diff --git a/app/main/views/choose_service.py b/app/main/views/choose_service.py index 4da0740e8..23a3a80ff 100644 --- a/app/main/views/choose_service.py +++ b/app/main/views/choose_service.py @@ -10,14 +10,15 @@ from app.notify_client.api_client import ServicesBrowsableItem def choose_service(): return render_template( 'views/choose-service.html', - services=[ServicesBrowsableItem(x) for x in service_api_client.get_services()['data']] + services=[ServicesBrowsableItem(x) for x in + service_api_client.get_services({'user_id': current_user.id})['data']] ) @main.route("/services-or-dashboard") @login_required def show_all_services_or_dashboard(): - services = service_api_client.get_services()['data'] + services = service_api_client.get_services({'user_id': current_user.id})['data'] if 1 == len(services): return redirect(url_for('.service_dashboard', service_id=services[0]['id'])) diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py index 4af565d2f..4f552731c 100644 --- a/app/main/views/manage_users.py +++ b/app/main/views/manage_users.py @@ -33,7 +33,7 @@ roles = { @main.route("/services//users") @login_required -@user_has_permissions('view_activity') +@user_has_permissions('view_activity', admin_override=True) def manage_users(service_id): return render_template( 'views/manage-users.html', diff --git a/app/main/views/send.py b/app/main/views/send.py index f1271f23c..8c163ff09 100644 --- a/app/main/views/send.py +++ b/app/main/views/send.py @@ -70,7 +70,7 @@ def get_page_headings(template_type): 'send_emails', 'manage_templates', 'manage_api_keys', - admin_override=True, or_=True) + admin_override=True, any_=True) def choose_template(service_id, template_type): service = service_api_client.get_service(service_id)['data'] @@ -145,7 +145,7 @@ def send_messages(service_id, template_id): @main.route("/services//send/.csv", methods=['GET']) @login_required -@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', or_=True) +@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', any_=True) def get_example_csv(service_id, template_id): template = Template(templates_dao.get_service_template_or_404(service_id, template_id)['data']) output = io.StringIO() diff --git a/app/notify_client/models.py b/app/notify_client/models.py index 12664fb1f..4ce76fe94 100644 --- a/app/notify_client/models.py +++ b/app/notify_client/models.py @@ -82,7 +82,7 @@ class User(UserMixin): def permissions(self, permissions): raise AttributeError("Read only property") - def has_permissions(self, permissions=[], or_=False, admin_override=False): + def has_permissions(self, permissions=[], any_=False, admin_override=False): # Only available to the platform admin user if admin_override and self.platform_admin: return True @@ -95,7 +95,7 @@ class User(UserMixin): # Service id is always set on the request for service specific views. service_id = request.view_args.get('service_id', None) if service_id in self._permissions: - if or_: + if any_: return any([x in self._permissions[service_id] for x in permissions]) return set(self._permissions[service_id]) >= set(permissions) return False diff --git a/app/templates/main_nav.html b/app/templates/main_nav.html index a25182536..6f94fb518 100644 --- a/app/templates/main_nav.html +++ b/app/templates/main_nav.html @@ -12,7 +12,7 @@
  • Send text messages
  • Send emails
    • - {% elif current_user.has_permissions(['view_activity', 'manage_templates','manage_api_keys'], admin_override=True, or_=True) %} + {% elif current_user.has_permissions(['view_activity', 'manage_templates','manage_api_keys'], admin_override=True, any_=True) %} {% endif %} - {% if current_user.has_permissions(['view_activity'], admin_override=True) %} + {% if current_user.has_permissions(['view_activity']) %} diff --git a/app/templates/views/choose-template.html b/app/templates/views/choose-template.html index 022fbfe74..1b97ad899 100644 --- a/app/templates/views/choose-template.html +++ b/app/templates/views/choose-template.html @@ -14,7 +14,7 @@

    {{ page_heading }}

    - {% if current_user.has_permissions(permissions=['manage_templates'], admin_override=True, or_=True) %} + {% if current_user.has_permissions(permissions=['manage_templates'], any_=True) %} Add a new template {% else %}

    You need to ask your service manager to add templates before you can send messages

    @@ -34,7 +34,7 @@ {% if not has_jobs %} - {% if current_user.has_permissions(permissions=['send_texts', 'send_emails', 'send_letters'], or_=True) %} + {% if current_user.has_permissions(permissions=['send_texts', 'send_emails', 'send_letters'], any_=True) %} {{ banner( """ Send yourself a test diff --git a/app/templates/views/service_dashboard.html b/app/templates/views/service_dashboard.html index 9b923c66b..de2d7992a 100644 --- a/app/templates/views/service_dashboard.html +++ b/app/templates/views/service_dashboard.html @@ -25,7 +25,7 @@ {% if not template_count and not jobs %} - {% if current_user.has_permissions(['manage_templates', 'send_texts', 'send_emails', 'send_letters'], or_=True, admin_override=True) %} + {% if current_user.has_permissions(['manage_templates', 'send_texts', 'send_emails', 'send_letters'], any_=True, admin_override=True) %} {% call banner_wrapper(subhead='Get started', type="tip") %}
      {% if current_user.has_permissions(['manage_templates'], admin_override=True) %} diff --git a/app/utils.py b/app/utils.py index b8c023744..563bb07ff 100644 --- a/app/utils.py +++ b/app/utils.py @@ -30,13 +30,13 @@ class BrowsableItem(object): pass -def user_has_permissions(*permissions, admin_override=False, or_=False): +def user_has_permissions(*permissions, admin_override=False, any_=False): def wrap(func): @wraps(func) def wrap_func(*args, **kwargs): from flask_login import current_user if current_user and current_user.has_permissions(permissions=permissions, - admin_override=admin_override, or_=or_): + admin_override=admin_override, any_=any_): return func(*args, **kwargs) else: abort(403) diff --git a/tests/app/main/test_permissions.py b/tests/app/main/test_permissions.py index 30a00e336..f168a3a39 100644 --- a/tests/app/main/test_permissions.py +++ b/tests/app/main/test_permissions.py @@ -5,12 +5,12 @@ from werkzeug.exceptions import Forbidden from flask import request -def _test_permissions(app_, usr, permissions, service_id, will_succeed, or_=False, admin_override=False): +def _test_permissions(app_, usr, permissions, service_id, will_succeed, any_=False, admin_override=False): with app_.test_request_context() as ctx: request.view_args.update({'service_id': service_id}) with app_.test_client() as client: client.login(usr) - decorator = user_has_permissions(*permissions, or_=or_, admin_override=admin_override) + decorator = user_has_permissions(*permissions, any_=any_, admin_override=admin_override) decorated_index = decorator(index) if will_succeed: response = decorated_index() @@ -54,7 +54,7 @@ def test_user_has_permissions_or(app_, mocker): ['something', 'manage_users'], '', True, - or_=True) + any_=True) def test_user_has_permissions_multiple(app_, diff --git a/tests/conftest.py b/tests/conftest.py index 21362d05e..762846a9a 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -660,7 +660,7 @@ def mock_get_notifications_with_previous_next(mocker): @pytest.fixture(scope='function') def mock_has_permissions(mocker): - def _has_permission(permissions=None, or_=False, admin_override=False): + def _has_permission(permissions=None, any_=False, admin_override=False): return True return mocker.patch( 'app.notify_client.user_api_client.User.has_permissions',