mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 02:42:26 -05:00
With the addition of has_permissions on the dashboard, jobs, and manage_users pages a platform admin user or a users with no permissions on the service could no longer see the page.
A new permission has been added, view_activity, to resolve this issue. Another pull request in notifications-admin will be required to update all users with a default permission of view_activity.
This commit is contained in:
Rebecca Law
@@ -15,7 +15,7 @@ from app.utils import user_has_permissions
|
||||
|
||||
@main.route("/services/<service_id>/dashboard")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def service_dashboard(service_id):
|
||||
templates = templates_dao.get_service_templates(service_id)['data']
|
||||
jobs = job_api_client.get_job(service_id)['data']
|
||||
|
||||
@@ -6,24 +6,20 @@ from flask import (
|
||||
render_template,
|
||||
abort,
|
||||
jsonify,
|
||||
flash,
|
||||
redirect,
|
||||
request,
|
||||
url_for
|
||||
request
|
||||
)
|
||||
from flask_login import login_required
|
||||
from utils.template import Template
|
||||
|
||||
from app import job_api_client, notification_api_client
|
||||
from app.main import main
|
||||
from app.main.dao import templates_dao
|
||||
from app.main.dao import services_dao
|
||||
from app.main.dao import (services_dao, templates_dao)
|
||||
from app.utils import (get_page_from_request, generate_previous_next_dict, user_has_permissions)
|
||||
|
||||
|
||||
@main.route("/services/<service_id>/jobs")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_jobs(service_id):
|
||||
jobs = job_api_client.get_job(service_id)['data']
|
||||
return render_template(
|
||||
@@ -35,7 +31,7 @@ def view_jobs(service_id):
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_job(service_id, job_id):
|
||||
service = services_dao.get_service_by_id_or_404(service_id)
|
||||
job = job_api_client.get_job(service_id, job_id)['data']
|
||||
@@ -64,7 +60,7 @@ def view_job(service_id, job_id):
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>.json")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity')
|
||||
def view_job_updates(service_id, job_id):
|
||||
service = services_dao.get_service_by_id_or_404(service_id)
|
||||
job = job_api_client.get_job(service_id, job_id)['data']
|
||||
@@ -92,7 +88,7 @@ def view_job_updates(service_id, job_id):
|
||||
|
||||
@main.route('/services/<service_id>/notifications')
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_notifications(service_id):
|
||||
# TODO get the api to return count of pages as well.
|
||||
page = get_page_from_request()
|
||||
@@ -121,7 +117,7 @@ def view_notifications(service_id):
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>/notification/<string:notification_id>")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_notification(service_id, job_id, notification_id):
|
||||
|
||||
now = time.strftime('%H:%M')
|
||||
|
||||
@@ -66,7 +66,11 @@ def get_page_headings(template_type):
|
||||
|
||||
@main.route("/services/<service_id>/send/<template_type>", methods=['GET'])
|
||||
@login_required
|
||||
@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', 'manage_api_keys',
|
||||
@user_has_permissions('view_activity',
|
||||
'send_texts',
|
||||
'send_emails',
|
||||
'manage_templates',
|
||||
'manage_api_keys',
|
||||
admin_override=True, or_=True)
|
||||
def choose_template(service_id, template_type):
|
||||
|
||||
|
||||
Reference in New Issue
Block a user