extract constants for permission names

MatMoore · MatMoore · commit 9c5c0b86fca8 · 2025-08-21T16:02:33.000+01:00
diff --git a/manage_breast_screening/auth/models.py b/manage_breast_screening/auth/models.py
@@ -8,6 +8,11 @@ class Role(StrEnum):
     SUPERUSER = "Superuser"
 
 
+class Permission(StrEnum):
+    VIEW_PARTICIPANT_DATA = "participants.view_participant_data"
+    PERFORM_MAMMOGRAM_APPOINTMENT = "mammograms.perform_mammogram_appointment"
+
+
 @dataclass
 class Persona:
     first_name: str
diff --git a/manage_breast_screening/auth/rules.py b/manage_breast_screening/auth/rules.py
@@ -6,7 +6,7 @@
 
 import rules
 
-from .models import Role
+from .models import Permission, Role
 
 
 def user_has_any_role(role, *other_roles):
@@ -22,7 +22,7 @@ def check(user):
 
 # fmt: off
 
-rules.add_perm("participants.view_participant_data", user_has_any_role(Role.CLINICAL, Role.ADMINISTRATIVE))
-rules.add_perm("mammograms.perform_mammogram_appointment", user_has_any_role(Role.CLINICAL))
+rules.add_perm(Permission.VIEW_PARTICIPANT_DATA, user_has_any_role(Role.CLINICAL, Role.ADMINISTRATIVE))
+rules.add_perm(Permission.PERFORM_MAMMOGRAM_APPOINTMENT, user_has_any_role(Role.CLINICAL))
 
 # fmt: on
diff --git a/manage_breast_screening/auth/tests/test_rules.py b/manage_breast_screening/auth/tests/test_rules.py
@@ -1,5 +1,7 @@
 import pytest
 
+from manage_breast_screening.auth.models import Permission
+
 
 @pytest.mark.django_db
 class TestRules:
@@ -8,19 +10,19 @@ def test_rule_requiring_clinical_role(
     ):
         user.groups.add()
 
-        assert not user.has_perm("mammograms.perform_mammogram_appointment")
+        assert not user.has_perm(Permission.PERFORM_MAMMOGRAM_APPOINTMENT)
         assert not administrative_user.has_perm(
-            "mammograms.perform_mammogram_appointment"
+            Permission.PERFORM_MAMMOGRAM_APPOINTMENT
         )
-        assert clinical_user.has_perm("mammograms.perform_mammogram_appointment")
-        assert superuser.has_perm("mammograms.perform_mammogram_appointment")
+        assert clinical_user.has_perm(Permission.PERFORM_MAMMOGRAM_APPOINTMENT)
+        assert superuser.has_perm(Permission.PERFORM_MAMMOGRAM_APPOINTMENT)
 
     def test_rule_requiring_clinical_or_administrative_role(
         self, user, administrative_user, clinical_user, superuser
     ):
         user.groups.add()
 
-        assert not user.has_perm("participants.view_participant_data")
-        assert administrative_user.has_perm("participants.view_participant_data")
-        assert clinical_user.has_perm("participants.view_participant_data")
-        assert superuser.has_perm("participants.view_participant_data")
+        assert not user.has_perm(Permission.VIEW_PARTICIPANT_DATA)
+        assert administrative_user.has_perm(Permission.VIEW_PARTICIPANT_DATA)
+        assert clinical_user.has_perm(Permission.VIEW_PARTICIPANT_DATA)
+        assert superuser.has_perm(Permission.VIEW_PARTICIPANT_DATA)
diff --git a/manage_breast_screening/mammograms/views/appointment_flow.py b/manage_breast_screening/mammograms/views/appointment_flow.py
@@ -8,6 +8,7 @@
 from django.views.decorators.http import require_http_methods
 from django.views.generic import FormView, TemplateView
 
+from manage_breast_screening.auth.models import Permission
 from manage_breast_screening.core.services.auditor import Auditor
 from manage_breast_screening.participants.models import (
     Appointment,
@@ -60,7 +61,7 @@ class InProgressAppointmentMixin(PermissionRequiredMixin, AppointmentMixin):
     If the appointment is not in progress, redirect to the appointment show page.
     """
 
-    permission_required = "mammograms.perform_mammogram_appointment"
+    permission_required = Permission.PERFORM_MAMMOGRAM_APPOINTMENT
 
     def dispatch(self, request, *args, **kwargs):
         appointment = self.appointment  # type: ignore
@@ -83,7 +84,7 @@ class ShowAppointment(AppointmentMixin, View):
     def get(self, request, *args, **kwargs):
         appointment = self.appointment
         if (
-            request.user.has_perm("mammograms.perform_mammogram_appointment")
+            request.user.has_perm(Permission.PERFORM_MAMMOGRAM_APPOINTMENT)
             and appointment.current_status.in_progress
         ):
             return redirect("mammograms:start_screening", pk=self.appointment.pk)
diff --git a/manage_breast_screening/participants/views.py b/manage_breast_screening/participants/views.py
@@ -5,6 +5,7 @@
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
 
+from manage_breast_screening.auth.models import Permission
 from manage_breast_screening.mammograms.presenters import LastKnownMammogramPresenter
 from manage_breast_screening.participants.services import fetch_current_provider
 
@@ -32,7 +33,7 @@ def parse_return_url(request, default: str) -> str:
     return return_url
 
 
-@permission_required("participants.view_participant_data")
+@permission_required(Permission.VIEW_PARTICIPANT_DATA)
 def show(request, pk):
     participant = get_object_or_404(Participant, pk=pk)
     presented_participant = ParticipantPresenter(participant)
@@ -75,7 +76,7 @@ def show(request, pk):
     )
 
 
-@permission_required("participants.view_participant_data")
+@permission_required(Permission.VIEW_PARTICIPANT_DATA)
 def edit_ethnicity(request, pk):
     participant = get_object_or_404(Participant, pk=pk)
 
@@ -109,7 +110,7 @@ def edit_ethnicity(request, pk):
     )
 
 
-@permission_required("participants.view_participant_data")
+@permission_required(Permission.VIEW_PARTICIPANT_DATA)
 def add_previous_mammogram(request, pk):
     participant = get_object_or_404(Participant, pk=pk)
     current_provider = fetch_current_provider(pk)
