#4476 fixes some SE PII violations

openlibhums · Nov 4, 2024 · 98ac962 · 98ac962
1 parent 7ca333d
commit 98ac962
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 4 deletions.
diff --git a/src/security/test_security.py b/src/security/test_security.py
@@ -4001,6 +4001,9 @@ def test_section_editor_cannot_see_pii_when_enabled(self):
                 'review_in_review',
                 'review_decision',
                 'decision_helper',
+                'review_request_revisions',
+                'request_revisions_notification',
+                'review_view_review'
             ]
             general_views = [
                 'core_dashboard',
@@ -4031,6 +4034,10 @@ def test_section_editor_cannot_see_pii_when_enabled(self):
                 }
                 if view_name == 'review_decision':
                     kwargs['decision'] = 'accept'
+                elif view_name == 'request_revisions_notification':
+                    kwargs['revision_id'] = self.air_revision_request.pk
+                elif view_name == 'review_view_review':
+                    kwargs['review_id'] = self.air_completed_review.pk
                 response = self.client.get(
                     reverse(
                         view_name,
@@ -4320,6 +4327,25 @@ def setUpTestData(self):
             editor_type='section-editor',
             notified=True,
         )
+        self.air_revision_request = review_models.RevisionRequest.objects.create(
+            article=self.article_in_review,
+            editor=self.section_editor,
+            editor_note='Hey, this is just a test! No sweat.',
+            date_due=timezone.now(),
+        )
+        self.air_round = review_models.ReviewRound.objects.create(
+            article=self.article_in_review,
+            round_number=10,
+        )
+        self.air_completed_review = review_models.ReviewAssignment.objects.create(
+            article=self.article_in_review,
+            reviewer=self.second_reviewer,
+            editor=self.section_editor,
+            review_round=self.air_round,
+            date_due=timezone.now(),
+            date_complete=timezone.now(),
+            is_complete=True,
+        )
         self.article_in_production = submission_models.Article(owner=self.regular_user, title="A Test Article",
                                                                abstract="An abstract",
                                                                stage=submission_models.STAGE_TYPESETTING,

diff --git a/src/templates/admin/review/revision/request_revisions.html b/src/templates/admin/review/revision/request_revisions.html
@@ -3,7 +3,7 @@
 
 {% block title %}Request Revisions{% endblock title %}
 {% block title-section %}Request Revisions{% endblock %}
-{% block title-sub %}#{{ article.pk }} / {{ article.correspondence_author.last_name }} / {{ article.safe_title }}{% endblock %}
+{% block title-sub %}#{{ article.pk }} / {{ article.correspondence_author.last_name|se_can_see_pii:article }} / {{ article.safe_title }}{% endblock %}
 
 {% block breadcrumbs %}
     {{ block.super }}

diff --git a/src/templates/admin/review/revision/request_revisions_notification.html b/src/templates/admin/review/revision/request_revisions_notification.html
@@ -4,7 +4,7 @@
 
 {% block title %}Request Revisions{% endblock title %}
 {% block title-section %}Request Revisions{% endblock %}
-{% block title-sub %}#{{ article.pk }} / {{ article.correspondence_author.last_name }} / {{ article.safe_title }}{% endblock %}
+{% block title-sub %}#{{ article.pk }} / {{ article.correspondence_author.last_name|se_can_see_pii:article }} / {{ article.safe_title }}{% endblock %}
 
 {% block breadcrumbs %}
 {{ block.super }}
@@ -23,7 +23,7 @@ <h2>Notify the Author</h2>
             <p>You can send a message to the author or skip it.</p>
             <div class="card">
                 <div class="card-divider">
-                    <h4>To {{ article.correspondence_author.full_name }}</h4>
+                    <h4>To {{ article.correspondence_author.full_name|se_can_see_pii:article }}</h4>
                     <h5>From {{ request.user.full_name }}</h5>
                 </div>
                 <form method="POST" enctype="multipart/form-data">

diff --git a/src/templates/admin/review/view_review.html b/src/templates/admin/review/view_review.html
@@ -5,7 +5,7 @@
 
 {% block title %}View Review{% endblock title %}
 {% block title-section %}View Review{% endblock %}
-{% block title-sub %}#{{ article.pk }} / {{ article.correspondence_author.last_name }} /
+{% block title-sub %}#{{ article.pk }} / {{ article.correspondence_author.last_name|se_can_see_pii:article }} /
     {{ article.safe_title }}{% endblock %}
 
 {% block breadcrumbs %}