From e4caa1d1979d104a2f6575f29bb1fd3dd88aaaa6 Mon Sep 17 00:00:00 2001
From: Becky Smith <becky.smith@thedatalab.org>
Date: Wed, 4 Sep 2024 15:16:59 +0100
Subject: [PATCH] Move all of user_can_withdraw_file check to permissions.py

The check for whether a file is withdrawable uses
WorkspaceFileStatus (to check if it's already been withdrawn).
This is dependent on the current user's requests, so this check
belongs in permissions.py, not policies.py
---
 airlock/permissions.py | 12 +++++++++++-
 airlock/policies.py    | 11 -----------
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/airlock/permissions.py b/airlock/permissions.py
index 86a4eccb..e9c63800 100644
--- a/airlock/permissions.py
+++ b/airlock/permissions.py
@@ -8,6 +8,7 @@
 from airlock.enums import (
     RequestStatus,
     RequestStatusOwner,
+    WorkspaceFileStatus,
 )
 from airlock.types import UrlPath
 from airlock.users import User
@@ -231,12 +232,21 @@ def check_user_can_withdraw_file_from_request(
     user: User, request: "ReleaseRequest", workspace: "Workspace", relpath: UrlPath
 ):
     assert workspace.name == request.workspace
-    policies.check_can_withdraw_file_from_request(workspace, relpath)
+
     if not user_can_edit_request(user, request):
         raise exceptions.RequestPermissionDenied(
             f"Cannot withdraw file {relpath} from request"
         )
 
+    # If the user has permission to withdraw, check that the file
+    # is withdrawable; i.e. it has not already been withdrawn
+    # Note this is dependent on the user's current request
+    status = workspace.get_workspace_file_status(relpath)
+    if status == WorkspaceFileStatus.WITHDRAWN:
+        raise exceptions.RequestPermissionDenied(
+            "File has already been withdrawn from request"
+        )
+
 
 def user_can_withdraw_file_from_request(
     user: User, request: "ReleaseRequest", workspace: "Workspace", relpath: UrlPath
diff --git a/airlock/policies.py b/airlock/policies.py
index 4393ccfc..28e1445a 100644
--- a/airlock/policies.py
+++ b/airlock/policies.py
@@ -147,17 +147,6 @@ def check_can_update_file_on_request(workspace: "Workspace", relpath: UrlPath):
         )
 
 
-def check_can_withdraw_file_from_request(workspace: "Workspace", relpath: UrlPath):
-    """
-    This file is withdrawable; i.e. it has not already been withdrawn
-    """
-    status = workspace.get_workspace_file_status(relpath)
-    if status == WorkspaceFileStatus.WITHDRAWN:
-        raise exceptions.RequestPermissionDenied(
-            "file has already been withdrawn from request"
-        )
-
-
 def check_can_review_request(request: "ReleaseRequest"):
     """
     This request is in a reviewable state