From 8b05f2c080bddcd6f440e87273344f1bb81bbc12 Mon Sep 17 00:00:00 2001
From: Pete Herlihy <peter.herlihy@digital.cabinet-office.gov.uk>
Date: Wed, 30 Mar 2016 15:47:00 +0100
Subject: [PATCH 1/3] Tidied up the footer to put the about links in the right
 place

---
 app/templates/admin_template.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/templates/admin_template.html b/app/templates/admin_template.html
index a371476db..ea680fb88 100644
--- a/app/templates/admin_template.html
+++ b/app/templates/admin_template.html
@@ -79,7 +79,11 @@
         </div>
         <div class="column-one-third">
           <h2>About</h2>
-          <a href="{{ url_for("main.help") }}">Help</a>
+          <ul>
+            <li><a href="{{ url_for("main.help") }}">Help</a></li>
+            <li><a href="{{ url_for("main.terms") }}">Terms of use</a></li>
+            <li><a href="{{ url_for("main.cookies") }}">Cookies</a></li>
+          </ul>
         </div>
         <div class="column-one-third">
           <h2>Developers</h2>
@@ -92,8 +96,6 @@
 
 {% block footer_support_links %}
   <nav class="footer-nav">
-    <a href="{{ url_for("main.terms") }}">Terms of use</a>
-    <a href="{{ url_for("main.cookies") }}">Cookies</a>
     Built by the <a href="https://www.gov.uk/government/organisations/government-digital-service">Government Digital Service</a>
   </nav>
 {% endblock %}

From c4b65d6af947f7fd3e8039619b2588abac595dcb Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Wed, 30 Mar 2016 17:39:19 +0100
Subject: [PATCH 2/3] Fix bug with creating the invited user permission list.

---
 app/main/views/manage_users.py            | 4 +++-
 tests/app/main/views/test_manage_users.py | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py
index 4f552731c..156775770 100644
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -60,7 +60,9 @@ def invite_user(service_id):
         # view_activity is a default role to be added to all users.
         # All users will have at minimum view_activity to allow users to see notifications,
         # templates, team members but no update privileges
-        permissions = ','.join(role for role in roles.keys() if request.form.get(role) == 'y').join('view_activity')
+        selected_permissions = [role for role in roles.keys() if request.form.get(role) == 'y']
+        selected_permissions.append('view_activity')
+        permissions = ','.join(selected_permissions)
         invited_user = invite_api_client.create_invite(
             current_user.id,
             service_id,
diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py
index 0e8100882..88d370622 100644
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -161,6 +161,10 @@ def test_invite_user(
         assert page.h1.string.strip() == 'Manage team'
         flash_banner = page.find('div', class_='banner-default-with-tick').string.strip()
         assert flash_banner == 'Invite sent to test@example.gov.uk'
+        app.invite_api_client.create_invite.assert_called_once_with(sample_invite['from_user'],
+                                                                    sample_invite['service'],
+                                                                    email_address,
+                                                                    sample_invite['permissions']+',view_activity')
 
 
 def test_cancel_invited_user_cancels_user_invitations(app_,

From 0c58d73914a5f6a272fc38b7f7d2edfc72a3156e Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Wed, 30 Mar 2016 17:50:32 +0100
Subject: [PATCH 3/3] Sort permissions.

---
 app/main/views/manage_users.py            | 2 +-
 tests/app/main/views/test_manage_users.py | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py
index 156775770..ce95e7011 100644
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -60,7 +60,7 @@ def invite_user(service_id):
         # view_activity is a default role to be added to all users.
         # All users will have at minimum view_activity to allow users to see notifications,
         # templates, team members but no update privileges
-        selected_permissions = [role for role in roles.keys() if request.form.get(role) == 'y']
+        selected_permissions = [role for role in sorted(roles.keys()) if request.form.get(role) == 'y']
         selected_permissions.append('view_activity')
         permissions = ','.join(selected_permissions)
         invited_user = invite_api_client.create_invite(
diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py
index 88d370622..92c4f0686 100644
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -161,10 +161,11 @@ def test_invite_user(
         assert page.h1.string.strip() == 'Manage team'
         flash_banner = page.find('div', class_='banner-default-with-tick').string.strip()
         assert flash_banner == 'Invite sent to test@example.gov.uk'
+        excpected_permissions = 'manage_api_keys,manage_service,send_messages,view_activity'
         app.invite_api_client.create_invite.assert_called_once_with(sample_invite['from_user'],
                                                                     sample_invite['service'],
                                                                     email_address,
-                                                                    sample_invite['permissions']+',view_activity')
+                                                                    excpected_permissions)
 
 
 def test_cancel_invited_user_cancels_user_invitations(app_,