Expand permissions to all possible values on admin before posting to

api. This makes template work for both existing and invited users.

API will no longer need to convert from what ui presents as permissions

app/main/views/manage_users.py

@@ -1,5 +1,4 @@
 from itertools import chain
-from collections import OrderedDict
 from flask import (
     request,
     render_template,
@@ -35,14 +34,14 @@ roles = {
 @login_required
 @user_has_permissions('view_activity', admin_override=True)
 def manage_users(service_id):
+    users = user_api_client.get_users_for_service(service_id=service_id)
+    invited_users = [invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)
+                     if invite.status != 'accepted']
     return render_template(
         'views/manage-users.html',
-        users=user_api_client.get_users_for_service(service_id=service_id),
+        users=users,
         current_user=current_user,
-        invited_users=[
-            invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)
-            if invite.status != 'accepted'
-        ]
+        invited_users=invited_users
     )
 
 
@@ -58,8 +57,10 @@ def invite_user(service_id):
         # view_activity is a default role to be added to all users.
         # All users will have at minimum view_activity to allow users to see notifications,
         # templates, team members but no update privileges
-        selected_permissions = [role for role in sorted(roles.keys()) if request.form.get(role) == 'y']
+        selected_permissions = [permissions for role, permissions in roles.items() if request.form.get(role) == 'y']
+        selected_permissions = list(chain.from_iterable(selected_permissions))
         selected_permissions.append('view_activity')
+        selected_permissions.sort()
         permissions = ','.join(selected_permissions)
         invited_user = invite_api_client.create_invite(
             current_user.id,

app/notify_client/user_api_client.py

@@ -99,7 +99,8 @@ class UserApiClient(BaseAPIClient):
 
     def add_user_to_service(self, service_id, user_id, permissions):
         endpoint = '/service/{}/users/{}'.format(service_id, user_id)
-        resp = self.post(endpoint, data={'permissions': permissions})
+        data = [{'permission': x} for x in permissions]
+        resp = self.post(endpoint, data=data)
         return User(resp['data'], max_failed_login_count=self.max_failed_login_count)
 
     def set_user_permissions(self, user_id, service_id, permissions):

tests/app/main/views/test_manage_users.py

@@ -160,11 +160,13 @@ def test_invite_user(
         assert page.h1.string.strip() == 'Team members'
         flash_banner = page.find('div', class_='banner-default-with-tick').string.strip()
         assert flash_banner == 'Invite sent to test@example.gov.uk'
-        excpected_permissions = 'manage_api_keys,manage_service,send_messages,view_activity'
+
+        expected_permissions = 'manage_api_keys,manage_settings,manage_templates,manage_users,send_emails,send_letters,send_texts,view_activity'  # noqa
+
         app.invite_api_client.create_invite.assert_called_once_with(sample_invite['from_user'],
                                                                     sample_invite['service'],
                                                                     email_address,
-                                                                    excpected_permissions)
+                                                                    expected_permissions)
 
 
 def test_cancel_invited_user_cancels_user_invitations(app_,