darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-10 15:13:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

Relabel existing permissions

Browse Source 
Since we have added a new, 5th permission the existing permissions
should be relabelled so that the five make sense as a coherent set.

We especially want to make sure that:
- the labels work against the checkboxes and against the tick/crosses on
  the manage users page (a long time ago this page was layed out
  differently so didn’t have space for full labels)
- there is no confusion between usage and reports

This commit also:
- re-adds a line about what all users can see (‘sent messages’) but
  continues to omit the additional bullet points about templates and
  team members (because we think this is clear enough from reading the
  permissions)
- refactors the `Form` subclass so that the content and order of the
  permissions only have to be defined once
- brings back the ‘permissions’ legend on the `fieldset`
This commit is contained in:
Chris Hill-Scott
2018-08-08 08:45:58 +01:00
parent 5108187cab
commit 347912876c
6 changed files with 76 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/main/forms.py
View File

@@ -40,7 +40,7 @@ from app.main.validators import (
ValidEmail, ValidEmail,
ValidGovEmail, ValidGovEmail,
) )
from app.notify_client.models import roles from app.notify_client.models import permissions, roles
from app.utils import guess_name_from_email_address from app.utils import guess_name_from_email_address
@@ -256,13 +256,12 @@ class RegisterUserFromOrgInviteForm(StripWhitespaceForm):
auth_type = HiddenField('auth_type', validators=[DataRequired()]) auth_type = HiddenField('auth_type', validators=[DataRequired()])
class PermissionsForm(StripWhitespaceForm): PermissionsAbstract = type("PermissionsAbstract", (StripWhitespaceForm,), {
permission: BooleanField(label) for permission, label in permissions
})
view_activity = BooleanField("See dashboard and reports")
send_messages = BooleanField("Send messages") class PermissionsForm(PermissionsAbstract):
manage_templates = BooleanField("Add and edit templates")
manage_service = BooleanField("Manage this service and its team")
manage_api_keys = BooleanField("Manage API keys")
login_authentication = RadioField( login_authentication = RadioField(
'Sign in using', 'Sign in using',
@@ -277,6 +276,10 @@ class PermissionsForm(StripWhitespaceForm):
def permissions(self): def permissions(self):
return {role for role in roles.keys() if self[role].data is True} return {role for role in roles.keys() if self[role].data is True}
@property
def permissions_fields(self):
return (getattr(self, permission) for permission, _ in permissions)
@classmethod @classmethod
def from_user(cls, user, service_id): def from_user(cls, user, service_id):
return cls( return cls(

2
app/main/views/manage_users.py
View File

@@ -10,6 +10,7 @@ from app import (
) )
from app.main import main from app.main import main
from app.main.forms import InviteUserForm, PermissionsForm, SearchUsersForm from app.main.forms import InviteUserForm, PermissionsForm, SearchUsersForm
from app.notify_client.models import permissions
from app.utils import user_has_permissions from app.utils import user_has_permissions
@@ -31,6 +32,7 @@ def manage_users(service_id):
current_user=current_user, current_user=current_user,
show_search_box=(len(users) > 7), show_search_box=(len(users) > 7),
form=SearchUsersForm(), form=SearchUsersForm(),
permissions=permissions,
) )

8
app/notify_client/models.py
View File

@@ -20,6 +20,14 @@ roles_by_permission = {
all_permissions = set(roles_by_permission.values()) all_permissions = set(roles_by_permission.values())
permissions = (
('view_activity', 'See dashboard and reports'),
('send_messages', 'Send messages using templates'),
('manage_templates', 'Add and edit templates'),
('manage_service', 'Manage settings, team members and usage'),
('manage_api_keys', 'Manage API integration'),
)
def _get_service_id_from_view_args(): def _get_service_id_from_view_args():
return request.view_args.get('service_id', None) return request.view_args.get('service_id', None)

26
app/templates/views/manage-users.html
View File

@@ -63,26 +63,12 @@
</h3> </h3>
<ul class="tick-cross-list"> <ul class="tick-cross-list">
<div class="tick-cross-list-permissions"> <div class="tick-cross-list-permissions">
{{ tick_cross( {% for permission, label in permissions %}
user.has_permission_for_service(current_service.id, 'view_activity'), {{ tick_cross(
'See dashboard and reports' user.has_permission_for_service(current_service.id, permission),
) }} label
{{ tick_cross( ) }}
user.has_permission_for_service(current_service.id, 'send_messages'), {% endfor %}
'Send messages'
) }}
{{ tick_cross(
user.has_permission_for_service(current_service.id, 'manage_templates'),
'Add and edit templates'
) }}
{{ tick_cross(
user.has_permission_for_service(current_service.id, 'manage_service'),
'Manage service'
) }}
{{ tick_cross(
user.has_permission_for_service(current_service.id, 'manage_api_keys'),
'Access API keys'
) }}
{% if current_service.has_permission('email_auth') %} {% if current_service.has_permission('email_auth') %}
<div class="tick-cross-list-hint"> <div class="tick-cross-list-hint">
{% if user.auth_type == 'sms_auth' %} {% if user.auth_type == 'sms_auth' %}

14
app/templates/views/manage-users/permissions.html
View File

@@ -2,16 +2,18 @@
{% from "components/radios.html" import radio, radios, radios_wrapper, conditional_radio_panel %} {% from "components/radios.html" import radio, radios, radios_wrapper, conditional_radio_panel %}
<fieldset class="form-group"> <fieldset class="form-group">
<legend class="form-label visually-hidden"> <legend class="form-label">
Permissions Permissions
</legend> </legend>
{{ checkbox(form.view_activity) }} {% for field in form.permissions_fields %}
{{ checkbox(form.send_messages) }} {{ checkbox(field) }}
{{ checkbox(form.manage_templates) }} {% endfor %}
{{ checkbox(form.manage_service) }}
{{ checkbox(form.manage_api_keys) }}
</fieldset> </fieldset>
<p class="bottom-gutter">
All team members can see sent messages.
</p>
{% if service_has_email_auth %} {% if service_has_email_auth %}
{% if user_has_no_mobile_number %} {% if user_has_no_mobile_number %}
{{ radios( {{ radios(

84
tests/app/main/views/test_manage_users.py
View File

@@ -26,18 +26,18 @@ from tests.conftest import service_one as create_sample_service
( (
'Test User (you) ' 'Test User (you) '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Can Send messages ' 'Can Send messages using templates '
'Can Add and edit templates ' 'Can Add and edit templates '
'Can Manage service ' 'Can Manage settings, team members and usage '
'Can Access API keys' 'Can Manage API integration'
), ),
( (
'ZZZZZZZZ zzzzzzz@example.gov.uk ' 'ZZZZZZZZ zzzzzzz@example.gov.uk '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys ' 'Cant Manage API integration '
'Edit permissions' 'Edit permissions'
) )
), ),
@@ -46,18 +46,18 @@ from tests.conftest import service_one as create_sample_service
( (
'Test User With Empty Permissions (you) ' 'Test User With Empty Permissions (you) '
'Cant See dashboard and reports ' 'Cant See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
), ),
( (
'ZZZZZZZZ zzzzzzz@example.gov.uk ' 'ZZZZZZZZ zzzzzzz@example.gov.uk '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
), ),
), ),
( (
@@ -65,18 +65,18 @@ from tests.conftest import service_one as create_sample_service
( (
'Test User With Permissions (you) ' 'Test User With Permissions (you) '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
), ),
( (
'ZZZZZZZZ zzzzzzz@example.gov.uk ' 'ZZZZZZZZ zzzzzzz@example.gov.uk '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
) )
), ),
( (
@@ -84,18 +84,18 @@ from tests.conftest import service_one as create_sample_service
( (
'Test User With Permissions (you) ' 'Test User With Permissions (you) '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Can Add and edit templates ' 'Can Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
), ),
( (
'ZZZZZZZZ zzzzzzz@example.gov.uk ' 'ZZZZZZZZ zzzzzzz@example.gov.uk '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
) )
), ),
( (
@@ -103,18 +103,18 @@ from tests.conftest import service_one as create_sample_service
( (
'Test User With Permissions (you) ' 'Test User With Permissions (you) '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Can Add and edit templates ' 'Can Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
), ),
( (
'ZZZZZZZZ zzzzzzz@example.gov.uk ' 'ZZZZZZZZ zzzzzzz@example.gov.uk '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
) )
), ),
]) ])
@@ -175,19 +175,19 @@ def test_should_show_caseworker_on_overview_page(
assert normalize_spaces(page.select('.user-list-item')[0].text) == ( assert normalize_spaces(page.select('.user-list-item')[0].text) == (
'Test User With Permissions (you) ' 'Test User With Permissions (you) '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
) )
# [1:5] are invited users # [1:5] are invited users
assert normalize_spaces(page.select('.user-list-item')[6].text) == ( assert normalize_spaces(page.select('.user-list-item')[6].text) == (
'Test User zzzzzzz@example.gov.uk ' 'Test User zzzzzzz@example.gov.uk '
'Cant See dashboard and reports ' 'Cant See dashboard and reports '
'Can Send messages ' 'Can Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
) )
@@ -606,20 +606,20 @@ def test_cancel_invited_user_cancels_user_invitations(
('pending', ( ('pending', (
'invited_user@test.gov.uk (invited) ' 'invited_user@test.gov.uk (invited) '
'Can See dashboard and reports ' 'Can See dashboard and reports '
'Can Send messages ' 'Can Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Can Manage service ' 'Can Manage settings, team members and usage '
'Can Access API keys ' 'Can Manage API integration '
'Cancel invitation' 'Cancel invitation'
)), )),
('cancelled', ( ('cancelled', (
'invited_user@test.gov.uk (cancelled invite) ' 'invited_user@test.gov.uk (cancelled invite) '
# all permissions are greyed out # all permissions are greyed out
'Cant See dashboard and reports ' 'Cant See dashboard and reports '
'Cant Send messages ' 'Cant Send messages using templates '
'Cant Add and edit templates ' 'Cant Add and edit templates '
'Cant Manage service ' 'Cant Manage settings, team members and usage '
'Cant Access API keys' 'Cant Manage API integration'
)), )),
]) ])
def test_manage_users_shows_invited_user( def test_manage_users_shows_invited_user(