Do not allow future log update taken_at time (#2447)

* Do not allow future log update taken_at time * Check for null * added tests * cleanup
ohcnetwork · Sep 16, 2024 · fa64e18 · fa64e18
1 parent 280553d
commit fa64e18
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/care/facility/api/serializers/daily_round.py b/care/facility/api/serializers/daily_round.py
@@ -1,6 +1,7 @@
 from datetime import timedelta
 
 from django.db import transaction
+from django.utils import timezone
 from django.utils.timezone import localtime, now
 from rest_framework import serializers
 from rest_framework.exceptions import ValidationError
@@ -295,3 +296,8 @@ def validate(self, attrs):
                 validated["bed_id"] = bed_object.id
 
         return validated
+
+    def validate_taken_at(self, value):
+        if value and value > timezone.now():
+            raise serializers.ValidationError("Cannot create an update in the future")
+        return value
diff --git a/care/facility/tests/test_patient_daily_rounds_api.py b/care/facility/tests/test_patient_daily_rounds_api.py
@@ -1,5 +1,7 @@
 import datetime
+from datetime import timedelta
 
+from django.utils import timezone
 from rest_framework import status
 from rest_framework.test import APITestCase
 
@@ -126,3 +128,14 @@ def test_doctors_log_update(self):
             data={**self.log_update, "rounds_type": "DOCTORS_LOG"},
         )
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+    def test_invalid_taken_at(self):
+        data = {
+            **self.log_update,
+            "taken_at": timezone.now() + timedelta(minutes=5),
+        }
+        response = self.client.post(
+            f"/api/v1/consultation/{self.consultation_with_bed.external_id}/daily_rounds/",
+            data,
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)