From 51235a952ee5b0fb1aee4c353c93050f11946ec0 Mon Sep 17 00:00:00 2001
From: Aakash Singh <mail@singhaakash.dev>
Date: Tue, 28 May 2024 21:29:57 +0530
Subject: [PATCH] fix state admin access to daily rounds (#2203)

---
 care/facility/models/daily_round.py           |  3 +--
 .../tests/test_patient_daily_rounds_api.py    | 24 +++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/care/facility/models/daily_round.py b/care/facility/models/daily_round.py
index 4b2457e50c..30c18b91c4 100644
--- a/care/facility/models/daily_round.py
+++ b/care/facility/models/daily_round.py
@@ -589,8 +589,7 @@ def has_object_read_permission(self, request):
                 request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]
                 and (
                     self.consultation.patient.facility
-                    and request.user.state
-                    == self.consultation.patient.facility.district
+                    and request.user.state == self.consultation.patient.facility.state
                 )
             )
         )
diff --git a/care/facility/tests/test_patient_daily_rounds_api.py b/care/facility/tests/test_patient_daily_rounds_api.py
index 06195fecb0..5145e4827e 100644
--- a/care/facility/tests/test_patient_daily_rounds_api.py
+++ b/care/facility/tests/test_patient_daily_rounds_api.py
@@ -16,6 +16,12 @@ def setUpTestData(cls) -> None:
         cls.local_body = cls.create_local_body(cls.district)
         cls.super_user = cls.create_super_user("su", cls.district)
         cls.facility = cls.create_facility(cls.super_user, cls.district, cls.local_body)
+        cls.state_admin = cls.create_user(
+            "state_admin", cls.district, home_facility=cls.facility, user_type=40
+        )
+        cls.district_admin = cls.create_user(
+            "district_admin", cls.district, home_facility=cls.facility, user_type=30
+        )
         cls.user = cls.create_user("staff1", cls.district, home_facility=cls.facility)
         cls.patient = cls.create_patient(district=cls.district, facility=cls.facility)
         cls.asset_location = cls.create_asset_location(cls.facility)
@@ -72,6 +78,24 @@ def test_action_in_log_update(
             patient.action, PatientRegistration.ActionEnum.DISCHARGE_RECOMMENDED.value
         )
 
+    def test_log_update_access_by_state_admin(self):
+        self.client.force_authenticate(user=self.state_admin)
+        response = self.client.post(
+            f"/api/v1/consultation/{self.consultation_with_bed.external_id}/daily_rounds/",
+            data=self.log_update,
+            format="json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+    def test_log_update_access_by_district_admin(self):
+        self.client.force_authenticate(user=self.district_admin)
+        response = self.client.post(
+            f"/api/v1/consultation/{self.consultation_with_bed.external_id}/daily_rounds/",
+            data=self.log_update,
+            format="json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
     def test_log_update_without_bed_for_admission(
         self,
     ):