With the addition of has_permissions on the dashboard, jobs, and manage_users pages a platform admin user or a users with no permissions on the service could no longer see the page.

A new permission has been added, view_activity, to resolve this issue.
Another pull request in notifications-admin will be required to update all users with a default permission of view_activity.

app/main/views/dashboard.py

@@ -15,7 +15,7 @@ from app.utils import user_has_permissions
 
 @main.route("/services/<service_id>/dashboard")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def service_dashboard(service_id):
     templates = templates_dao.get_service_templates(service_id)['data']
     jobs = job_api_client.get_job(service_id)['data']

app/main/views/jobs.py

@@ -6,24 +6,20 @@ from flask import (
     render_template,
     abort,
     jsonify,
-    flash,
-    redirect,
-    request,
-    url_for
+    request
 )
 from flask_login import login_required
 from utils.template import Template
 
 from app import job_api_client, notification_api_client
 from app.main import main
-from app.main.dao import templates_dao
-from app.main.dao import services_dao
+from app.main.dao import (services_dao, templates_dao)
 from app.utils import (get_page_from_request, generate_previous_next_dict, user_has_permissions)
 
 
 @main.route("/services/<service_id>/jobs")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_jobs(service_id):
     jobs = job_api_client.get_job(service_id)['data']
     return render_template(
@@ -35,7 +31,7 @@ def view_jobs(service_id):
 
 @main.route("/services/<service_id>/jobs/<job_id>")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_job(service_id, job_id):
     service = services_dao.get_service_by_id_or_404(service_id)
     job = job_api_client.get_job(service_id, job_id)['data']
@@ -64,7 +60,7 @@ def view_job(service_id, job_id):
 
 @main.route("/services/<service_id>/jobs/<job_id>.json")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity')
 def view_job_updates(service_id, job_id):
     service = services_dao.get_service_by_id_or_404(service_id)
     job = job_api_client.get_job(service_id, job_id)['data']
@@ -92,7 +88,7 @@ def view_job_updates(service_id, job_id):
 
 @main.route('/services/<service_id>/notifications')
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_notifications(service_id):
     # TODO get the api to return count of pages as well.
     page = get_page_from_request()
@@ -121,7 +117,7 @@ def view_notifications(service_id):
 
 @main.route("/services/<service_id>/jobs/<job_id>/notification/<string:notification_id>")
 @login_required
-@user_has_permissions()
+@user_has_permissions('view_activity', admin_override=True)
 def view_notification(service_id, job_id, notification_id):
 
     now = time.strftime('%H:%M')

app/main/views/send.py

@@ -66,7 +66,11 @@ def get_page_headings(template_type):
 
 @main.route("/services/<service_id>/send/<template_type>", methods=['GET'])
 @login_required
-@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', 'manage_api_keys',
+@user_has_permissions('view_activity',
+                      'send_texts',
+                      'send_emails',
+                      'manage_templates',
+                      'manage_api_keys',
                       admin_override=True, or_=True)
 def choose_template(service_id, template_type):
 

app/templates/main_nav.html

@@ -2,15 +2,17 @@
   <h2 class="navigation-service-name">
     <a href="{{ url_for('.service_dashboard', service_id=service_id) }}">{{ session.get('service_name', 'Service') }}</a>
   </h2>
+  {% if current_user.has_permissions(['view_activity'], admin_override=True) %}
   <ul>
     <li><a href="{{ url_for('.view_notifications', service_id=service_id) }}">View activity</a></li>
   </ul>
+  {% endif %}
   {% if current_user.has_permissions(['send_texts', 'send_emails', 'send_letters']) %}
   <ul>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Send text messages</a></li>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Send emails</a></li>
   </ul>
-  {% elif current_user.has_permissions(['manage_templates','manage_api_keys'], admin_override=True, or_=True) %}
+  {% elif current_user.has_permissions(['view_activity', 'manage_templates','manage_api_keys'], admin_override=True, or_=True) %}
   <ul>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Text message templates</a></li>
     <li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Email templates</a></li>
@@ -21,7 +23,8 @@
     <li><a href="{{ url_for('.manage_users', service_id=service_id) }}">Manage team</a></li>
     <li><a href="{{ url_for('.service_settings', service_id=service_id) }}">Manage settings</a></li>
   </ul>
-  {% else %}
+  {% endif %}
+  {% if current_user.has_permissions(['view_activity'], admin_override=True) %}
   <ul>
     <li><a href="{{ url_for('.manage_users', service_id=service_id) }}">View team members</a></li>
   </ul>

app/templates/views/manage-users.html

@@ -63,7 +63,9 @@ Manage users – GOV.UK Notify
       {{ boolean_field(item.has_permissions(permissions=['manage_api_keys', 'access_developer_docs'])) }}
       {% if item.status == 'pending' %}
         {% call field(align='right') %}
-          <a href="{{ url_for('.cancel_invited_user', service_id=service_id, invited_user_id=item.id)}}">Cancel invitation</a>
+          {% if current_user.has_permissions(['manage_users']) %}
+            <a href="{{ url_for('.cancel_invited_user', service_id=service_id, invited_user_id=item.id)}}">Cancel invitation</a>
+          {% endif %}
         {% endcall %}
       {% else %}
         {% call field() %}