fix(medic#8118): logged in user can message themselves

garethbowen · web-flow · commit 3e126356afba · 2024-01-04T11:36:51.000+01:00
diff --git a/webapp/src/ts/services/fast-action-button.service.ts b/webapp/src/ts/services/fast-action-button.service.ts
@@ -9,6 +9,7 @@ import { ReportsActions } from '@mm-actions/reports';
 import { ButtonType } from '@mm-components/fast-action-button/fast-action-button.component';
 import { TranslateService } from '@mm-services/translate.service';
 import { TranslateFromService } from '@mm-services/translate-from.service';
+import { UserSettingsService } from '@mm-services/user-settings.service';
 
 @Injectable({
   providedIn: 'root'
@@ -24,6 +25,7 @@ export class FastActionButtonService {
     private responsiveService: ResponsiveService,
     private translateService: TranslateService,
     private translateFromService: TranslateFromService,
+    private userSettingsService: UserSettingsService,
     @Inject(DOCUMENT) private document: Document,
   ) {
     this.reportsActions = new ReportsActions(store);
@@ -112,15 +114,23 @@ export class FastActionButtonService {
 
     const validatePhone = () => isPhoneRequired ? !!sendTo?.phone : true;
     const canUseMailto = () => useMailtoInMobile && this.responsiveService.isMobile();
+    const userMessagingThemself = async () => {
+      const user: any = await this.userSettingsService.get();
+      return user?.contact_id === sendTo?._id;
+    };
 
     return {
       id: 'send-message',
       labelKey: 'fast_action_button.send_message',
       icon: { name: 'fa-envelope', type: IconType.FONT_AWESOME },
       canDisplay: async () => {
         const permission = [ 'can_view_message_action' ];
-        !canUseMailto() && permission.push('can_edit');
-        return validatePhone() && await this.authService.has(permission);
+        if (!canUseMailto()) {
+          permission.push('can_edit');
+        }
+        return validatePhone() &&
+          await this.authService.has(permission) &&
+          !(await userMessagingThemself());
       },
       execute: () => {
         if (canUseMailto()) {
diff --git a/webapp/tests/karma/ts/services/fast-action-button.service.spec.ts b/webapp/tests/karma/ts/services/fast-action-button.service.spec.ts
@@ -12,14 +12,16 @@ import { TranslateService } from '@mm-services/translate.service';
 import { TranslateFromService } from '@mm-services/translate-from.service';
 import { ButtonType } from '@mm-components/fast-action-button/fast-action-button.component';
 import { ReportsActions } from '@mm-actions/reports';
+import { UserSettingsService } from '@mm-services/user-settings.service';
 
-describe('Session service', () => {
+describe('Fast Action Button service', () => {
   let service: FastActionButtonService;
   let router;
   let authService;
   let responsiveService;
   let translateService;
   let translateFromService;
+  let userSettingsService;
   let documentMock;
   let domElement;
 
@@ -29,6 +31,7 @@ describe('Session service', () => {
     responsiveService = { isMobile: sinon.stub() };
     translateService = { instant: sinon.stub().returnsArg(0) };
     translateFromService = { get: sinon.stub().returnsArg(0) };
+    userSettingsService = { get: sinon.stub().resolves() };
     domElement = {
       click: sinon.stub(),
       remove: sinon.stub(),
@@ -46,6 +49,7 @@ describe('Session service', () => {
         { provide: ResponsiveService, useValue: responsiveService },
         { provide: TranslateService, useValue: translateService },
         { provide: TranslateFromService, useValue: translateFromService },
+        { provide: UserSettingsService, useValue: userSettingsService },
         { provide: DOCUMENT, useValue: documentMock},
       ],
     });
@@ -759,6 +763,29 @@ describe('Session service', () => {
       assertUpdateFacilityAction(actions[0]);
     });
 
+    it('should not return send message action if sendto matches user', async () => {
+      const context = {
+        reportContentType: 'other',
+        communicationContext: {
+          sendTo: { _id: '1234', phone: '+2541234567890' },
+          callbackOpenSendMessage: sinon.stub(),
+        },
+      };
+      authService.has.resolves(true);
+      responsiveService.isMobile.returns(true);
+      userSettingsService.get.resolves({ contact_id: '1234' });
+
+      const actions = await service.getReportRightSideActions(context);
+
+      expect(actions.length).to.equal(1);
+      expect(authService.has.args).to.have.deep.members([
+        [ [ 'can_view_message_action' ] ],
+        [ 'can_edit' ],
+      ]);
+
+      assertUpdateFacilityAction(actions[0]);
+    });
+
     it('should not return actions if no permissions', async () => {
       const context = {
         reportContentType: 'other',
