Add age validation to application sent mutation

City-of-Helsinki · Feb 5, 2025 · 13813f5 · 13813f5
1 parent 4d2beed
commit 13813f5
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/tests/factories/application.py b/tests/factories/application.py
@@ -131,6 +131,7 @@ def create_application_ready_for_sending(cls, **kwargs: Any) -> Application:
             "applicant_type": ApplicantTypeChoice.INDIVIDUAL,
             "cancelled_date": None,
             "sent_date": None,
+            "user__date_of_birth": datetime.date(1980, 1, 1),
             **kwargs,
         }
 

diff --git a/tests/test_graphql_api/test_application/test_send.py b/tests/test_graphql_api/test_application/test_send.py
@@ -3,6 +3,7 @@
 import datetime
 
 import pytest
+from freezegun import freeze_time
 
 from tilavarauspalvelu.enums import ApplicantTypeChoice, Priority, Weekday
 from tilavarauspalvelu.integrations.email.main import EmailService
@@ -737,3 +738,16 @@ def test_send_application__company_applicant__identifier_missing(graphql):
     assert response.field_error_messages() == [
         "Application organisation must have an identifier.",
     ]
+
+
+@freeze_time("2024-01-01")
+def test_send_application__user_is_not_adult(graphql):
+    application = ApplicationFactory.create_application_ready_for_sending(
+        user__date_of_birth=datetime.date(2020, 1, 1),
+    )
+
+    graphql.login_with_superuser()
+    response = graphql(SEND_MUTATION, input_data={"pk": application.pk})
+
+    assert response.error_message() == "Mutation was unsuccessful."
+    assert response.field_error_messages() == ["Application can only be sent by an adult reservee"]
diff --git a/tilavarauspalvelu/api/graphql/types/application/serializers.py b/tilavarauspalvelu/api/graphql/types/application/serializers.py
@@ -97,6 +97,7 @@ def validate(self, data: dict[str, Any]) -> dict[str, Any]:
 
         self.validate_application_sections(errors)
         self.validate_applicant(errors)
+        self.validate_user(self.instance.user, errors)
 
         status = self.instance.status
         if not status.can_send:
@@ -312,6 +313,14 @@ def validate_organisation_address(self, organisation: Organisation, errors: defa
             if self.instance.billing_address is not None:
                 self.validate_billing_address(errors)
 
+    def validate_user(self, user: User, errors: defaultdict[str, list[str]]) -> None:
+        if user.actions.is_ad_user or user.actions.is_of_age:
+            return
+
+        msg = "Application can only be sent by an adult reservee"
+        errors[api_settings.NON_FIELD_ERRORS_KEY].append(msg)
+        return
+
     def save(self, **kwargs: Any) -> Application:
         self.instance.sent_date = local_datetime()
         self.instance.save()