app/notify_client/invite_api_client.py

from app.notify_client import NotifyAdminAPIClient, _attach_current_user, cache
from app.utils.user_permissions import (
    roles,
    translate_permissions_from_admin_roles_to_db,
)


class InviteApiClient(NotifyAdminAPIClient):

    def init_app(self, app):
        super().init_app(app)

        self.admin_url = app.config['ADMIN_BASE_URL']

    def create_invite(self,
                      invite_from_id,
                      service_id,
                      email_address,
                      permissions,
                      auth_type,
                      folder_permissions):
        data = {
            'service': service_id,
            'email_address': email_address,
            'from_user': invite_from_id,
            'permissions': ','.join(sorted(translate_permissions_from_admin_roles_to_db(permissions))),
            'auth_type': auth_type,
            'invite_link_host': self.admin_url,
            'folder_permissions': folder_permissions,
        }
        data = _attach_current_user(data)
        resp = self.post(url='/service/{}/invite'.format(service_id), data=data)
        return resp['data']

    def get_invites_for_service(self, service_id):
        return self.get(
            '/service/{}/invite'.format(service_id)
        )['data']

    def get_invited_user(self, invited_user_id):
        return self.get(
            f'/invite/service/{invited_user_id}'
        )['data']

    def get_invited_user_for_service(self, service_id, invited_user_id):
        return self.get(
            f'/service/{service_id}/invite/{invited_user_id}'
        )['data']

    def get_count_of_invites_with_permission(self, service_id, permission):
        if permission not in roles.keys():
            raise TypeError('{} is not a valid permission'.format(permission))
        return len([
            invited_user for invited_user in self.get_invites_for_service(service_id)
            if invited_user.has_permission_for_service(service_id, permission)
        ])

    def check_token(self, token):
        return self.get(url='/invite/service/check/{}'.format(token))['data']

    def cancel_invited_user(self, service_id, invited_user_id):
        data = {'status': 'cancelled'}
        data = _attach_current_user(data)
        self.post(url='/service/{0}/invite/{1}'.format(service_id, invited_user_id),
                  data=data)

    @cache.delete('service-{service_id}')
    @cache.delete('user-{invited_user_id}')
    def accept_invite(self, service_id, invited_user_id):
        data = {'status': 'accepted'}
        self.post(url='/service/{0}/invite/{1}'.format(service_id, invited_user_id),
                  data=data)


invite_api_client = InviteApiClient()
Move and rename roles_and_permissions.py This file does not represent a model, but rather a set of utilities that are specific to user permissions (vs. service permissions). 2021-07-22 14:05:11 +01:00			`from app.notify_client import NotifyAdminAPIClient, _attach_current_user, cache`
			`from app.utils.user_permissions import (`
Let inviting a user complete the go live checklist At the moment you have to wait for whoever you’ve invited to accept the invitation before you can go live. Since this check is mainly for the benefit of the service, not us, we should trust that people’s intentions are good when they invite someone. So this commit also checks the invited users when counting how many team members a service has. 2019-04-11 16:40:25 +01:00			`roles,`
map roles and db permissions in the db, we have several rows for single permissions - we separate `send_messages` into `send_texts`, `send_emails` and `send_letters`, and also `manage_service` into `manage_users` and `manage_settings`. But on the front end we don't do anything with this distinction. It's unhelpful for us to have to think about permissions as groups of things when we can never split them up at all. So we should combine them. This commit makes sure: * when user models are read (from JSON direct from the API), we should transform them from db permissions into roles. * when permissions are persisted (editing permissions, and creating invites), we should send db permissions to the API. All other interaction with permissions (should just be the endpoint decorator and checks in html templates generally) should use admin roles. 2018-02-28 15:37:49 +00:00			`translate_permissions_from_admin_roles_to_db,`
			`)`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00

Use the local APIClient rather than the one from the python-api-client - ensures that all API calls set the request ID when talking to the API. 2016-11-30 17:01:44 +00:00			`class InviteApiClient(NotifyAdminAPIClient):`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00
			`def init_app(self, app):`
Add route secret key header to the API requests Currently requests to the API made from the admin app are going from PaaS admin app to the nginx router ELB, which then routes them back to the api app on PaaS. This makes sense for external requests, but for requests made from the admin app we could skip nginx and go directly to the api PaaS host, which should reduce load on the nginx instances and potentially reduce latency of the api requests. API apps on PaaS are checking the X-Custom-Forwarder header (which is set by nginx on proxy_pass requests) to only allow requests going through the proxy. This adds the custom header to the API client requests, so that they can pass that header check without going through nginx. 2018-02-09 15:03:32 +00:00			`super().init_app(app)`

Have admin specify host to use for invite links When we’re doing user research we often: - start the task by inviting the participant to a service on Notify - have them use a prototype version of the admin app, hosted on a different domain Currently we can’t do both of these things together, because the invite emails always send people to notifications.service.gov.uk (because it’s the API that sends the emails, and the prototype admin app points at the production API). This commit changes the admin app to tell the API which host to use when creating the invite links. Depends on: - [ ] https://github.com/alphagov/notifications-api/pull/1515 2017-12-20 17:17:17 +00:00			`self.admin_url = app.config['ADMIN_BASE_URL']`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00
Set folder permissions when creating and accepting invites to services Added a folder permissions form to the page to invite users to services. This only shows if the service has 'edit_folder_permissions' enabled, and all folder checkboxes are checked by default. This change means that InviteApiClient.create_invite now sends folder_permissions through to notifications_api (so invites get created with folder permissions). Started passing the folder_permissions through to notifications-api when accepting an invite. This changes UserApiClient.add_user_to_service to send folder_permissions to notifications_api so that new users get folder permissions when they are added to the service. 2019-03-15 14:57:39 +00:00			`def create_invite(self,`
			`invite_from_id,`
			`service_id,`
			`email_address,`
			`permissions,`
			`auth_type,`
			`folder_permissions):`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`data = {`
Don’t return UUID objects from the UUID convertor Because it means you often have to cast to string in your application code just to get your tests passing. The method being monkey patched is originally defined here: https://github.com/pallets/werkzeug/blob/b81aa0f18c7336a0421b569d8a5dab8d5c0d7517/src/werkzeug/routing.py#L1272 2019-11-04 12:20:09 +00:00			`'service': service_id,`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`'email_address': email_address,`
Invite user form now posts permissions string to api with data to create invite. 2016-02-29 11:03:35 +00:00			`'from_user': invite_from_id,`
map roles and db permissions in the db, we have several rows for single permissions - we separate `send_messages` into `send_texts`, `send_emails` and `send_letters`, and also `manage_service` into `manage_users` and `manage_settings`. But on the front end we don't do anything with this distinction. It's unhelpful for us to have to think about permissions as groups of things when we can never split them up at all. So we should combine them. This commit makes sure: * when user models are read (from JSON direct from the API), we should transform them from db permissions into roles. * when permissions are persisted (editing permissions, and creating invites), we should send db permissions to the API. All other interaction with permissions (should just be the endpoint decorator and checks in html templates generally) should use admin roles. 2018-02-28 15:37:49 +00:00			`'permissions': ','.join(sorted(translate_permissions_from_admin_roles_to_db(permissions))),`
Have admin specify host to use for invite links When we’re doing user research we often: - start the task by inviting the participant to a service on Notify - have them use a prototype version of the admin app, hosted on a different domain Currently we can’t do both of these things together, because the invite emails always send people to notifications.service.gov.uk (because it’s the API that sends the emails, and the prototype admin app points at the production API). This commit changes the admin app to tell the API which host to use when creating the invite links. Depends on: - [ ] https://github.com/alphagov/notifications-api/pull/1515 2017-12-20 17:17:17 +00:00			`'auth_type': auth_type,`
			`'invite_link_host': self.admin_url,`
Set folder permissions when creating and accepting invites to services Added a folder permissions form to the page to invite users to services. This only shows if the service has 'edit_folder_permissions' enabled, and all folder checkboxes are checked by default. This change means that InviteApiClient.create_invite now sends folder_permissions through to notifications_api (so invites get created with folder permissions). Started passing the folder_permissions through to notifications-api when accepting an invite. This changes UserApiClient.add_user_to_service to send folder_permissions to notifications_api so that new users get folder permissions when they are added to the service. 2019-03-15 14:57:39 +00:00			`'folder_permissions': folder_permissions,`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`}`
Make `_attach_current_user` a pure function Mutating dictionaries is gross and doesn’t work as you’d expect. Better to have the function return a new dictionary instead. Means we can be explicit that `created_by` is one of the allowed params when updating a service. 2016-08-11 14:20:43 +01:00			`data = _attach_current_user(data)`
[WIP] Invite user form now submits data to api. 2016-02-26 13:07:35 +00:00			`resp = self.post(url='/service/{}/invite'.format(service_id), data=data)`
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models. 2019-05-23 15:27:35 +01:00			`return resp['data']`
Manage user pages now surfaces invited users fetched from api. 2016-02-26 15:33:17 +00:00
			`def get_invites_for_service(self, service_id):`
Refactor filtering out accepted invites to client None of our model or view layer code should need to know about accepted invites. We don’t use them anywhere because once an invite is accepted that person is now a user. Putting this logic in the client means that: - none of the code calling the client needs to care about accepted invites - it’s easier to (if we want) update the API code to not return accepted invites 2018-11-30 17:39:39 +00:00			`return self.get(`
			`'/service/{}/invite'.format(service_id)`
			`)['data']`
[WIP] Start of user accepting invite. This commit only deals with acceptance by users who are already in system. Changed invite client to return invited user objects instead of dictionaries. Added commented out test. fixed up fixtures to return invited user object for invites 2016-02-29 17:35:21 +00:00
store invited user ids in session same as the invited org user ids in the previous commit 2021-03-08 12:51:35 +00:00			`def get_invited_user(self, invited_user_id):`
			`return self.get(`
			`f'/invite/service/{invited_user_id}'`
			`)['data']`

rename get_invited_user funcs make it clear they're expecting a service/org id 2021-03-05 17:04:35 +00:00			`def get_invited_user_for_service(self, service_id, invited_user_id):`
Add confirmation banner when cancelling user invites This shows the green banner with a tick when cancelling a user's invitation to a service or organisation. The accessibility audit noted that 'When cancelling an invite a new page loads, however, there is no immediate indication that the invite has been cancelled.' In order to display the invited user's email address as part of the flash message, this adds new methods to the api clients for invites to get a single invite. 2020-08-17 14:30:09 +01:00			`return self.get(`
			`f'/service/{service_id}/invite/{invited_user_id}'`
			`)['data']`

Let inviting a user complete the go live checklist At the moment you have to wait for whoever you’ve invited to accept the invitation before you can go live. Since this check is mainly for the benefit of the service, not us, we should trust that people’s intentions are good when they invite someone. So this commit also checks the invited users when counting how many team members a service has. 2019-04-11 16:40:25 +01:00			`def get_count_of_invites_with_permission(self, service_id, permission):`
			`if permission not in roles.keys():`
			`raise TypeError('{} is not a valid permission'.format(permission))`
			`return len([`
			`invited_user for invited_user in self.get_invites_for_service(service_id)`
			`if invited_user.has_permission_for_service(service_id, permission)`
			`])`

[WIP] Add call to api to update invitation to accepted. When flow for invited user is complete, that is when user has been added to service, update invitation to accepted 2016-03-03 17:53:16 +00:00			`def check_token(self, token):`
use new check api endpoints for validating invite tokens added in https://github.com/alphagov/notifications-api/pull/3171 2021-03-12 15:57:46 +00:00			`return self.get(url='/invite/service/check/{}'.format(token))['data']`
Add button to cancel invitation of invited user. 2016-03-01 16:12:26 +00:00
			`def cancel_invited_user(self, service_id, invited_user_id):`
			`data = {'status': 'cancelled'}`
Make `_attach_current_user` a pure function Mutating dictionaries is gross and doesn’t work as you’d expect. Better to have the function return a new dictionary instead. Means we can be explicit that `created_by` is one of the allowed params when updating a service. 2016-08-11 14:20:43 +01:00			`data = _attach_current_user(data)`
Change cancel_invited_user client to not return anything. 2016-03-01 17:56:39 +00:00			`self.post(url='/service/{0}/invite/{1}'.format(service_id, invited_user_id),`
			`data=data)`
[WIP] Start of user accepting invite. This commit only deals with acceptance by users who are already in system. Changed invite client to return invited user objects instead of dictionaries. Added commented out test. fixed up fixtures to return invited user object for invites 2016-02-29 17:35:21 +00:00
Rewrite cache decorator to use format string This is easier to read than having to understand the arguments 1…n of the cache decorator are ‘magic’, and gives us more flexibility about how the cache keys are formatted, eg being able to add words in the middle of them. Also changes the key format for all templates to be `service-{service_id}-templates` instead of `templates-{service_id}` because then it’s clearer what the ID represents. 2018-04-20 16:32:02 +01:00			`@cache.delete('service-{service_id}')`
			`@cache.delete('user-{invited_user_id}')`
[WIP] Add call to api to update invitation to accepted. When flow for invited user is complete, that is when user has been added to service, update invitation to accepted 2016-03-03 17:53:16 +00:00			`def accept_invite(self, service_id, invited_user_id):`
			`data = {'status': 'accepted'}`
			`self.post(url='/service/{0}/invite/{1}'.format(service_id, invited_user_id),`
			`data=data)`

Initialise clients outside the app This avoids the annoying problem where you can’t import a client unless the app has already been initialised. 2018-10-26 15:39:32 +01:00
			`invite_api_client = InviteApiClient()`