adds authorization to check if a user is a Division Director or Deputy DD of the managing Division of the Change Request to review (approve/reject) the CR. It also allows Budget Team and Admins to review CRs.
fix: NoPermsClient was missing a valid session. Fixing this required some additional test changes. The health checks were changed to use the basic flask client with no user. And tests that were supposed to be checking authorization of logged in user were actually testing that user session was invalid instead, so the tested status codes were changed with this fix. Although I think our use of 401 and 403 needs to be reviewed and may need to be swapped (#2457)
Issue
2348 #2378 #2349
How to test
Automated tests pass.
There is a new test for this: test_workflows.test_status_change_request_creates_procurement_workflow
Definition of Done Checklist
[x] OESA: Code refactored for clarity
[x] OESA: Dependency rules followed
[x] Automated unit tests updated and passed
[x] Automated integration tests updated and passed
What changed
Issue
2348 #2378 #2349
How to test
Automated tests pass. There is a new test for this:
test_workflows.test_status_change_request_creates_procurement_workflow
Definition of Done Checklist