app/main/views/manage_users.py

from itertools import chain
from collections import OrderedDict
from flask import (
    request,
    render_template,
    redirect,
    url_for,
    flash
)

from flask_login import (
    login_required,
    current_user
)

from app.main import main
from app.main.forms import (
    InviteUserForm,
    PermissionsForm
)
from app.main.dao.services_dao import get_service_by_id
from app import user_api_client
from app import invite_api_client
from app.utils import user_has_permissions


roles = {
    'send_messages': ['send_texts', 'send_emails', 'send_letters'],
    'manage_service': ['manage_users', 'manage_templates', 'manage_settings'],
    'manage_api_keys': ['manage_api_keys', 'access_developer_docs']
}


@main.route("/services/<service_id>/users")
@login_required
def manage_users(service_id):
    return render_template(
        'views/manage-users.html',
        service_id=service_id,
        users=user_api_client.get_users_for_service(service_id=service_id),
        current_user=current_user,
        invited_users=[
            invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)
            if invite.status != 'accepted'
        ]
    )


@main.route("/services/<service_id>/users/invite", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_users', admin_override=True)
def invite_user(service_id):
    get_service_by_id(service_id)

    form = InviteUserForm(invalid_email_address=current_user.email_address)

    if form.validate_on_submit():
        email_address = form.email_address.data
        invited_user = invite_api_client.create_invite(
            current_user.id,
            service_id,
            email_address,
            ','.join(
                role for role in roles.keys() if request.form.get(role) == 'y'
            )
        )

        flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')
        return redirect(url_for('.manage_users', service_id=service_id))

    return render_template(
        'views/invite-user.html',
        service_id=service_id,
        form=form
    )


@main.route("/services/<service_id>/users/<user_id>", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_users', admin_override=True)
def edit_user_permissions(service_id, user_id):
    # TODO we should probably using the service id here in the get user
    # call as well. eg. /user/<user_id>?&service_id=service_id
    user = user_api_client.get_user(user_id)
    get_service_by_id(service_id)
    # Need to make the email address read only, or a disabled field?
    # Do it through the template or the form class?
    form = PermissionsForm(**{
        role: user.has_permissions(permissions=permissions) for role, permissions in roles.items()
    })

    if form.validate_on_submit():
        user_api_client.set_user_permissions(
            user_id, service_id,
            permissions=set(chain.from_iterable(
                permissions for role, permissions in roles.items() if form[role].data
            ))
        )
        return redirect(url_for('.manage_users', service_id=service_id))

    return render_template(
        'views/edit-user-permissions.html',
        user=user,
        form=form,
        service_id=service_id
    )


@main.route("/services/<service_id>/cancel-invited-user/<invited_user_id>", methods=['GET'])
@user_has_permissions('manage_users', admin_override=True)
def cancel_invited_user(service_id, invited_user_id):
    invite_api_client.cancel_invited_user(service_id=service_id, invited_user_id=invited_user_id)

    return redirect(url_for('main.manage_users', service_id=service_id))
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`from itertools import chain`
			`from collections import OrderedDict`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`from flask import (`
			`request,`
			`render_template,`
			`redirect,`
			`url_for,`
Changed registration flow to first send email verification link that when visited sends sms code for second step of account verification. At that second step user enters just sms code sent to users mobile number. Also moved dao calls that simply proxied calls to client to calling client directly. There is still a place where a user will be a sent a code for verification to their email namely if they update email address. 2016-03-17 13:07:52 +00:00			`flash`
			`)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`from flask_login import (`
			`login_required,`
			`current_user`
			`)`

Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`from app.main import main`
Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`from app.main.forms import (`
			`InviteUserForm,`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`PermissionsForm`
Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`)`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`from app.main.dao.services_dao import get_service_by_id`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`from app import user_api_client`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`from app import invite_api_client`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`from app.utils import user_has_permissions`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00

Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`roles = {`
			`'send_messages': ['send_texts', 'send_emails', 'send_letters'],`
			`'manage_service': ['manage_users', 'manage_templates', 'manage_settings'],`
			`'manage_api_keys': ['manage_api_keys', 'access_developer_docs']`
			`}`


Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`@main.route("/services/<service_id>/users")`
			`@login_required`
			`def manage_users(service_id):`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`return render_template(`
			`'views/manage-users.html',`
			`service_id=service_id,`
			`users=user_api_client.get_users_for_service(service_id=service_id),`
			`current_user=current_user,`
			`invited_users=[`
			`invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)`
			`if invite.status != 'accepted'`
			`]`
			`)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00

			`@main.route("/services/<service_id>/users/invite", methods=['GET', 'POST'])`
			`@login_required`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`def invite_user(service_id):`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`get_service_by_id(service_id)`

			`form = InviteUserForm(invalid_email_address=current_user.email_address)`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`if form.validate_on_submit():`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`email_address = form.email_address.data`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`invited_user = invite_api_client.create_invite(`
			`current_user.id,`
			`service_id,`
			`email_address,`
			`','.join(`
			`role for role in roles.keys() if request.form.get(role) == 'y'`
			`)`
			`)`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')`
			`return redirect(url_for('.manage_users', service_id=service_id))`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00
			`return render_template(`
			`'views/invite-user.html',`
			`service_id=service_id,`
			`form=form`
			`)`


			`@main.route("/services/<service_id>/users/<user_id>", methods=['GET', 'POST'])`
			`@login_required`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add button to cancel invitation of invited user. 2016-03-01 16:12:26 +00:00			`def edit_user_permissions(service_id, user_id):`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`# TODO we should probably using the service id here in the get user`
			`# call as well. eg. /user/<user_id>?&service_id=service_id`
			`user = user_api_client.get_user(user_id)`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`get_service_by_id(service_id)`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00			`# Need to make the email address read only, or a disabled field?`
			`# Do it through the template or the form class?`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`form = PermissionsForm(**{`
			`role: user.has_permissions(permissions=permissions) for role, permissions in roles.items()`
			`})`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`if form.validate_on_submit():`
Set permissions with checkboxes, not yes/no inputs The yes/no pattern didn’t work too well, because: - it didn’t read naturally as a question and answer - often users left them completely unclicked if they didn’t want to set the permission (rather than clicking no) This commit changes both the invite and edit user pages to use checkboxes to set permissions. If also rewords these pages to read more naturally, and explain what the permissions mean. This meant changing some of the view logic around invites and persmissions, and I ended up refactoring a bunch of it because I found it hard to understand what was going on. 2016-03-22 13:18:06 +00:00			`user_api_client.set_user_permissions(`
			`user_id, service_id,`
			`permissions=set(chain.from_iterable(`
			`permissions for role, permissions in roles.items() if form[role].data`
			`))`
			`)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`return redirect(url_for('.manage_users', service_id=service_id))`

			`return render_template(`
Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`'views/edit-user-permissions.html',`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`user=user,`
			`form=form,`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`service_id=service_id`
			`)`


Change method to a get. Fix path param in invite_api_client.cancel_invited_user 2016-03-01 17:00:01 +00:00			`@main.route("/services/<service_id>/cancel-invited-user/<invited_user_id>", methods=['GET'])`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add button to cancel invitation of invited user. 2016-03-01 16:12:26 +00:00			`def cancel_invited_user(service_id, invited_user_id):`
			`invite_api_client.cancel_invited_user(service_id=service_id, invited_user_id=invited_user_id)`

			`return redirect(url_for('main.manage_users', service_id=service_id))`