darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-06-06 22:40:57 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
17f74cf621ced95f044b4ee467441928b5b80e50
notifications-admin/app/main/views/find_users.py

53 lines
1.9 KiB
Python
Raw Normal View History

Add page to archive user Users can only be archived by Platform Admin from the user page (/users/<user_id>). This removes them from all services and orgs and updates their details.
2019-05-22 11:38:47 +01:00
from flask import flash, redirect, render_template, request, url_for
Have permissions decorators check user signed in Rather than force us to write the decorators in a specific order let’s just have one decorator call the other. This should make fewer lines of code, and fewer annoying test failures. It also means that the same way of raising a `401` (through the `current_app` method) is used everywhere.
2019-07-01 15:22:08 +01:00
from flask_login import current_user
Show error when user cannot be archived A user can't be archived if they are the only member of their service with `manage_settings` permission. `notifications-api` returns a `400` and an error message if that is the case, however this PR to remove the `400` error handler https://github.com/alphagov/notifications-admin/pull/3320 stopped the error message from showing. This meant that instead of seeing a message about why a user couldn't be archived, we would just show a `500` error page instead. This change checks the response from `notifications-api` and shows an error banner with a message if the user can't be archived.
2020-04-21 17:40:47 +01:00
from notifications_python_client.errors import HTTPError
find_users_by_email view loads a page with search form and is linked to
2018-07-06 11:10:14 +01:00
find_users_by_email view calls API and feeds results to template Template then displays the results. Page displays a message if no results found
2018-07-06 16:16:21 +01:00
from app import user_api_client
Add an event if a user is archived This adds a new type of event, 'archive_user', which stores the id of the archived user and the id of the user who is doing the archiving.
2019-05-22 14:05:19 +01:00
from app.event_handlers import create_archive_user_event
find_users_by_email view loads a page with search form and is linked to
2018-07-06 11:10:14 +01:00
from app.main import main
Validate against empty form submission for find_users_by_email This included: - creating a new form SearchUsersByEmailForm with validation on its search field - introducing 400 status to the view if the form does not validate - fixing the POST request data structure in the tests (it was incorrect before and uncaught due to lack of validation and mocking the response from the API.
2018-07-10 16:33:13 +01:00
from app.main.forms import SearchUsersByEmailForm
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
from app.models.user import User
Add view that displays user information, including: - name - email - phone number - services - last login - failed login attempts if any The view can be accessed from results of find_users_by_email logged_in_at added to User serialization on admin frontend as a part of this work
2018-07-10 17:24:20 +01:00
from app.utils import user_is_platform_admin
find_users_by_email view loads a page with search form and is linked to
2018-07-06 11:10:14 +01:00
find_users_by_email view calls API and feeds results to template Template then displays the results. Page displays a message if no results found
2018-07-06 16:16:21 +01:00
@main.route("/find-users-by-email", methods=['GET', 'POST'])
find_users_by_email view loads a page with search form and is linked to
2018-07-06 11:10:14 +01:00
@user_is_platform_admin
def find_users_by_email():
Validate against empty form submission for find_users_by_email This included: - creating a new form SearchUsersByEmailForm with validation on its search field - introducing 400 status to the view if the form does not validate - fixing the POST request data structure in the tests (it was incorrect before and uncaught due to lack of validation and mocking the response from the API.
2018-07-10 16:33:13 +01:00
form = SearchUsersByEmailForm()
find_users_by_email view calls API and feeds results to template Template then displays the results. Page displays a message if no results found
2018-07-06 16:16:21 +01:00
users_found = None
if form.validate_on_submit():
users_found = user_api_client.find_users_by_full_or_partial_email(form.search.data)['data']
find_users_by_email view loads a page with search form and is linked to
2018-07-06 11:10:14 +01:00
return render_template(
'views/find-users/find-users-by-email.html',
find_users_by_email view calls API and feeds results to template Template then displays the results. Page displays a message if no results found
2018-07-06 16:16:21 +01:00
form=form,
users_found=users_found
Simplify find users by email view - valdiation already done by form
2019-08-16 11:20:36 +01:00
)
Add view that displays user information, including: - name - email - phone number - services - last login - failed login attempts if any The view can be accessed from results of find_users_by_email logged_in_at added to User serialization on admin frontend as a part of this work
2018-07-10 17:24:20 +01:00
Require IDs to be UUIDs in URLS We mostly rely on the API returning a 404 to generate 404s for trying to get things with non-UUID IDs. This is fine, except our tests often mock these API calls. So it could look like everything is working fine, except the thing your passing in might never be a valid UUID, and thus would 404 in a non-test environment. So this commit: 1. uses the `uuid` URL converter everywhere there’s something that looks like an ID in a URL parameter 2. adds a test which automates checking for 1.
2019-11-04 11:07:55 +00:00
@main.route("/users/<uuid:user_id>", methods=['GET'])
Add view that displays user information, including: - name - email - phone number - services - last login - failed login attempts if any The view can be accessed from results of find_users_by_email logged_in_at added to User serialization on admin frontend as a part of this work
2018-07-10 17:24:20 +01:00
@user_is_platform_admin
def user_information(user_id):
return render_template(
'views/find-users/user-information.html',
Put organisations on the user model As in other places, putting a model layer between the view and the API client makes the code cleaner and clearer.
2019-06-07 09:26:11 +01:00
user=User.from_id(user_id),
Add view that displays user information, including: - name - email - phone number - services - last login - failed login attempts if any The view can be accessed from results of find_users_by_email logged_in_at added to User serialization on admin frontend as a part of this work
2018-07-10 17:24:20 +01:00
)
Add page to archive user Users can only be archived by Platform Admin from the user page (/users/<user_id>). This removes them from all services and orgs and updates their details.
2019-05-22 11:38:47 +01:00
@main.route("/users/<uuid:user_id>/archive", methods=['GET', 'POST'])
@user_is_platform_admin
def archive_user(user_id):
if request.method == 'POST':
Show error when user cannot be archived A user can't be archived if they are the only member of their service with `manage_settings` permission. `notifications-api` returns a `400` and an error message if that is the case, however this PR to remove the `400` error handler https://github.com/alphagov/notifications-admin/pull/3320 stopped the error message from showing. This meant that instead of seeing a message about why a user couldn't be archived, we would just show a `500` error page instead. This change checks the response from `notifications-api` and shows an error banner with a message if the user can't be archived.
2020-04-21 17:40:47 +01:00
try:
user_api_client.archive_user(user_id)
except HTTPError as e:
if e.status_code == 400 and 'manage_settings' in e.message:
flash('User cant be removed from a service - '
'check all services have another team member with manage_settings')
return redirect(url_for('main.user_information', user_id=user_id))
Add an event if a user is archived This adds a new type of event, 'archive_user', which stores the id of the archived user and the id of the user who is doing the archiving.
2019-05-22 14:05:19 +01:00
create_archive_user_event(str(user_id), current_user.id)
Add page to archive user Users can only be archived by Platform Admin from the user page (/users/<user_id>). This removes them from all services and orgs and updates their details.
2019-05-22 11:38:47 +01:00
return redirect(url_for('.user_information', user_id=user_id))
else:
flash('There\'s no way to reverse this! Are you sure you want to archive this user?', 'delete')
return user_information(user_id)
Reference in New Issue Copy Permalink