+        validators=[MinLengthValidator(1)],
+        help_text="Roles granted to the user for this provider.",
+    )
+
+    def save(self, *args, **kwargs):
+        if self.roles:
+            # Remove duplicates and sort
+            self.roles = sorted(list(set(self.roles)))
+        super().save(*args, **kwargs)
 
     class Meta:
         unique_together = ["user", "provider"]
diff --git a/manage_breast_screening/clinics/tests/test_models.py b/manage_breast_screening/clinics/tests/test_models.py
@@ -5,6 +5,7 @@
 import time_machine
 from pytest_django.asserts import assertQuerySetEqual
 
+from manage_breast_screening.auth.models import Role
 from manage_breast_screening.clinics import models
 
 from .factories import (
@@ -38,37 +39,72 @@ def test_status_filtering():
     assertQuerySetEqual(models.Clinic.objects.completed(), {past}, ordered=False)
 
 
-@pytest.mark.django_db
-def test_user_assignment_creation():
-    assignment = UserAssignmentFactory()
-    assert assignment.user is not None
-    assert assignment.provider is not None
-    assert assignment.pk is not None
-
-
-@pytest.mark.django_db
-def test_user_assignment_str():
-    user = UserFactory(first_name="John", last_name="Doe")
-    provider = ProviderFactory(name="Test Provider")
-    assignment = UserAssignmentFactory(user=user, provider=provider)
-    assert str(assignment) == "John Doe → Test Provider"
-
+class TestUserAssignment:
+    def test_str(self):
+        user = UserFactory.build(first_name="John", last_name="Doe")
+        provider = ProviderFactory.build(name="Test Provider")
+        assignment = UserAssignmentFactory.build(user=user, provider=provider)
+        assert str(assignment) == "John Doe → Test Provider"
 
-@pytest.mark.django_db
-def test_user_assignment_unique_constraint():
-    user = UserFactory()
-    provider = ProviderFactory()
-    UserAssignmentFactory(user=user, provider=provider)
-
-    with pytest.raises(Exception):
+    @pytest.mark.django_db
+    def test_unique_constraint(self):
+        user = UserFactory()
+        provider = ProviderFactory()
         UserAssignmentFactory(user=user, provider=provider)
 
-
-@pytest.mark.django_db
-def test_user_assignment_related_names():
-    user = UserFactory()
-    provider = ProviderFactory()
-    assignment = UserAssignmentFactory(user=user, provider=provider)
-
-    assert assignment in user.assignments.all()
-    assert assignment in provider.assignments.all()
+        with pytest.raises(Exception):
+            UserAssignmentFactory(user=user, provider=provider)
+
+    @pytest.mark.django_db
+    def test_related_names(self):
+        user = UserFactory()
+        provider = ProviderFactory()
+        assignment = UserAssignmentFactory(user=user, provider=provider)
+
+        assert assignment in user.assignments.all()
+        assert assignment in provider.assignments.all()
+
+    @pytest.mark.django_db
+    def test_roles_ordering(self):
+        """Test that roles are sorted alphabetically for consistent ordering."""
+        user = UserFactory()
+        provider = ProviderFactory()
+
+        # Create assignment with roles in reverse alphabetical order
+        assignment = UserAssignmentFactory(
+            user=user,
+            provider=provider,
+            roles=[Role.CLINICAL.value, Role.ADMINISTRATIVE.value],
+        )
+
+        assert assignment.roles == [Role.ADMINISTRATIVE.value, Role.CLINICAL.value]
+
+    @pytest.mark.django_db
+    def test_roles_single_role(self):
+        """Test that single role works correctly."""
+        user = UserFactory()
+        provider = ProviderFactory()
+
+        assignment = UserAssignmentFactory(
+            user=user, provider=provider, roles=[Role.CLINICAL.value]
+        )
+
+        assert assignment.roles == [Role.CLINICAL.value]
+
+    @pytest.mark.django_db
+    def test_roles_duplicate_values(self):
+        """Test that duplicate roles are deduplicated and sorted on save."""
+        user = UserFactory()
+        provider = ProviderFactory()
+
+        assignment = UserAssignmentFactory(
+            user=user,
+            provider=provider,
+            roles=[Role.CLINICAL.value, Role.CLINICAL.value, Role.ADMINISTRATIVE.value],
+        )
+
+        # Should be sorted and deduplicated
+        assert assignment.roles == [
+            Role.ADMINISTRATIVE.value,
+            Role.CLINICAL.value,
+        ]
