app/main/views/manage_users.py

from flask import (
    request,
    render_template,
    redirect,
    url_for,
    flash
)

from flask_login import (
    login_required,
    current_user
)

from app.main import main
from app.main.forms import (
    InviteUserForm,
    PermisisonsForm
)
from app.main.dao.services_dao import get_service_by_id
from app import user_api_client
from app import invite_api_client
from app.utils import user_has_permissions


@main.route("/services/<service_id>/users")
@login_required
@user_has_permissions('manage_users', admin_override=True)
def manage_users(service_id):
    users = user_api_client.get_users_for_service(service_id=service_id)
    invited_users = invite_api_client.get_invites_for_service(service_id=service_id)
    filtered_invites = []
    for invite in invited_users:
        if invite.status != 'accepted':
            filtered_invites.append(invite)
    return render_template('views/manage-users.html',
                           service_id=service_id,
                           users=users,
                           current_user=current_user,
                           invited_users=filtered_invites)


@main.route("/services/<service_id>/users/invite", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_users', admin_override=True)
def invite_user(service_id):
    service = get_service_by_id(service_id)

    form = InviteUserForm(current_user.email_address)
    if form.validate_on_submit():
        email_address = form.email_address.data
        permissions = _get_permissions(request.form)
        invited_user = invite_api_client.create_invite(current_user.id, service_id, email_address, permissions)

        flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')
        return redirect(url_for('.manage_users', service_id=service_id))

    return render_template(
        'views/invite-user.html',
        user=None,
        service_id=service_id,
        form=form
    )


@main.route("/services/<service_id>/users/<user_id>", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_users', admin_override=True)
def edit_user_permissions(service_id, user_id):
    # TODO we should probably using the service id here in the get user
    # call as well. eg. /user/<user_id>?&service_id=service_id
    user = user_api_client.get_user(user_id)
    service = get_service_by_id(service_id)
    # Need to make the email address read only, or a disabled field?
    # Do it through the template or the form class?
    form = PermisisonsForm(**{
        'send_messages': 'yes' if user.has_permissions(
            permissions=['send_texts', 'send_emails', 'send_letters']) else 'no',
        'manage_service': 'yes' if user.has_permissions(
            permissions=['manage_users', 'manage_templates', 'manage_settings']) else 'no',
        'manage_api_keys': 'yes' if user.has_permissions(
            permissions=['manage_api_keys', 'access_developer_docs']) else 'no'
        })

    if form.validate_on_submit():
        permissions = []
        permissions.extend(
            _convert_role_to_permissions('send_messages') if form.send_messages.data == 'yes' else [])
        permissions.extend(
            _convert_role_to_permissions('manage_service') if form.manage_service.data == 'yes' else [])
        permissions.extend(
            _convert_role_to_permissions('manage_api_keys') if form.manage_api_keys.data == 'yes' else [])
        user_api_client.set_user_permissions(user_id, service_id, permissions)
        return redirect(url_for('.manage_users', service_id=service_id))

    return render_template(
        'views/edit-user-permissions.html',
        user=user,
        form=form,
        service_id=service_id
    )


@main.route("/services/<service_id>/cancel-invited-user/<invited_user_id>", methods=['GET'])
@user_has_permissions('manage_users', admin_override=True)
def cancel_invited_user(service_id, invited_user_id):
    invite_api_client.cancel_invited_user(service_id=service_id, invited_user_id=invited_user_id)

    return redirect(url_for('main.manage_users', service_id=service_id))


def _convert_role_to_permissions(role):
    if role == 'send_messages':
        return ['send_texts', 'send_emails', 'send_letters']
    elif role == 'manage_service':
        return ['manage_users', 'manage_templates', 'manage_settings']
    elif role == 'manage_api_keys':
        return ['manage_api_keys', 'access_developer_docs']
    return []


# TODO replace with method which converts each 'role' into the list
# of permissions like the method above :)
def _get_permissions(form):
    permissions = []
    if form.get('send_messages') and form['send_messages'] == 'yes':
        permissions.append('send_messages')
    if form.get('manage_service') and form['manage_service'] == 'yes':
        permissions.append('manage_service')
    if form.get('manage_api_keys') and form['manage_api_keys'] == 'yes':
        permissions.append('manage_api_keys')
    return ','.join(permissions)
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`from flask import (`
			`request,`
			`render_template,`
			`redirect,`
			`url_for,`
Changed registration flow to first send email verification link that when visited sends sms code for second step of account verification. At that second step user enters just sms code sent to users mobile number. Also moved dao calls that simply proxied calls to client to calling client directly. There is still a place where a user will be a sent a code for verification to their email namely if they update email address. 2016-03-17 13:07:52 +00:00			`flash`
			`)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`from flask_login import (`
			`login_required,`
			`current_user`
			`)`

Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`from app.main import main`
Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`from app.main.forms import (`
			`InviteUserForm,`
			`PermisisonsForm`
			`)`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`from app.main.dao.services_dao import get_service_by_id`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`from app import user_api_client`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`from app import invite_api_client`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`from app.utils import user_has_permissions`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00

			`@main.route("/services/<service_id>/users")`
			`@login_required`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`def manage_users(service_id):`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`users = user_api_client.get_users_for_service(service_id=service_id)`
			`invited_users = invite_api_client.get_invites_for_service(service_id=service_id)`
Filter out accepted invites in template not client. 2016-03-07 13:59:54 +00:00			`filtered_invites = []`
			`for invite in invited_users:`
			`if invite.status != 'accepted':`
			`filtered_invites.append(invite)`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`return render_template('views/manage-users.html',`
			`service_id=service_id,`
			`users=users,`
			`current_user=current_user,`
Filter out accepted invites in template not client. 2016-03-07 13:59:54 +00:00			`invited_users=filtered_invites)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00

			`@main.route("/services/<service_id>/users/invite", methods=['GET', 'POST'])`
			`@login_required`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`def invite_user(service_id):`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`service = get_service_by_id(service_id)`

Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`form = InviteUserForm(current_user.email_address)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`if form.validate_on_submit():`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`email_address = form.email_address.data`
Invite user form now posts permissions string to api with data to create invite. 2016-02-29 11:03:35 +00:00			`permissions = _get_permissions(request.form)`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`invited_user = invite_api_client.create_invite(current_user.id, service_id, email_address, permissions)`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')`
			`return redirect(url_for('.manage_users', service_id=service_id))`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00
			`return render_template(`
			`'views/invite-user.html',`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`user=None,`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`service_id=service_id,`
			`form=form`
			`)`


			`@main.route("/services/<service_id>/users/<user_id>", methods=['GET', 'POST'])`
			`@login_required`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add button to cancel invitation of invited user. 2016-03-01 16:12:26 +00:00			`def edit_user_permissions(service_id, user_id):`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`# TODO we should probably using the service id here in the get user`
			`# call as well. eg. /user/<user_id>?&service_id=service_id`
			`user = user_api_client.get_user(user_id)`
			`service = get_service_by_id(service_id)`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00			`# Need to make the email address read only, or a disabled field?`
			`# Do it through the template or the form class?`
Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`form = PermisisonsForm(**{`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00			`'send_messages': 'yes' if user.has_permissions(`
Completion of the platform admin user story. 2016-03-18 16:20:37 +00:00			`permissions=['send_texts', 'send_emails', 'send_letters']) else 'no',`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00			`'manage_service': 'yes' if user.has_permissions(`
Completion of the platform admin user story. 2016-03-18 16:20:37 +00:00			`permissions=['manage_users', 'manage_templates', 'manage_settings']) else 'no',`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00			`'manage_api_keys': 'yes' if user.has_permissions(`
Completion of the platform admin user story. 2016-03-18 16:20:37 +00:00			`permissions=['manage_api_keys', 'access_developer_docs']) else 'no'`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`})`
Fix up front end so you can navigate to the edit page. 2016-03-03 15:43:53 +00:00
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`if form.validate_on_submit():`
Functionality_added, tests passing. 2016-03-03 14:32:19 +00:00			`permissions = []`
			`permissions.extend(`
			`_convert_role_to_permissions('send_messages') if form.send_messages.data == 'yes' else [])`
			`permissions.extend(`
			`_convert_role_to_permissions('manage_service') if form.manage_service.data == 'yes' else [])`
			`permissions.extend(`
			`_convert_role_to_permissions('manage_api_keys') if form.manage_api_keys.data == 'yes' else [])`
			`user_api_client.set_user_permissions(user_id, service_id, permissions)`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`return redirect(url_for('.manage_users', service_id=service_id))`

			`return render_template(`
Added validation to ensure user can't invite themselves. Refactored Invited user form into permissions and invite forms for use in invite and edit permissions. Added template for edit permissions. 2016-03-09 13:00:52 +00:00			`'views/edit-user-permissions.html',`
Updated form and fixed existing tests. 2016-03-03 13:00:12 +00:00			`user=user,`
			`form=form,`
Add pages to invite, edit, and delete users This takes the original prototype version of this page, and, using the same fake data (ie nothing is wired up): - adds an invite users page - adds an edit (and delete) user page Both these pages allow the user to set another user’s permissions. This commit adds images for the ticks and crosses, so we have control over their appearance. 2016-02-19 15:02:13 +00:00			`service_id=service_id`
			`)`


Change method to a get. Fix path param in invite_api_client.cancel_invited_user 2016-03-01 17:00:01 +00:00			`@main.route("/services/<service_id>/cancel-invited-user/<invited_user_id>", methods=['GET'])`
[WIP]: fixing unit tests 2016-03-18 10:49:22 +00:00			`@user_has_permissions('manage_users', admin_override=True)`
Add button to cancel invitation of invited user. 2016-03-01 16:12:26 +00:00			`def cancel_invited_user(service_id, invited_user_id):`
			`invite_api_client.cancel_invited_user(service_id=service_id, invited_user_id=invited_user_id)`

			`return redirect(url_for('main.manage_users', service_id=service_id))`


Functionality_added, tests passing. 2016-03-03 14:32:19 +00:00			`def _convert_role_to_permissions(role):`
			`if role == 'send_messages':`
			`return ['send_texts', 'send_emails', 'send_letters']`
			`elif role == 'manage_service':`
			`return ['manage_users', 'manage_templates', 'manage_settings']`
			`elif role == 'manage_api_keys':`
			`return ['manage_api_keys', 'access_developer_docs']`
			`return []`


			`# TODO replace with method which converts each 'role' into the list`
			`# of permissions like the method above :)`
Invite user form now posts permissions string to api with data to create invite. 2016-02-29 11:03:35 +00:00			`def _get_permissions(form):`
			`permissions = []`
			`if form.get('send_messages') and form['send_messages'] == 'yes':`
			`permissions.append('send_messages')`
			`if form.get('manage_service') and form['manage_service'] == 'yes':`
			`permissions.append('manage_service')`
			`if form.get('manage_api_keys') and form['manage_api_keys'] == 'yes':`
			`permissions.append('manage_api_keys')`
			`return ','.join(permissions)`