Invite user form now posts permissions string to api with

data to create invite.
2026-02-05 10:53:28 -05:00 · 2016-02-29 11:03:35 +00:00
parent 827de42d3a
commit 8c10c36f50
6 changed files with 28 additions and 9 deletions
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -56,8 +56,9 @@ def invite_user(service_id):
    form = InviteUserForm()
    if form.validate_on_submit():
        email_address = form.email_address.data
+        permissions = _get_permissions(request.form)
        try:
-            resp = invite_api_client.create_invite(current_user.id, service_id, email_address)
+            resp = invite_api_client.create_invite(current_user.id, service_id, email_address, permissions)
            flash('Invite sent to {}'.format(resp['email_address']), 'default_with_tick')
            return redirect(url_for('.manage_users', service_id=service_id))

@@ -113,3 +114,14 @@ def delete_user(service_id, user_id):
        service=get_service_by_id_or_404(service_id),
        service_id=service_id
    )
+
+
+def _get_permissions(form):
+    permissions = []
+    if form.get('send_messages') and form['send_messages'] == 'yes':
+        permissions.append('send_messages')
+    if form.get('manage_service') and form['manage_service'] == 'yes':
+        permissions.append('manage_service')
+    if form.get('manage_api_keys') and form['manage_api_keys'] == 'yes':
+        permissions.append('manage_api_keys')
+    return ','.join(permissions)
--- a/app/notify_client/invite_api_client.py
+++ b/app/notify_client/invite_api_client.py
@@ -13,11 +13,12 @@ class InviteApiClient(BaseAPIClient):
        self.client_id = app.config['ADMIN_CLIENT_USER_NAME']
        self.secret = app.config['ADMIN_CLIENT_SECRET']

-    def create_invite(self, invite_from_id, service_id, email_address):
+    def create_invite(self, invite_from_id, service_id, email_address, permissions):
        data = {
            'service': str(service_id),
            'email_address': email_address,
-            'from_user': invite_from_id
+            'from_user': invite_from_id,
+            'permissions': permissions
        }
        resp = self.post(url='/service/{}/invite'.format(service_id), data=data)
        return resp['data']
--- a/app/templates/components/yes-no.html
+++ b/app/templates/components/yes-no.html
@@ -5,11 +5,11 @@
    </legend>
    <div class='yes-no-fields inline'>
      <label class='block-label'>
-        <input type='radio' name='{{ name }}' {% if current_value == True %}checked{% endif %} />
+        <input type='radio' name='{{ name }}' value='yes' {% if current_value == True %}checked{% endif %} />
        Yes
      </label>
      <label class='block-label'>
-        <input type='radio' name='{{ name }}' {% if current_value == False %}checked{% endif %} />
+        <input type='radio' name='{{ name }}' value='no' {% if current_value == False %}checked{% endif %} />
        No
      </label>
    </div>
--- a/app/templates/views/invite-user.html
+++ b/app/templates/views/invite-user.html
@@ -28,6 +28,7 @@ Manage users – GOV.UK Notify
        <legend class='heading-small'>
          Permissions
        </legend>
+        <span class="form-hint">All team members can see message history</span>
        {{ yes_no('send_messages', 'Send messages', user.permission_send_messages) }}
        {{ yes_no('manage_service', 'Manage service', user.permission_manage_service) }}
        {{ yes_no('manage_api_keys', 'Manage API keys', user.permission_manage_api_keys) }}
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -83,18 +83,22 @@ def test_invite_user(
    from_user = api_user_active.id
    service_id = service_one['id']
    email_address = 'test@example.gov.uk'
+    permissions = 'send_messages,manage_service,manage_api_keys'

    with app_.test_request_context():
        with app_.test_client() as client:
            client.login(api_user_active)
            response = client.post(
                url_for('main.invite_user', service_id=service_id),
-                data={'email_address': email_address},
+                data={'email_address': email_address,
+                      'send_messages': 'yes',
+                      'manage_service': 'yes',
+                      'manage_api_keys': 'yes'},
                follow_redirects=True
            )

        assert response.status_code == 200
-        mock_create_invite.assert_called_with(from_user, service_id, email_address)
+        mock_create_invite.assert_called_with(from_user, service_id, email_address, permissions)
        mock_get_invites_for_service.assert_called_with(service_id=service_id)
        page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
        assert page.h1.string.strip() == 'Manage team'
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -538,12 +538,13 @@ def mock_s3_upload(mocker):

@pytest.fixture(scope='function')
 def mock_create_invite(mocker):
-    def _create_invite(from_user, service_id, email_address):
+    def _create_invite(from_user, service_id, email_address, permissions):
        data = {'id': uuid.uuid4(),
                'from_user': from_user,
                'service': service_id,
                'email_address': email_address,
-                'status': 'pending'}
+                'status': 'pending',
+                'permissions': permissions}
        return data
    return mocker.patch('app.invite_api_client.create_invite', side_effect=_create_invite)