2019-02-20 11:50:34 +00:00
|
|
|
from flask import (
|
|
|
|
|
abort,
|
|
|
|
|
flash,
|
|
|
|
|
redirect,
|
|
|
|
|
render_template,
|
|
|
|
|
request,
|
|
|
|
|
session,
|
|
|
|
|
url_for,
|
|
|
|
|
)
|
2018-02-20 11:22:17 +00:00
|
|
|
from flask_login import current_user, login_required
|
2016-04-15 11:04:35 +01:00
|
|
|
from notifications_python_client.errors import HTTPError
|
2018-02-20 11:22:17 +00:00
|
|
|
|
|
|
|
|
from app import (
|
|
|
|
|
current_service,
|
|
|
|
|
invite_api_client,
|
|
|
|
|
service_api_client,
|
|
|
|
|
user_api_client,
|
2016-03-09 13:00:52 +00:00
|
|
|
)
|
2019-04-03 11:47:46 +01:00
|
|
|
from app.event_handlers import (
|
|
|
|
|
create_email_change_event,
|
|
|
|
|
create_mobile_number_change_event,
|
|
|
|
|
)
|
2018-02-20 11:22:17 +00:00
|
|
|
from app.main import main
|
2019-02-20 11:50:34 +00:00
|
|
|
from app.main.forms import (
|
|
|
|
|
ChangeEmailForm,
|
2019-02-22 16:01:04 +00:00
|
|
|
ChangeMobileNumberForm,
|
2019-04-18 16:03:13 +01:00
|
|
|
ChangeNonGovEmailForm,
|
2019-02-20 11:50:34 +00:00
|
|
|
InviteUserForm,
|
|
|
|
|
PermissionsForm,
|
|
|
|
|
SearchUsersForm,
|
|
|
|
|
)
|
2018-10-26 15:58:44 +01:00
|
|
|
from app.models.user import permissions
|
2019-04-18 16:03:13 +01:00
|
|
|
from app.utils import is_gov_user, redact_mobile_number, user_has_permissions
|
2016-02-19 15:02:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@main.route("/services/<service_id>/users")
|
|
|
|
|
@login_required
|
2018-08-06 11:09:57 +01:00
|
|
|
@user_has_permissions()
|
2016-02-19 15:02:13 +00:00
|
|
|
def manage_users(service_id):
|
2016-03-22 13:18:06 +00:00
|
|
|
return render_template(
|
|
|
|
|
'views/manage-users.html',
|
2018-12-03 10:59:36 +00:00
|
|
|
users=current_service.team_members,
|
2016-03-22 13:18:06 +00:00
|
|
|
current_user=current_user,
|
2018-12-03 10:59:36 +00:00
|
|
|
show_search_box=(len(current_service.team_members) > 7),
|
2018-01-26 17:21:06 +00:00
|
|
|
form=SearchUsersForm(),
|
2018-08-08 08:45:58 +01:00
|
|
|
permissions=permissions,
|
2016-03-22 13:18:06 +00:00
|
|
|
)
|
2016-02-19 15:02:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@main.route("/services/<service_id>/users/invite", methods=['GET', 'POST'])
|
|
|
|
|
@login_required
|
2018-03-01 10:30:17 +00:00
|
|
|
@user_has_permissions('manage_service')
|
2016-02-19 15:02:13 +00:00
|
|
|
def invite_user(service_id):
|
2016-03-22 13:18:06 +00:00
|
|
|
|
2019-03-15 14:57:39 +00:00
|
|
|
form = InviteUserForm(
|
|
|
|
|
invalid_email_address=current_user.email_address,
|
|
|
|
|
all_template_folders=current_service.all_template_folders,
|
|
|
|
|
folder_permissions=[f['id'] for f in current_service.all_template_folders]
|
|
|
|
|
)
|
2017-11-01 15:36:27 +00:00
|
|
|
|
2018-07-20 08:43:02 +01:00
|
|
|
service_has_email_auth = current_service.has_permission('email_auth')
|
2017-11-01 15:36:27 +00:00
|
|
|
if not service_has_email_auth:
|
|
|
|
|
form.login_authentication.data = 'sms_auth'
|
2016-03-03 13:00:12 +00:00
|
|
|
|
2016-02-19 15:02:13 +00:00
|
|
|
if form.validate_on_submit():
|
2019-03-19 14:16:23 +00:00
|
|
|
if current_service.has_permission('edit_folder_permissions'):
|
|
|
|
|
folder_permissions = form.folder_permissions.data
|
|
|
|
|
else:
|
|
|
|
|
folder_permissions = list(current_service.all_template_folder_ids)
|
|
|
|
|
|
2016-02-26 13:07:35 +00:00
|
|
|
email_address = form.email_address.data
|
2016-03-22 13:18:06 +00:00
|
|
|
invited_user = invite_api_client.create_invite(
|
|
|
|
|
current_user.id,
|
|
|
|
|
service_id,
|
|
|
|
|
email_address,
|
2018-06-13 12:07:08 +01:00
|
|
|
form.permissions,
|
2019-03-15 14:57:39 +00:00
|
|
|
form.login_authentication.data,
|
2019-03-19 14:16:23 +00:00
|
|
|
folder_permissions,
|
2016-03-22 13:18:06 +00:00
|
|
|
)
|
2016-03-18 10:49:22 +00:00
|
|
|
|
2016-03-03 13:00:12 +00:00
|
|
|
flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')
|
|
|
|
|
return redirect(url_for('.manage_users', service_id=service_id))
|
2016-02-19 15:02:13 +00:00
|
|
|
|
|
|
|
|
return render_template(
|
|
|
|
|
'views/invite-user.html',
|
2017-11-01 15:36:27 +00:00
|
|
|
form=form,
|
2019-03-12 11:41:52 +00:00
|
|
|
service_has_email_auth=service_has_email_auth,
|
|
|
|
|
mobile_number=True,
|
2016-02-19 15:02:13 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@main.route("/services/<service_id>/users/<user_id>", methods=['GET', 'POST'])
|
|
|
|
|
@login_required
|
2018-03-01 10:30:17 +00:00
|
|
|
@user_has_permissions('manage_service')
|
2016-03-01 16:12:26 +00:00
|
|
|
def edit_user_permissions(service_id, user_id):
|
2018-07-20 08:43:02 +01:00
|
|
|
service_has_email_auth = current_service.has_permission('email_auth')
|
2019-02-25 16:51:37 +00:00
|
|
|
user = current_service.get_team_member(user_id)
|
2019-02-21 13:03:06 +00:00
|
|
|
|
|
|
|
|
mobile_number = None
|
|
|
|
|
if user.mobile_number:
|
2019-02-25 14:27:37 +00:00
|
|
|
mobile_number = redact_mobile_number(user.mobile_number, " ")
|
2017-11-01 15:36:27 +00:00
|
|
|
|
2019-02-25 16:23:28 +00:00
|
|
|
form = PermissionsForm.from_user(
|
|
|
|
|
user,
|
|
|
|
|
service_id,
|
2019-04-03 17:20:32 +01:00
|
|
|
folder_permissions=None if user.platform_admin else [
|
2019-02-27 15:45:18 +00:00
|
|
|
f['id'] for f in current_service.all_template_folders
|
2019-03-11 14:13:56 +00:00
|
|
|
if user.has_template_folder_permission(f)
|
2019-02-27 15:45:18 +00:00
|
|
|
],
|
2019-04-03 17:20:32 +01:00
|
|
|
all_template_folders=None if user.platform_admin else current_service.all_template_folders
|
2019-02-25 16:23:28 +00:00
|
|
|
)
|
2018-06-12 14:29:47 +01:00
|
|
|
|
2016-03-03 13:00:12 +00:00
|
|
|
if form.validate_on_submit():
|
2016-03-22 13:18:06 +00:00
|
|
|
user_api_client.set_user_permissions(
|
|
|
|
|
user_id, service_id,
|
2018-06-13 12:07:08 +01:00
|
|
|
permissions=form.permissions,
|
2019-02-27 15:45:18 +00:00
|
|
|
folder_permissions=(
|
|
|
|
|
form.folder_permissions.data
|
|
|
|
|
if current_service.has_permission('edit_folder_permissions') else None
|
|
|
|
|
),
|
2016-03-22 13:18:06 +00:00
|
|
|
)
|
2017-11-01 15:36:27 +00:00
|
|
|
if service_has_email_auth:
|
2017-11-15 17:19:32 +00:00
|
|
|
user_api_client.update_user_attribute(user_id, auth_type=form.login_authentication.data)
|
2016-02-19 15:02:13 +00:00
|
|
|
return redirect(url_for('.manage_users', service_id=service_id))
|
|
|
|
|
|
|
|
|
|
return render_template(
|
2016-03-09 13:00:52 +00:00
|
|
|
'views/edit-user-permissions.html',
|
2016-03-03 13:00:12 +00:00
|
|
|
user=user,
|
2017-11-01 15:36:27 +00:00
|
|
|
form=form,
|
|
|
|
|
service_has_email_auth=service_has_email_auth,
|
2019-03-14 17:31:51 +00:00
|
|
|
mobile_number=mobile_number,
|
|
|
|
|
delete=request.args.get('delete'),
|
2016-02-19 15:02:13 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2019-03-14 17:31:51 +00:00
|
|
|
@main.route("/services/<service_id>/users/<user_id>/delete", methods=['POST'])
|
|
|
|
|
@login_required
|
|
|
|
|
@user_has_permissions('manage_service')
|
2019-03-26 15:51:44 +00:00
|
|
|
def remove_user_from_service(service_id, user_id):
|
2019-03-14 17:31:51 +00:00
|
|
|
try:
|
|
|
|
|
service_api_client.remove_user_from_service(service_id, user_id)
|
|
|
|
|
except HTTPError as e:
|
|
|
|
|
msg = "You cannot remove the only user for a service"
|
|
|
|
|
if e.status_code == 400 and msg in e.message:
|
|
|
|
|
flash(msg, 'info')
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.manage_users',
|
|
|
|
|
service_id=service_id))
|
|
|
|
|
else:
|
|
|
|
|
abort(500, e)
|
|
|
|
|
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.manage_users',
|
|
|
|
|
service_id=service_id
|
|
|
|
|
))
|
2016-03-23 10:46:31 +00:00
|
|
|
|
|
|
|
|
|
2019-02-25 16:51:37 +00:00
|
|
|
@main.route("/services/<service_id>/users/<uuid:user_id>/edit-email", methods=['GET', 'POST'])
|
2019-02-19 15:35:51 +00:00
|
|
|
@login_required
|
|
|
|
|
@user_has_permissions('manage_service')
|
|
|
|
|
def edit_user_email(service_id, user_id):
|
2019-02-25 16:51:37 +00:00
|
|
|
user = current_service.get_team_member(user_id)
|
2019-02-19 15:35:51 +00:00
|
|
|
user_email = user.email_address
|
2019-02-19 18:01:01 +00:00
|
|
|
|
|
|
|
|
def _is_email_already_in_use(email):
|
|
|
|
|
return user_api_client.is_email_already_in_use(email)
|
|
|
|
|
|
2019-04-18 16:03:13 +01:00
|
|
|
if is_gov_user(user_email):
|
|
|
|
|
form = ChangeEmailForm(_is_email_already_in_use, email_address=user_email)
|
|
|
|
|
else:
|
|
|
|
|
form = ChangeNonGovEmailForm(_is_email_already_in_use, email_address=user_email)
|
2019-02-25 12:04:07 +00:00
|
|
|
|
|
|
|
|
if request.form.get('email_address', '').strip() == user_email:
|
|
|
|
|
return redirect(url_for('.manage_users', service_id=current_service.id))
|
|
|
|
|
|
2019-02-19 18:01:01 +00:00
|
|
|
if form.validate_on_submit():
|
|
|
|
|
session['team_member_email_change'] = form.email_address.data
|
|
|
|
|
|
|
|
|
|
return redirect(url_for('.confirm_edit_user_email', user_id=user.id, service_id=service_id))
|
2019-02-19 15:35:51 +00:00
|
|
|
|
|
|
|
|
return render_template(
|
|
|
|
|
'views/manage-users/edit-user-email.html',
|
|
|
|
|
user=user,
|
|
|
|
|
form=form,
|
|
|
|
|
service_id=service_id
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2019-02-25 16:51:37 +00:00
|
|
|
@main.route("/services/<service_id>/users/<uuid:user_id>/edit-email/confirm", methods=['GET', 'POST'])
|
2019-02-19 18:01:01 +00:00
|
|
|
@login_required
|
|
|
|
|
@user_has_permissions('manage_service')
|
|
|
|
|
def confirm_edit_user_email(service_id, user_id):
|
2019-02-25 16:51:37 +00:00
|
|
|
user = current_service.get_team_member(user_id)
|
2019-02-22 16:13:46 +00:00
|
|
|
if 'team_member_email_change' in session:
|
|
|
|
|
new_email = session['team_member_email_change']
|
|
|
|
|
else:
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.edit_user_email',
|
|
|
|
|
service_id=service_id,
|
|
|
|
|
user_id=user_id
|
|
|
|
|
))
|
2019-02-19 18:01:01 +00:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
try:
|
2019-02-26 16:28:05 +00:00
|
|
|
user_api_client.update_user_attribute(str(user_id), email_address=new_email, updated_by=current_user.id)
|
2019-02-19 18:01:01 +00:00
|
|
|
except HTTPError as e:
|
2019-02-25 14:27:37 +00:00
|
|
|
abort(500, e)
|
2019-04-03 11:47:46 +01:00
|
|
|
else:
|
|
|
|
|
create_email_change_event(user.id, current_user.id, user.email_address, new_email)
|
2019-02-22 16:20:54 +00:00
|
|
|
finally:
|
2019-02-25 14:27:37 +00:00
|
|
|
session.pop('team_member_email_change', None)
|
2019-02-19 18:01:01 +00:00
|
|
|
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.manage_users',
|
|
|
|
|
service_id=service_id
|
|
|
|
|
))
|
|
|
|
|
return render_template(
|
|
|
|
|
'views/manage-users/confirm-edit-user-email.html',
|
|
|
|
|
user=user,
|
2019-02-20 11:50:34 +00:00
|
|
|
service_id=service_id,
|
|
|
|
|
new_email=new_email
|
2019-02-19 18:01:01 +00:00
|
|
|
)
|
|
|
|
|
|
2019-02-20 11:50:34 +00:00
|
|
|
|
2019-02-26 11:47:15 +00:00
|
|
|
@main.route("/services/<service_id>/users/<uuid:user_id>/edit-mobile-number", methods=['GET', 'POST'])
|
2019-02-21 13:03:06 +00:00
|
|
|
@login_required
|
|
|
|
|
@user_has_permissions('manage_service')
|
2019-02-22 11:31:35 +00:00
|
|
|
def edit_user_mobile_number(service_id, user_id):
|
2019-02-26 11:47:15 +00:00
|
|
|
user = current_service.get_team_member(user_id)
|
2019-02-22 11:31:35 +00:00
|
|
|
user_mobile_number = redact_mobile_number(user.mobile_number)
|
|
|
|
|
|
|
|
|
|
form = ChangeMobileNumberForm(mobile_number=user_mobile_number)
|
2019-02-25 14:27:37 +00:00
|
|
|
if form.mobile_number.data == user_mobile_number and request.method == 'POST':
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.manage_users',
|
|
|
|
|
service_id=service_id
|
|
|
|
|
))
|
2019-02-22 12:28:18 +00:00
|
|
|
if form.validate_on_submit():
|
|
|
|
|
session['team_member_mobile_change'] = form.mobile_number.data
|
|
|
|
|
|
|
|
|
|
return redirect(url_for('.confirm_edit_user_mobile_number', user_id=user.id, service_id=service_id))
|
2019-02-22 11:31:35 +00:00
|
|
|
return render_template(
|
|
|
|
|
'views/manage-users/edit-user-mobile.html',
|
|
|
|
|
user=user,
|
|
|
|
|
form=form,
|
|
|
|
|
service_id=service_id
|
|
|
|
|
)
|
2019-02-21 13:03:06 +00:00
|
|
|
|
|
|
|
|
|
2019-02-26 11:47:15 +00:00
|
|
|
@main.route("/services/<service_id>/users/<uuid:user_id>/edit-mobile-number/confirm", methods=['GET', 'POST'])
|
2019-02-22 12:28:18 +00:00
|
|
|
@login_required
|
|
|
|
|
@user_has_permissions('manage_service')
|
|
|
|
|
def confirm_edit_user_mobile_number(service_id, user_id):
|
2019-02-26 11:47:15 +00:00
|
|
|
user = current_service.get_team_member(user_id)
|
2019-02-25 14:27:37 +00:00
|
|
|
if 'team_member_mobile_change' in session:
|
|
|
|
|
new_number = session['team_member_mobile_change']
|
|
|
|
|
else:
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.edit_user_mobile_number',
|
|
|
|
|
service_id=service_id,
|
|
|
|
|
user_id=user_id
|
|
|
|
|
))
|
2019-02-22 16:01:04 +00:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
try:
|
2019-02-26 16:28:05 +00:00
|
|
|
user_api_client.update_user_attribute(str(user_id), mobile_number=new_number, updated_by=current_user.id)
|
2019-02-22 16:01:04 +00:00
|
|
|
except HTTPError as e:
|
2019-02-25 14:27:37 +00:00
|
|
|
abort(500, e)
|
2019-04-03 11:47:46 +01:00
|
|
|
else:
|
|
|
|
|
create_mobile_number_change_event(user.id, current_user.id, user.mobile_number, new_number)
|
2019-02-25 14:27:37 +00:00
|
|
|
finally:
|
|
|
|
|
session.pop('team_member_mobile_change', None)
|
2019-02-22 16:01:04 +00:00
|
|
|
|
|
|
|
|
return redirect(url_for(
|
|
|
|
|
'.manage_users',
|
|
|
|
|
service_id=service_id
|
|
|
|
|
))
|
2019-02-22 15:06:42 +00:00
|
|
|
|
|
|
|
|
return render_template(
|
|
|
|
|
'views/manage-users/confirm-edit-user-mobile-number.html',
|
|
|
|
|
user=user,
|
|
|
|
|
service_id=service_id,
|
|
|
|
|
new_mobile_number=new_number
|
|
|
|
|
)
|
2019-02-22 12:28:18 +00:00
|
|
|
|
|
|
|
|
|
2019-02-25 16:51:37 +00:00
|
|
|
@main.route("/services/<service_id>/cancel-invited-user/<uuid:invited_user_id>", methods=['GET'])
|
2018-03-01 10:30:17 +00:00
|
|
|
@user_has_permissions('manage_service')
|
2016-03-01 16:12:26 +00:00
|
|
|
def cancel_invited_user(service_id, invited_user_id):
|
2019-02-25 16:51:37 +00:00
|
|
|
current_service.cancel_invite(invited_user_id)
|
2016-03-01 16:12:26 +00:00
|
|
|
|
|
|
|
|
return redirect(url_for('main.manage_users', service_id=service_id))
|
