Allowing more submission states for unlocking (#4642)

* Allowing more submission states for unlocking * Lint * Lint
GSA-TTS · Jan 21, 2025 · abe551d · abe551d
1 parent 5de3a9b
commit abe551d
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/backend/audit/verify_status.py b/backend/audit/verify_status.py
@@ -17,8 +17,8 @@ def verify_status(status):
     Decorator to be applied to view request methods (i.e. get, post) to verify
     that the submission is in the correct state before allowing the user to
     proceed. An incorrect status usually happens via direct URL access. If the
-    given status does not match the submission's, it will redirect them back to
-    the submission progress page.
+    given status(es) do(es) not match the submission's, it will redirect them back to
+    the submission progress page. Accepts either a str or a [str].
     """
 
     def decorator_verify_status(request_method):
@@ -30,8 +30,10 @@ def verify(view, request, *args, **kwargs):
             except SingleAuditChecklist.DoesNotExist:
                 raise PermissionDenied("You do not have access to this audit.")
 
-            # Return to checklist, the Audit is not in the correct state.
-            if sac.submission_status != status:
+            statuses = status if isinstance(status, list) else [status]
+
+            if sac.submission_status not in statuses:
+                # Return to checklist, the audit is not in the correct state
                 logger.warning(
                     f"Expected submission status {status} but it's currently {sac.submission_status}"
                 )

diff --git a/backend/audit/views/unlock_after_certification.py b/backend/audit/views/unlock_after_certification.py
@@ -28,7 +28,13 @@ class UnlockAfterCertificationView(
     READY_FOR_CERTIFICATION.
     """
 
-    @verify_status(STATUS.READY_FOR_CERTIFICATION)
+    @verify_status(
+        [
+            STATUS.READY_FOR_CERTIFICATION,
+            STATUS.AUDITOR_CERTIFIED,
+            STATUS.AUDITEE_CERTIFIED,
+        ]
+    )
     def get(self, request, *args, **kwargs):
         report_id = kwargs["report_id"]
 
@@ -55,7 +61,13 @@ def get(self, request, *args, **kwargs):
         except SingleAuditChecklist.DoesNotExist:
             raise PermissionDenied("You do not have access to this audit.")
 
-    @verify_status(STATUS.READY_FOR_CERTIFICATION)
+    @verify_status(
+        [
+            STATUS.READY_FOR_CERTIFICATION,
+            STATUS.AUDITOR_CERTIFIED,
+            STATUS.AUDITEE_CERTIFIED,
+        ]
+    )
     def post(self, request, *args, **kwargs):
         report_id = kwargs["report_id"]