From ade248abf0ebb10b6b5d092d48706d22d0371992 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laur=C3=A9line=20Gu=C3=A9rin?= <zebuline@entrouvert.com>
Date: Fri, 4 Nov 2022 16:13:12 +0100
Subject: [PATCH] api: hide check fields for bookings of meetings agendas
 (#69169)

---
 chrono/api/serializers.py | 16 ++++++++++------
 chrono/api/views.py       |  7 +++++++
 tests/api/test_booking.py | 25 ++++++++++++++++++++++---
 3 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/chrono/api/serializers.py b/chrono/api/serializers.py
index 4d7de2e7..e20a74ea 100644
--- a/chrono/api/serializers.py
+++ b/chrono/api/serializers.py
@@ -230,17 +230,21 @@ class BookingSerializer(serializers.ModelSerializer):
 
     def to_representation(self, instance):
         ret = super().to_representation(instance)
-        ret['user_absence_reason'] = (
-            self.instance.user_check_type_slug if self.instance.user_was_present is False else None
-        )
-        ret['user_presence_reason'] = (
-            self.instance.user_check_type_slug if self.instance.user_was_present is True else None
-        )
         if self.instance.event.agenda.kind != 'events':
             ret['desk'] = {
                 'slug': self.instance.event.desk.slug,
                 'label': self.instance.event.desk.label,
             }
+            ret.pop('user_was_present', None)
+            ret.pop('user_absence_reason', None)
+            ret.pop('user_presence_reason', None)
+        else:
+            ret['user_absence_reason'] = (
+                self.instance.user_check_type_slug if self.instance.user_was_present is False else None
+            )
+            ret['user_presence_reason'] = (
+                self.instance.user_check_type_slug if self.instance.user_was_present is True else None
+            )
         return ret
 
     def _validate_check_type(self, kind, value):
diff --git a/chrono/api/views.py b/chrono/api/views.py
index 1c75dbdd..a90a7a75 100644
--- a/chrono/api/views.py
+++ b/chrono/api/views.py
@@ -2538,6 +2538,13 @@ class BookingAPI(APIView):
         if not serializer.is_valid():
             raise APIErrorBadRequest(N_('invalid payload'), errors=serializer.errors, err=4)
 
+        if self.booking.event.agenda.kind != 'events' and (
+            'user_was_present' in request.data
+            or 'user_absence_reason' in request.data
+            or 'user_presence_reason' in request.data
+        ):
+            raise APIErrorBadRequest(N_('can not set check fields for non events agenda'), err=7)
+
         if (
             self.booking.event.checked
             and self.booking.event.agenda.disable_check_update
diff --git a/tests/api/test_booking.py b/tests/api/test_booking.py
index 011f6c74..99fbe215 100644
--- a/tests/api/test_booking.py
+++ b/tests/api/test_booking.py
@@ -154,9 +154,6 @@ def test_bookings_api(app, user):
             'user_last_name': '',
             'user_email': '',
             'user_phone_number': '',
-            'user_was_present': None,
-            'user_absence_reason': None,
-            'user_presence_reason': None,
             'use_color_for': None,
             'extra_data': None,
             'cancellation_datetime': None,
@@ -630,6 +627,12 @@ def test_booking_patch_api_present(app, user, flag):
     resp = app.patch_json('/api/booking/%s/' % booking.pk)
     assert resp.json['err'] == 0
 
+    agenda.kind = 'meetings'
+    agenda.save()
+    resp = app.patch_json('/api/booking/%s/' % booking.pk, params={'user_was_present': flag}, status=400)
+    assert resp.json['err'] == 7
+    assert resp.json['err_desc'] == 'can not set check fields for non events agenda'
+
 
 @mock.patch('chrono.api.serializers.get_agenda_check_types')
 def test_booking_patch_api_absence_reason(check_types, app, user):
@@ -739,6 +742,14 @@ def test_booking_patch_api_absence_reason(check_types, app, user):
     resp = app.patch_json('/api/booking/%s/' % booking.pk)
     assert resp.json['err'] == 0
 
+    agenda.kind = 'meetings'
+    agenda.save()
+    resp = app.patch_json(
+        '/api/booking/%s/' % booking.pk, params={'user_absence_reason': 'foo-bar'}, status=400
+    )
+    assert resp.json['err'] == 7
+    assert resp.json['err_desc'] == 'can not set check fields for non events agenda'
+
 
 @mock.patch('chrono.api.serializers.get_agenda_check_types')
 def test_booking_patch_api_presence_reason(check_types, app, user):
@@ -848,6 +859,14 @@ def test_booking_patch_api_presence_reason(check_types, app, user):
     resp = app.patch_json('/api/booking/%s/' % booking.pk)
     assert resp.json['err'] == 0
 
+    agenda.kind = 'meetings'
+    agenda.save()
+    resp = app.patch_json(
+        '/api/booking/%s/' % booking.pk, params={'user_presence_reason': 'foo-bar'}, status=400
+    )
+    assert resp.json['err'] == 7
+    assert resp.json['err_desc'] == 'can not set check fields for non events agenda'
+
 
 def test_booking_patch_api_both_reasons(app, user):
     agenda = Agenda.objects.create(kind='events')