Files
notifications-admin/app/main/views/invites.py

114 lines
4.7 KiB
Python
Raw Normal View History

from flask import abort, flash, redirect, render_template, session, url_for
from flask_login import current_user
from markupsafe import Markup
from app.main import main
from app.models.organisation import Organisation
from app.models.service import Service
from app.models.user import (
InvitedOrgUser,
InvitedUser,
OrganisationUsers,
User,
Users,
)
@main.route("/invitation/<token>")
def accept_invite(token):
invited_user = InvitedUser.from_token(token)
if not current_user.is_anonymous and current_user.email_address.lower() != invited_user.email_address.lower():
2016-04-26 12:12:47 +01:00
message = Markup("""
Youre signed in as {}.
This invite is for another email address.
<a href={} class="govuk-link govuk-link--no-visited-state">Sign out</a>
and click the link again to accept this invite.
2016-04-26 12:12:47 +01:00
""".format(
current_user.email_address,
2016-04-26 12:12:47 +01:00
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
service = Service.from_id(invited_user.service)
return render_template('views/cancelled-invitation.html',
from_user=invited_user.from_user.name,
service_name=service.name)
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = User.from_email_address_or_none(invited_user.email_address)
if existing_user:
invited_user.accept_invite()
if existing_user in Users(invited_user.service):
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
service = Service.from_id(invited_user.service)
# if the service you're being added to can modify auth type, then check if this is relevant
if service.has_permission('email_auth') and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'
):
existing_user.update(auth_type=invited_user.auth_type)
existing_user.add_to_service(
service_id=invited_user.service,
permissions=invited_user.permissions,
folder_permissions=invited_user.folder_permissions,
)
return redirect(url_for('main.service_dashboard', service_id=service.id))
else:
return redirect(url_for('main.register_from_invite'))
2018-02-19 16:53:29 +00:00
@main.route("/organisation-invitation/<token>")
def accept_org_invite(token):
invited_org_user = InvitedOrgUser.from_token(token)
2018-02-19 16:53:29 +00:00
if not current_user.is_anonymous and current_user.email_address.lower() != invited_org_user.email_address.lower():
message = Markup("""
Youre signed in as {}.
This invite is for another email address.
<a class="govuk-link govuk-link--no-visited-state" href={}>Sign out</a>
and click the link again to accept this invite.
2018-02-19 16:53:29 +00:00
""".format(
current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_org_user.status == 'cancelled':
organisation = Organisation.from_id(invited_org_user.organisation)
2018-02-19 16:53:29 +00:00
return render_template('views/cancelled-invitation.html',
from_user=invited_org_user.invited_by.name,
organisation_name=organisation.name)
2018-02-19 16:53:29 +00:00
if invited_org_user.status == 'accepted':
session.pop('invited_org_user', None)
return redirect(url_for('main.organisation_dashboard', org_id=invited_org_user.organisation))
session['invited_org_user'] = invited_org_user.serialize()
existing_user = User.from_email_address_or_none(invited_org_user.email_address)
organisation_users = OrganisationUsers(invited_org_user.organisation)
2018-02-19 16:53:29 +00:00
if existing_user:
invited_org_user.accept_invite()
2018-02-19 16:53:29 +00:00
if existing_user not in organisation_users:
existing_user.add_to_organisation(organisation_id=invited_org_user.organisation)
2018-02-19 16:53:29 +00:00
return redirect(url_for('main.organisation_dashboard', org_id=invited_org_user.organisation))
else:
return redirect(url_for('main.register_from_org_invite'))