diff --git a/app/main/views/add_service.py b/app/main/views/add_service.py index 3e4726089..1c187c5eb 100644 --- a/app/main/views/add_service.py +++ b/app/main/views/add_service.py @@ -6,7 +6,7 @@ from app import service_api_client from app.formatters import email_safe from app.main import main from app.main.forms import CreateServiceForm -from app.utils.user import user_is_gov_user, user_is_logged_in +from app.utils.user import user_is_gov_user, user_is_platform_admin def _create_service(service_name, organization_type, email_from, form): @@ -41,8 +41,8 @@ def _create_example_template(service_id): @main.route("/add-service", methods=["GET", "POST"]) -@user_is_logged_in @user_is_gov_user +@user_is_platform_admin def add_service(): default_organization_type = current_user.default_organization_type if default_organization_type is None: diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py index b1527db3a..d23c27d2f 100644 --- a/app/main/views/manage_users.py +++ b/app/main/views/manage_users.py @@ -21,7 +21,7 @@ from app.main.forms import ( SearchUsersForm, ) from app.models.user import InvitedUser, User -from app.utils.user import is_gov_user, user_has_permissions +from app.utils.user import is_gov_user, user_has_permissions, user_is_platform_admin from app.utils.user_permissions import permission_options @@ -42,10 +42,9 @@ def manage_users(service_id): @main.route( "/services//users/invite/", methods=["GET", "POST"] ) -@user_has_permissions("manage_service") +@user_is_platform_admin def invite_user(service_id, user_id=None): form_class = InviteUserForm - form = form_class( inviter_email_address=current_user.email_address, all_template_folders=current_service.all_template_folders, diff --git a/app/notify_client/service_api_client.py b/app/notify_client/service_api_client.py index 3c29111df..11486114f 100644 --- a/app/notify_client/service_api_client.py +++ b/app/notify_client/service_api_client.py @@ -1,10 +1,10 @@ from datetime import datetime -from notifications_utils.clients.redis import daily_total_cache_key - from app.extensions import redis_client from app.notify_client import NotifyAdminAPIClient, _attach_current_user, cache +# from notifications_utils.clients.redis import daily_total_cache_key + class ServiceAPIClient(NotifyAdminAPIClient): @cache.delete("user-{user_id}") @@ -499,8 +499,8 @@ class ServiceAPIClient(NotifyAdminAPIClient): def get_global_notification_count(self): # if cache is not set, or not enabled, return 0 - count = redis_client.get(daily_total_cache_key()) or 0 - + # count = redis_client.get(daily_total_cache_key()) or 0 + count = 0 return int(count) diff --git a/tests/app/main/views/test_add_service.py b/tests/app/main/views/test_add_service.py index 412fc475d..0d04715ac 100644 --- a/tests/app/main/views/test_add_service.py +++ b/tests/app/main/views/test_add_service.py @@ -31,7 +31,9 @@ def test_get_should_render_add_service_template( client_request, mocker, org_json, + platform_admin_user, ): + client_request.login(platform_admin_user) mocker.patch( "app.organizations_client.get_organization_by_domain", return_value=org_json, @@ -42,9 +44,9 @@ def test_get_should_render_add_service_template( def test_get_should_not_render_radios_if_org_type_known( - client_request, - mocker, + client_request, mocker, platform_admin_user ): + client_request.login(platform_admin_user) mocker.patch( "app.organizations_client.get_organization_by_domain", return_value=organization_json(organization_type="central"), @@ -56,9 +58,9 @@ def test_get_should_not_render_radios_if_org_type_known( def test_show_different_page_if_user_org_type_is_local( - client_request, - mocker, + client_request, mocker, platform_admin_user ): + client_request.login(platform_admin_user) mocker.patch( "app.organizations_client.get_organization_by_domain", return_value=organization_json(organization_type="local"), @@ -101,9 +103,10 @@ def test_should_add_service_and_redirect_to_tour_when_no_services( posted, persisted, sms_limit, + platform_admin_user, ): api_user_active["email_address"] = email_address - client_request.login(api_user_active) + client_request.login(platform_admin_user) mocker.patch( "app.organizations_client.get_organization_by_domain", return_value=organization_json(organization_type=inherited), @@ -151,7 +154,9 @@ def test_add_service_has_to_choose_org_type( mock_get_services_with_no_services, api_user_active, mock_get_all_email_branding, + platform_admin_user, ): + client_request.login(platform_admin_user) mocker.patch( "app.organizations_client.get_organization_by_domain", return_value=None, @@ -223,7 +228,9 @@ def test_should_add_service_and_redirect_to_dashboard_when_existing_service( organization_type, free_allowance, mock_get_all_email_branding, + platform_admin_user, ): + client_request.login(platform_admin_user) client_request.post( "main.add_service", _data={ @@ -252,7 +259,9 @@ def test_add_service_fails_if_service_name_fails_validation( mock_get_organization_by_domain, name, error_message, + platform_admin_user, ): + client_request.login(platform_admin_user) page = client_request.post( "main.add_service", _data={"name": name}, @@ -263,9 +272,7 @@ def test_add_service_fails_if_service_name_fails_validation( @freeze_time("2021-01-01") def test_should_return_form_errors_with_duplicate_service_name_regardless_of_case( - client_request, - mock_get_organization_by_domain, - mocker, + client_request, mock_get_organization_by_domain, mocker, platform_admin_user ): def _create(**_kwargs): json_mock = mocker.Mock( @@ -276,7 +283,7 @@ def test_should_return_form_errors_with_duplicate_service_name_regardless_of_cas raise http_error mocker.patch("app.service_api_client.create_service", side_effect=_create) - + client_request.login(platform_admin_user) page = client_request.post( "main.add_service", _data={ diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py index 99d273ab8..10712f803 100644 --- a/tests/app/main/views/test_manage_users.py +++ b/tests/app/main/views/test_manage_users.py @@ -341,9 +341,11 @@ def test_service_with_no_email_auth_hides_auth_type_options( service_one, mock_get_users_by_service, mock_get_template_folders, + platform_admin_user, ): if service_has_email_auth: service_one["permissions"].append("email_auth") + client_request.login(platform_admin_user) page = client_request.get(endpoint, service_id=service_one["id"], **extra_args) assert ( page.find("input", attrs={"name": "login_authentication"}) is None @@ -371,7 +373,9 @@ def test_service_without_caseworking_doesnt_show_admin_vs_caseworker( endpoint, service_has_caseworking, extra_args, + platform_admin_user, ): + client_request.login(platform_admin_user) page = client_request.get(endpoint, service_id=SERVICE_ONE_ID, **extra_args) permission_checkboxes = page.select("input[type=checkbox]") @@ -488,7 +492,9 @@ def test_should_show_page_for_one_user( endpoint, extra_args, expected_checkboxes, + platform_admin_user, ): + client_request.login(platform_admin_user) page = client_request.get(endpoint, service_id=SERVICE_ONE_ID, **extra_args) checkboxes = page.select("input[type=checkbox]") @@ -506,8 +512,10 @@ def test_invite_user_allows_to_choose_auth( mock_get_users_by_service, mock_get_template_folders, service_one, + platform_admin_user, ): service_one["permissions"].append("email_auth") + client_request.login(platform_admin_user) page = client_request.get("main.invite_user", service_id=SERVICE_ONE_ID) radio_buttons = page.select("input[name=login_authentication]") @@ -521,7 +529,9 @@ def test_invite_user_has_correct_email_field( client_request, mock_get_users_by_service, mock_get_template_folders, + platform_admin_user, ): + client_request.login(platform_admin_user) email_field = client_request.get( "main.invite_user", service_id=SERVICE_ONE_ID ).select_one("#email_address") @@ -835,9 +845,9 @@ def test_edit_user_permissions_shows_authentication_for_email_auth_service( def test_should_show_page_for_inviting_user( client_request, mock_get_template_folders, - active_user_with_permissions, + platform_admin_user, ): - client_request.login(active_user_with_permissions) + client_request.login(platform_admin_user) page = client_request.get( "main.invite_user", service_id=SERVICE_ONE_ID, @@ -874,15 +884,9 @@ def test_should_show_page_for_inviting_user_with_email_prefilled( # We have the user’s name in the H1 but don’t want it duplicated # in the page title _test_page_title=False, + _expected_status=403, ) - assert normalize_spaces(page.select_one("title").text).startswith( - "Invite a team member" - ) - assert normalize_spaces(page.select_one("h1").text) == ("Invite Service Two User") - # assert normalize_spaces(page.select_one('main .gov-uk').text) == ( - # 'service-two-user@test.gsa.gov' - # ) - assert not page.select("input#email_address") or page.select("input[type=email]") + assert "not allowed to see this page" in page.h1.string.strip() def test_should_show_page_if_prefilled_user_is_already_a_team_member( @@ -892,8 +896,9 @@ def test_should_show_page_if_prefilled_user_is_already_a_team_member( fake_uuid, active_user_with_permissions, active_caseworking_user, + platform_admin_user, ): - client_request.login(active_user_with_permissions) + client_request.login(platform_admin_user) mocker.patch( "app.models.user.user_api_client.get_user", side_effect=[ @@ -923,14 +928,14 @@ def test_should_show_page_if_prefilled_user_is_already_invited( client_request, mock_get_template_folders, fake_uuid, - active_user_with_permissions, active_user_with_permission_to_other_service, mock_get_invites_for_service, + platform_admin_user, ): active_user_with_permission_to_other_service[ "email_address" ] = "user_1@testnotify.gsa.gov" - client_request.login(active_user_with_permissions) + client_request.login(platform_admin_user) mocker.patch( "app.models.user.user_api_client.get_user", side_effect=[ @@ -1011,8 +1016,9 @@ def test_should_403_if_trying_to_prefill_email_address_for_user_from_other_organ def test_should_show_folder_permission_form_if_service_has_folder_permissions_enabled( - client_request, mocker, mock_get_template_folders, service_one + client_request, mocker, mock_get_template_folders, service_one, platform_admin_user ): + client_request.login(platform_admin_user) mock_get_template_folders.return_value = [ { "id": "folder-id-1", @@ -1050,7 +1056,7 @@ def test_should_show_folder_permission_form_if_service_has_folder_permissions_en ) def test_invite_user( client_request, - active_user_with_permissions, + platform_admin_user, mocker, sample_invite, email_address, @@ -1066,9 +1072,10 @@ def test_invite_user( ) mocker.patch( "app.models.user.Users.client_method", - return_value=[active_user_with_permissions], + return_value=[platform_admin_user], ) mocker.patch("app.invite_api_client.create_invite", return_value=sample_invite) + client_request.login(platform_admin_user) page = client_request.post( "main.invite_user", service_id=SERVICE_ONE_ID, @@ -1109,7 +1116,7 @@ def test_invite_user( def test_invite_user_when_email_address_is_prefilled( client_request, service_one, - active_user_with_permissions, + platform_admin_user, active_user_with_permission_to_other_service, fake_uuid, mocker, @@ -1119,7 +1126,7 @@ def test_invite_user_when_email_address_is_prefilled( mock_get_organization_by_domain, ): service_one["organization"] = ORGANISATION_ID - client_request.login(active_user_with_permissions) + client_request.login(platform_admin_user) mocker.patch( "app.models.user.user_api_client.get_user", side_effect=[ @@ -1140,7 +1147,7 @@ def test_invite_user_when_email_address_is_prefilled( ) app.invite_api_client.create_invite.assert_called_once_with( - active_user_with_permissions["id"], + platform_admin_user["id"], SERVICE_ONE_ID, active_user_with_permission_to_other_service["email_address"], {"send_messages"}, @@ -1157,7 +1164,7 @@ def test_invite_user_when_email_address_is_prefilled( def test_invite_user_with_email_auth_service( client_request, service_one, - active_user_with_permissions, + platform_admin_user, sample_invite, email_address, gov_user, @@ -1175,10 +1182,11 @@ def test_invite_user_with_email_auth_service( ) mocker.patch( "app.models.user.Users.client_method", - return_value=[active_user_with_permissions], + return_value=[platform_admin_user], ) mocker.patch("app.invite_api_client.create_invite", return_value=sample_invite) + client_request.login(platform_admin_user) page = client_request.post( "main.invite_user", service_id=SERVICE_ONE_ID, @@ -1361,11 +1369,9 @@ def test_user_cant_invite_themselves( "permissions_field": ["send_messages", "manage_service", "manage_api_keys"], }, _follow_redirects=True, - _expected_status=200, + _expected_status=403, ) - assert page.h1.string.strip() == "Invite a team member" - form_error = page.find("span", class_="usa-error-message").text.strip() - assert form_error == "Error: You cannot send an invitation to yourself" + assert "not allowed to see this page" in page.h1.string.strip() assert not mock_create_invite.called