mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-06 11:23:48 -05:00
notify-admin-571 add platform_admin condition for create service and create user
This commit is contained in:
Kenneth Kehl
@@ -6,7 +6,7 @@ from app import service_api_client
|
||||
from app.formatters import email_safe
|
||||
from app.main import main
|
||||
from app.main.forms import CreateServiceForm
|
||||
from app.utils.user import user_is_gov_user, user_is_logged_in
|
||||
from app.utils.user import user_is_gov_user, user_is_platform_admin
|
||||
|
||||
|
||||
def _create_service(service_name, organization_type, email_from, form):
|
||||
@@ -41,8 +41,8 @@ def _create_example_template(service_id):
|
||||
|
||||
|
||||
@main.route("/add-service", methods=["GET", "POST"])
|
||||
@user_is_logged_in
|
||||
@user_is_gov_user
|
||||
@user_is_platform_admin
|
||||
def add_service():
|
||||
default_organization_type = current_user.default_organization_type
|
||||
if default_organization_type is None:
|
||||
|
||||
@@ -21,7 +21,7 @@ from app.main.forms import (
|
||||
SearchUsersForm,
|
||||
)
|
||||
from app.models.user import InvitedUser, User
|
||||
from app.utils.user import is_gov_user, user_has_permissions
|
||||
from app.utils.user import is_gov_user, user_has_permissions, user_is_platform_admin
|
||||
from app.utils.user_permissions import permission_options
|
||||
|
||||
|
||||
@@ -42,10 +42,9 @@ def manage_users(service_id):
|
||||
@main.route(
|
||||
"/services/<uuid:service_id>/users/invite/<uuid:user_id>", methods=["GET", "POST"]
|
||||
)
|
||||
@user_has_permissions("manage_service")
|
||||
@user_is_platform_admin
|
||||
def invite_user(service_id, user_id=None):
|
||||
form_class = InviteUserForm
|
||||
|
||||
form = form_class(
|
||||
inviter_email_address=current_user.email_address,
|
||||
all_template_folders=current_service.all_template_folders,
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
from datetime import datetime
|
||||
|
||||
from notifications_utils.clients.redis import daily_total_cache_key
|
||||
|
||||
from app.extensions import redis_client
|
||||
from app.notify_client import NotifyAdminAPIClient, _attach_current_user, cache
|
||||
|
||||
# from notifications_utils.clients.redis import daily_total_cache_key
|
||||
|
||||
|
||||
class ServiceAPIClient(NotifyAdminAPIClient):
|
||||
@cache.delete("user-{user_id}")
|
||||
@@ -499,8 +499,8 @@ class ServiceAPIClient(NotifyAdminAPIClient):
|
||||
|
||||
def get_global_notification_count(self):
|
||||
# if cache is not set, or not enabled, return 0
|
||||
count = redis_client.get(daily_total_cache_key()) or 0
|
||||
|
||||
# count = redis_client.get(daily_total_cache_key()) or 0
|
||||
count = 0
|
||||
return int(count)
|
||||
|
||||
|
||||
|
||||
@@ -31,7 +31,9 @@ def test_get_should_render_add_service_template(
|
||||
client_request,
|
||||
mocker,
|
||||
org_json,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.organizations_client.get_organization_by_domain",
|
||||
return_value=org_json,
|
||||
@@ -42,9 +44,9 @@ def test_get_should_render_add_service_template(
|
||||
|
||||
|
||||
def test_get_should_not_render_radios_if_org_type_known(
|
||||
client_request,
|
||||
mocker,
|
||||
client_request, mocker, platform_admin_user
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.organizations_client.get_organization_by_domain",
|
||||
return_value=organization_json(organization_type="central"),
|
||||
@@ -56,9 +58,9 @@ def test_get_should_not_render_radios_if_org_type_known(
|
||||
|
||||
|
||||
def test_show_different_page_if_user_org_type_is_local(
|
||||
client_request,
|
||||
mocker,
|
||||
client_request, mocker, platform_admin_user
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.organizations_client.get_organization_by_domain",
|
||||
return_value=organization_json(organization_type="local"),
|
||||
@@ -101,9 +103,10 @@ def test_should_add_service_and_redirect_to_tour_when_no_services(
|
||||
posted,
|
||||
persisted,
|
||||
sms_limit,
|
||||
platform_admin_user,
|
||||
):
|
||||
api_user_active["email_address"] = email_address
|
||||
client_request.login(api_user_active)
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.organizations_client.get_organization_by_domain",
|
||||
return_value=organization_json(organization_type=inherited),
|
||||
@@ -151,7 +154,9 @@ def test_add_service_has_to_choose_org_type(
|
||||
mock_get_services_with_no_services,
|
||||
api_user_active,
|
||||
mock_get_all_email_branding,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.organizations_client.get_organization_by_domain",
|
||||
return_value=None,
|
||||
@@ -223,7 +228,9 @@ def test_should_add_service_and_redirect_to_dashboard_when_existing_service(
|
||||
organization_type,
|
||||
free_allowance,
|
||||
mock_get_all_email_branding,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
client_request.post(
|
||||
"main.add_service",
|
||||
_data={
|
||||
@@ -252,7 +259,9 @@ def test_add_service_fails_if_service_name_fails_validation(
|
||||
mock_get_organization_by_domain,
|
||||
name,
|
||||
error_message,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.post(
|
||||
"main.add_service",
|
||||
_data={"name": name},
|
||||
@@ -263,9 +272,7 @@ def test_add_service_fails_if_service_name_fails_validation(
|
||||
|
||||
@freeze_time("2021-01-01")
|
||||
def test_should_return_form_errors_with_duplicate_service_name_regardless_of_case(
|
||||
client_request,
|
||||
mock_get_organization_by_domain,
|
||||
mocker,
|
||||
client_request, mock_get_organization_by_domain, mocker, platform_admin_user
|
||||
):
|
||||
def _create(**_kwargs):
|
||||
json_mock = mocker.Mock(
|
||||
@@ -276,7 +283,7 @@ def test_should_return_form_errors_with_duplicate_service_name_regardless_of_cas
|
||||
raise http_error
|
||||
|
||||
mocker.patch("app.service_api_client.create_service", side_effect=_create)
|
||||
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.post(
|
||||
"main.add_service",
|
||||
_data={
|
||||
|
||||
@@ -341,9 +341,11 @@ def test_service_with_no_email_auth_hides_auth_type_options(
|
||||
service_one,
|
||||
mock_get_users_by_service,
|
||||
mock_get_template_folders,
|
||||
platform_admin_user,
|
||||
):
|
||||
if service_has_email_auth:
|
||||
service_one["permissions"].append("email_auth")
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.get(endpoint, service_id=service_one["id"], **extra_args)
|
||||
assert (
|
||||
page.find("input", attrs={"name": "login_authentication"}) is None
|
||||
@@ -371,7 +373,9 @@ def test_service_without_caseworking_doesnt_show_admin_vs_caseworker(
|
||||
endpoint,
|
||||
service_has_caseworking,
|
||||
extra_args,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.get(endpoint, service_id=SERVICE_ONE_ID, **extra_args)
|
||||
permission_checkboxes = page.select("input[type=checkbox]")
|
||||
|
||||
@@ -488,7 +492,9 @@ def test_should_show_page_for_one_user(
|
||||
endpoint,
|
||||
extra_args,
|
||||
expected_checkboxes,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.get(endpoint, service_id=SERVICE_ONE_ID, **extra_args)
|
||||
checkboxes = page.select("input[type=checkbox]")
|
||||
|
||||
@@ -506,8 +512,10 @@ def test_invite_user_allows_to_choose_auth(
|
||||
mock_get_users_by_service,
|
||||
mock_get_template_folders,
|
||||
service_one,
|
||||
platform_admin_user,
|
||||
):
|
||||
service_one["permissions"].append("email_auth")
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.get("main.invite_user", service_id=SERVICE_ONE_ID)
|
||||
|
||||
radio_buttons = page.select("input[name=login_authentication]")
|
||||
@@ -521,7 +529,9 @@ def test_invite_user_has_correct_email_field(
|
||||
client_request,
|
||||
mock_get_users_by_service,
|
||||
mock_get_template_folders,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
email_field = client_request.get(
|
||||
"main.invite_user", service_id=SERVICE_ONE_ID
|
||||
).select_one("#email_address")
|
||||
@@ -835,9 +845,9 @@ def test_edit_user_permissions_shows_authentication_for_email_auth_service(
|
||||
def test_should_show_page_for_inviting_user(
|
||||
client_request,
|
||||
mock_get_template_folders,
|
||||
active_user_with_permissions,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(active_user_with_permissions)
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.get(
|
||||
"main.invite_user",
|
||||
service_id=SERVICE_ONE_ID,
|
||||
@@ -874,15 +884,9 @@ def test_should_show_page_for_inviting_user_with_email_prefilled(
|
||||
# We have the user’s name in the H1 but don’t want it duplicated
|
||||
# in the page title
|
||||
_test_page_title=False,
|
||||
_expected_status=403,
|
||||
)
|
||||
assert normalize_spaces(page.select_one("title").text).startswith(
|
||||
"Invite a team member"
|
||||
)
|
||||
assert normalize_spaces(page.select_one("h1").text) == ("Invite Service Two User")
|
||||
# assert normalize_spaces(page.select_one('main .gov-uk').text) == (
|
||||
# 'service-two-user@test.gsa.gov'
|
||||
# )
|
||||
assert not page.select("input#email_address") or page.select("input[type=email]")
|
||||
assert "not allowed to see this page" in page.h1.string.strip()
|
||||
|
||||
|
||||
def test_should_show_page_if_prefilled_user_is_already_a_team_member(
|
||||
@@ -892,8 +896,9 @@ def test_should_show_page_if_prefilled_user_is_already_a_team_member(
|
||||
fake_uuid,
|
||||
active_user_with_permissions,
|
||||
active_caseworking_user,
|
||||
platform_admin_user,
|
||||
):
|
||||
client_request.login(active_user_with_permissions)
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.models.user.user_api_client.get_user",
|
||||
side_effect=[
|
||||
@@ -923,14 +928,14 @@ def test_should_show_page_if_prefilled_user_is_already_invited(
|
||||
client_request,
|
||||
mock_get_template_folders,
|
||||
fake_uuid,
|
||||
active_user_with_permissions,
|
||||
active_user_with_permission_to_other_service,
|
||||
mock_get_invites_for_service,
|
||||
platform_admin_user,
|
||||
):
|
||||
active_user_with_permission_to_other_service[
|
||||
"email_address"
|
||||
] = "user_1@testnotify.gsa.gov"
|
||||
client_request.login(active_user_with_permissions)
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.models.user.user_api_client.get_user",
|
||||
side_effect=[
|
||||
@@ -1011,8 +1016,9 @@ def test_should_403_if_trying_to_prefill_email_address_for_user_from_other_organ
|
||||
|
||||
|
||||
def test_should_show_folder_permission_form_if_service_has_folder_permissions_enabled(
|
||||
client_request, mocker, mock_get_template_folders, service_one
|
||||
client_request, mocker, mock_get_template_folders, service_one, platform_admin_user
|
||||
):
|
||||
client_request.login(platform_admin_user)
|
||||
mock_get_template_folders.return_value = [
|
||||
{
|
||||
"id": "folder-id-1",
|
||||
@@ -1050,7 +1056,7 @@ def test_should_show_folder_permission_form_if_service_has_folder_permissions_en
|
||||
)
|
||||
def test_invite_user(
|
||||
client_request,
|
||||
active_user_with_permissions,
|
||||
platform_admin_user,
|
||||
mocker,
|
||||
sample_invite,
|
||||
email_address,
|
||||
@@ -1066,9 +1072,10 @@ def test_invite_user(
|
||||
)
|
||||
mocker.patch(
|
||||
"app.models.user.Users.client_method",
|
||||
return_value=[active_user_with_permissions],
|
||||
return_value=[platform_admin_user],
|
||||
)
|
||||
mocker.patch("app.invite_api_client.create_invite", return_value=sample_invite)
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.post(
|
||||
"main.invite_user",
|
||||
service_id=SERVICE_ONE_ID,
|
||||
@@ -1109,7 +1116,7 @@ def test_invite_user(
|
||||
def test_invite_user_when_email_address_is_prefilled(
|
||||
client_request,
|
||||
service_one,
|
||||
active_user_with_permissions,
|
||||
platform_admin_user,
|
||||
active_user_with_permission_to_other_service,
|
||||
fake_uuid,
|
||||
mocker,
|
||||
@@ -1119,7 +1126,7 @@ def test_invite_user_when_email_address_is_prefilled(
|
||||
mock_get_organization_by_domain,
|
||||
):
|
||||
service_one["organization"] = ORGANISATION_ID
|
||||
client_request.login(active_user_with_permissions)
|
||||
client_request.login(platform_admin_user)
|
||||
mocker.patch(
|
||||
"app.models.user.user_api_client.get_user",
|
||||
side_effect=[
|
||||
@@ -1140,7 +1147,7 @@ def test_invite_user_when_email_address_is_prefilled(
|
||||
)
|
||||
|
||||
app.invite_api_client.create_invite.assert_called_once_with(
|
||||
active_user_with_permissions["id"],
|
||||
platform_admin_user["id"],
|
||||
SERVICE_ONE_ID,
|
||||
active_user_with_permission_to_other_service["email_address"],
|
||||
{"send_messages"},
|
||||
@@ -1157,7 +1164,7 @@ def test_invite_user_when_email_address_is_prefilled(
|
||||
def test_invite_user_with_email_auth_service(
|
||||
client_request,
|
||||
service_one,
|
||||
active_user_with_permissions,
|
||||
platform_admin_user,
|
||||
sample_invite,
|
||||
email_address,
|
||||
gov_user,
|
||||
@@ -1175,10 +1182,11 @@ def test_invite_user_with_email_auth_service(
|
||||
)
|
||||
mocker.patch(
|
||||
"app.models.user.Users.client_method",
|
||||
return_value=[active_user_with_permissions],
|
||||
return_value=[platform_admin_user],
|
||||
)
|
||||
mocker.patch("app.invite_api_client.create_invite", return_value=sample_invite)
|
||||
|
||||
client_request.login(platform_admin_user)
|
||||
page = client_request.post(
|
||||
"main.invite_user",
|
||||
service_id=SERVICE_ONE_ID,
|
||||
@@ -1361,11 +1369,9 @@ def test_user_cant_invite_themselves(
|
||||
"permissions_field": ["send_messages", "manage_service", "manage_api_keys"],
|
||||
},
|
||||
_follow_redirects=True,
|
||||
_expected_status=200,
|
||||
_expected_status=403,
|
||||
)
|
||||
assert page.h1.string.strip() == "Invite a team member"
|
||||
form_error = page.find("span", class_="usa-error-message").text.strip()
|
||||
assert form_error == "Error: You cannot send an invitation to yourself"
|
||||
assert "not allowed to see this page" in page.h1.string.strip()
|
||||
assert not mock_create_invite.called
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user