Merge pull request #1140 from NHSDigital/permission-required-raise-exception

MatMoore · web-flow · commit ce3f13fd3a85 · 2026-03-10T14:09:52.000Z
Use raise_exception option of permission_required everywhere
diff --git a/manage_breast_screening/mammograms/tests/views/test_appointment_workflow_views.py b/manage_breast_screening/mammograms/tests/views/test_appointment_workflow_views.py
@@ -11,7 +11,6 @@
     assertRedirects,
 )
 
-from manage_breast_screening.config.settings import LOGIN_URL
 from manage_breast_screening.core.models import AuditLog
 from manage_breast_screening.dicom.models import Study as DicomStudy
 from manage_breast_screening.dicom.tests.factories import (
@@ -532,7 +531,7 @@ def test_user_not_permitted(self, administrative_user_client):
         )
         url = reverse("mammograms:start_appointment", kwargs={"pk": appointment.pk})
         response = administrative_user_client.http.post(url)
-        assertRedirects(response, reverse(LOGIN_URL, query={"next": url}))
+        assert response.status_code == 403
 
 
 @pytest.mark.django_db
@@ -792,7 +791,7 @@ def test_user_not_permitted(self, administrative_user_client, paused_appointment
             "mammograms:resume_appointment", kwargs={"pk": paused_appointment.pk}
         )
         response = administrative_user_client.http.post(url)
-        assertRedirects(response, reverse(LOGIN_URL, query={"next": url}))
+        assert response.status_code == 403
 
 
 @pytest.mark.django_db
diff --git a/manage_breast_screening/mammograms/views/appointment_workflow_views.py b/manage_breast_screening/mammograms/views/appointment_workflow_views.py
@@ -306,7 +306,7 @@ def check_in(request, pk):
 
 
 @require_http_methods(["POST"])
-@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT)
+@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT, raise_exception=True)
 def start_appointment(request, pk):
     try:
         provider = request.user.current_provider
@@ -320,7 +320,7 @@ def start_appointment(request, pk):
 
 
 @require_http_methods(["POST"])
-@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT)
+@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT, raise_exception=True)
 def resume_appointment(request, pk):
     try:
         provider = request.user.current_provider
diff --git a/manage_breast_screening/mammograms/views/mammogram_views.py b/manage_breast_screening/mammograms/views/mammogram_views.py
@@ -40,7 +40,7 @@
 logger = logging.getLogger(__name__)
 
 
-@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT)
+@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT, raise_exception=True)
 def appointment_should_not_proceed(
     request, appointment_pk, participant_reported_mammogram_pk
 ):
@@ -103,7 +103,7 @@ def appointment_should_not_proceed(
 
 
 @require_http_methods(["POST"])
-@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT)
+@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT, raise_exception=True)
 def attended_not_screened(request, appointment_pk):
     provider = request.user.current_provider
     try:
@@ -125,6 +125,7 @@ class AppointmentProceedAnywayView(
     template_name = "mammograms/proceed_anyway.jinja"
     thing_name = "a previous mammogram"
     permission_required = Permission.DO_MAMMOGRAM_APPOINTMENT
+    raise_exception = True
 
     def update_title(self, thing_name):
         return "You are continuing despite a recent mammogram"
@@ -188,7 +189,7 @@ def get_context_data(self, **kwargs):
 
 
 @require_http_methods(["GET"])
-@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT)
+@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT, raise_exception=True)
 def check_information(request, pk):
     provider = request.user.current_provider
     try:
@@ -216,7 +217,7 @@ def check_information(request, pk):
 
 
 @require_http_methods(["POST"])
-@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT)
+@permission_required(Permission.DO_MAMMOGRAM_APPOINTMENT, raise_exception=True)
 def complete_screening(request, pk):
     provider = request.user.current_provider
     try:
diff --git a/manage_breast_screening/mammograms/views/mixins.py b/manage_breast_screening/mammograms/views/mixins.py
@@ -77,6 +77,7 @@ class InProgressAppointmentMixin(PermissionRequiredMixin, AppointmentMixin):
     """
 
     permission_required = Permission.DO_MAMMOGRAM_APPOINTMENT
+    raise_exception = True
 
     def dispatch(self, request, *args, **kwargs):
         appointment = self.appointment  # type: ignore

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@`
`11`	`11`	`assertRedirects,`
`12`	`12`	`)`
`13`	`13`
`14`		`-from manage_breast_screening.config.settings import LOGIN_URL`
`15`	`14`	`from manage_breast_screening.core.models import AuditLog`
`16`	`15`	`from manage_breast_screening.dicom.models import Study as DicomStudy`
`17`	`16`	`from manage_breast_screening.dicom.tests.factories import (`
`@@ -532,7 +531,7 @@ def test_user_not_permitted(self, administrative_user_client):`
`532`	`531`	`)`
`533`	`532`	`url = reverse("mammograms:start_appointment", kwargs={"pk": appointment.pk})`
`534`	`533`	`response = administrative_user_client.http.post(url)`
`535`		`- assertRedirects(response, reverse(LOGIN_URL, query={"next": url}))`
	`534`	`+ assert response.status_code == 403`
`536`	`535`
`537`	`536`
`538`	`537`	`@pytest.mark.django_db`
`@@ -792,7 +791,7 @@ def test_user_not_permitted(self, administrative_user_client, paused_appointment`
`792`	`791`	`"mammograms:resume_appointment", kwargs={"pk": paused_appointment.pk}`
`793`	`792`	`)`
`794`	`793`	`response = administrative_user_client.http.post(url)`
`795`		`- assertRedirects(response, reverse(LOGIN_URL, query={"next": url}))`
	`794`	`+ assert response.status_code == 403`
`796`	`795`
`797`	`796`
`798`	`797`	`@pytest.mark.django_db`