mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 02:42:26 -05:00
Merge pull request #358 from alphagov/fix-permissions
Add view_activity permissions
This commit is contained in:
Rebecca Law
@@ -10,14 +10,15 @@ from app.notify_client.api_client import ServicesBrowsableItem
|
||||
def choose_service():
|
||||
return render_template(
|
||||
'views/choose-service.html',
|
||||
services=[ServicesBrowsableItem(x) for x in service_api_client.get_services()['data']]
|
||||
services=[ServicesBrowsableItem(x) for x in
|
||||
service_api_client.get_services({'user_id': current_user.id})['data']]
|
||||
)
|
||||
|
||||
|
||||
@main.route("/services-or-dashboard")
|
||||
@login_required
|
||||
def show_all_services_or_dashboard():
|
||||
services = service_api_client.get_services()['data']
|
||||
services = service_api_client.get_services({'user_id': current_user.id})['data']
|
||||
|
||||
if 1 == len(services):
|
||||
return redirect(url_for('.service_dashboard', service_id=services[0]['id']))
|
||||
|
||||
@@ -13,7 +13,7 @@ from app.utils import user_has_permissions
|
||||
|
||||
@main.route("/services/<service_id>/dashboard")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def service_dashboard(service_id):
|
||||
templates = service_api_client.get_service_templates(service_id)['data']
|
||||
jobs = job_api_client.get_job(service_id)['data']
|
||||
|
||||
@@ -6,10 +6,7 @@ from flask import (
|
||||
render_template,
|
||||
abort,
|
||||
jsonify,
|
||||
flash,
|
||||
redirect,
|
||||
request,
|
||||
url_for
|
||||
request
|
||||
)
|
||||
from flask_login import login_required
|
||||
from utils.template import Template
|
||||
@@ -24,7 +21,7 @@ from app.utils import (
|
||||
|
||||
@main.route("/services/<service_id>/jobs")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_jobs(service_id):
|
||||
jobs = job_api_client.get_job(service_id)['data']
|
||||
return render_template(
|
||||
@@ -36,7 +33,7 @@ def view_jobs(service_id):
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_job(service_id, job_id):
|
||||
service = service_api_client.get_service(service_id)['data']
|
||||
job = job_api_client.get_job(service_id, job_id)['data']
|
||||
@@ -65,7 +62,7 @@ def view_job(service_id, job_id):
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>.json")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity')
|
||||
def view_job_updates(service_id, job_id):
|
||||
service = service_api_client.get_service(service_id)['data']
|
||||
job = job_api_client.get_job(service_id, job_id)['data']
|
||||
@@ -93,7 +90,7 @@ def view_job_updates(service_id, job_id):
|
||||
|
||||
@main.route('/services/<service_id>/notifications')
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_notifications(service_id):
|
||||
# TODO get the api to return count of pages as well.
|
||||
page = get_page_from_request()
|
||||
@@ -122,7 +119,7 @@ def view_notifications(service_id):
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>/notification/<string:notification_id>")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_notification(service_id, job_id, notification_id):
|
||||
|
||||
now = time.strftime('%H:%M')
|
||||
|
||||
@@ -27,13 +27,13 @@ from app.utils import user_has_permissions
|
||||
roles = {
|
||||
'send_messages': ['send_texts', 'send_emails', 'send_letters'],
|
||||
'manage_service': ['manage_users', 'manage_templates', 'manage_settings'],
|
||||
'manage_api_keys': ['manage_api_keys', 'access_developer_docs']
|
||||
'manage_api_keys': ['manage_api_keys']
|
||||
}
|
||||
|
||||
|
||||
@main.route("/services/<service_id>/users")
|
||||
@login_required
|
||||
@user_has_permissions()
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def manage_users(service_id):
|
||||
return render_template(
|
||||
'views/manage-users.html',
|
||||
@@ -57,13 +57,15 @@ def invite_user(service_id):
|
||||
|
||||
if form.validate_on_submit():
|
||||
email_address = form.email_address.data
|
||||
# view_activity is a default role to be added to all users.
|
||||
# All users will have at minimum view_activity to allow users to see notifications,
|
||||
# templates, team members but no update privileges
|
||||
permissions = ','.join(role for role in roles.keys() if request.form.get(role) == 'y').join('view_activity')
|
||||
invited_user = invite_api_client.create_invite(
|
||||
current_user.id,
|
||||
service_id,
|
||||
email_address,
|
||||
','.join(
|
||||
role for role in roles.keys() if request.form.get(role) == 'y'
|
||||
)
|
||||
permissions
|
||||
)
|
||||
|
||||
flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')
|
||||
@@ -95,7 +97,7 @@ def edit_user_permissions(service_id, user_id):
|
||||
user_id, service_id,
|
||||
permissions=set(chain.from_iterable(
|
||||
permissions for role, permissions in roles.items() if form[role].data
|
||||
))
|
||||
)) | {'view_activity'}
|
||||
)
|
||||
return redirect(url_for('.manage_users', service_id=service_id))
|
||||
|
||||
|
||||
@@ -64,8 +64,12 @@ def get_page_headings(template_type):
|
||||
|
||||
@main.route("/services/<service_id>/send/<template_type>", methods=['GET'])
|
||||
@login_required
|
||||
@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', 'manage_api_keys',
|
||||
admin_override=True, or_=True)
|
||||
@user_has_permissions('view_activity',
|
||||
'send_texts',
|
||||
'send_emails',
|
||||
'manage_templates',
|
||||
'manage_api_keys',
|
||||
admin_override=True, any_=True)
|
||||
def choose_template(service_id, template_type):
|
||||
|
||||
service = service_api_client.get_service(service_id)['data']
|
||||
@@ -140,7 +144,7 @@ def send_messages(service_id, template_id):
|
||||
|
||||
@main.route("/services/<service_id>/send/<template_id>.csv", methods=['GET'])
|
||||
@login_required
|
||||
@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', or_=True)
|
||||
@user_has_permissions('send_texts', 'send_emails', 'send_letters', 'manage_templates', any_=True)
|
||||
def get_example_csv(service_id, template_id):
|
||||
template = Template(service_api_client.get_service_template(service_id, template_id)['data'])
|
||||
# Good practice to use context managers
|
||||
@@ -203,7 +207,7 @@ def send_message_to_self(service_id, template_id):
|
||||
|
||||
@main.route("/services/<service_id>/send/<template_id>/from-api", methods=['GET'])
|
||||
@login_required
|
||||
@user_has_permissions('manage_api_keys', 'access_developer_docs')
|
||||
@user_has_permissions('manage_api_keys')
|
||||
def send_from_api(service_id, template_id):
|
||||
template = Template(
|
||||
service_api_client.get_service_template(service_id, template_id)['data']
|
||||
|
||||
@@ -82,7 +82,7 @@ class User(UserMixin):
|
||||
def permissions(self, permissions):
|
||||
raise AttributeError("Read only property")
|
||||
|
||||
def has_permissions(self, permissions=[], or_=False, admin_override=False):
|
||||
def has_permissions(self, permissions=[], any_=False, admin_override=False):
|
||||
# Only available to the platform admin user
|
||||
if admin_override and self.platform_admin:
|
||||
return True
|
||||
@@ -95,7 +95,7 @@ class User(UserMixin):
|
||||
# Service id is always set on the request for service specific views.
|
||||
service_id = request.view_args.get('service_id', None)
|
||||
if service_id in self._permissions:
|
||||
if or_:
|
||||
if any_:
|
||||
return any([x in self._permissions[service_id] for x in permissions])
|
||||
return set(self._permissions[service_id]) >= set(permissions)
|
||||
return False
|
||||
|
||||
@@ -2,15 +2,17 @@
|
||||
<h2 class="navigation-service-name">
|
||||
<a href="{{ url_for('.service_dashboard', service_id=service_id) }}">{{ session.get('service_name', 'Service') }}</a>
|
||||
</h2>
|
||||
{% if current_user.has_permissions(['view_activity'], admin_override=True) %}
|
||||
<ul>
|
||||
<li><a href="{{ url_for('.view_notifications', service_id=service_id) }}">View activity</a></li>
|
||||
</ul>
|
||||
{% endif %}
|
||||
{% if current_user.has_permissions(['send_texts', 'send_emails', 'send_letters']) %}
|
||||
<ul>
|
||||
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Send text messages</a></li>
|
||||
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Send emails</a></li>
|
||||
</ul>
|
||||
{% elif current_user.has_permissions(['manage_templates','manage_api_keys'], admin_override=True, or_=True) %}
|
||||
{% elif current_user.has_permissions(['view_activity', 'manage_templates','manage_api_keys'], admin_override=True, any_=True) %}
|
||||
<ul>
|
||||
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Text message templates</a></li>
|
||||
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Email templates</a></li>
|
||||
@@ -21,12 +23,13 @@
|
||||
<li><a href="{{ url_for('.manage_users', service_id=service_id) }}">Manage team</a></li>
|
||||
<li><a href="{{ url_for('.service_settings', service_id=service_id) }}">Manage settings</a></li>
|
||||
</ul>
|
||||
{% else %}
|
||||
{% endif %}
|
||||
{% if current_user.has_permissions(['view_activity']) %}
|
||||
<ul>
|
||||
<li><a href="{{ url_for('.manage_users', service_id=service_id) }}">View team members</a></li>
|
||||
</ul>
|
||||
{% endif %}
|
||||
{% if current_user.has_permissions(['manage_api_keys', 'access_developer_docs']) %}
|
||||
{% if current_user.has_permissions(['manage_api_keys']) %}
|
||||
<ul>
|
||||
<li><a href="{{ url_for('.api_keys', service_id=service_id) }}">Manage API keys</a></li>
|
||||
</ul>
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
|
||||
<h1 class="heading-large">{{ page_heading }}</h1>
|
||||
|
||||
{% if current_user.has_permissions(permissions=['manage_templates'], admin_override=True) %}
|
||||
{% if current_user.has_permissions(permissions=['manage_templates'], any_=True) %}
|
||||
<a href="{{ url_for('.add_service_template', service_id=service_id, template_type=template_type) }}" class="button">Add a new template</a>
|
||||
{% else %}
|
||||
<p>You need to ask your service manager to add templates before you can send messages</p>
|
||||
@@ -34,7 +34,7 @@
|
||||
</div>
|
||||
|
||||
{% if not has_jobs %}
|
||||
{% if current_user.has_permissions(permissions=['send_texts', 'send_emails', 'send_letters'], or_=True) %}
|
||||
{% if current_user.has_permissions(permissions=['send_texts', 'send_emails', 'send_letters'], any_=True) %}
|
||||
{{ banner(
|
||||
"""
|
||||
Send yourself a test
|
||||
@@ -76,7 +76,7 @@
|
||||
<a href="{{ url_for(".send_messages", service_id=service_id, template_id=template.id) }}">Send a batch</a>
|
||||
<a href="{{ url_for(".send_message_to_self", service_id=service_id, template_id=template.id) }}">Send yourself a test</a>
|
||||
{% endif %}
|
||||
{% if current_user.has_permissions(permissions=['manage_api_keys', 'access_developer_docs']) %}
|
||||
{% if current_user.has_permissions(permissions=['manage_api_keys']) %}
|
||||
<a href="{{ url_for(".send_from_api", service_id=service_id, template_id=template.id) }}">API integration</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
@@ -11,7 +11,9 @@
|
||||
{% endif %}
|
||||
|
||||
{% if not jobs %}
|
||||
{% include 'views/dashboard/get-started.html' %}
|
||||
{% if current_user.has_permissions(['manage_templates','send_texts', 'send_emails', 'send_letters']) %}
|
||||
{% include 'views/dashboard/get-started.html' %}
|
||||
{% endif%}
|
||||
{% else %}
|
||||
|
||||
<div
|
||||
|
||||
@@ -41,7 +41,7 @@ Manage users – GOV.UK Notify
|
||||
{% endcall %}
|
||||
{{ boolean_field(item.has_permissions(permissions=['send_texts', 'send_emails', 'send_letters'])) }}
|
||||
{{ boolean_field(item.has_permissions(permissions=['manage_users', 'manage_templates', 'manage_settings'])) }}
|
||||
{{ boolean_field(item.has_permissions(permissions=['manage_api_keys', 'access_developer_docs'])) }}
|
||||
{{ boolean_field(item.has_permissions(permissions=['manage_api_keys'])) }}
|
||||
{% call field(align='right') %}
|
||||
{% if current_user.has_permissions(['manage_users']) %}
|
||||
{% if current_user.id != item.id %}
|
||||
@@ -60,10 +60,12 @@ Manage users – GOV.UK Notify
|
||||
{% endcall %}
|
||||
{{ boolean_field(item.has_permissions(permissions=['send_texts', 'send_emails', 'send_letters'])) }}
|
||||
{{ boolean_field(item.has_permissions(permissions=['manage_users', 'manage_templates', 'manage_settings'])) }}
|
||||
{{ boolean_field(item.has_permissions(permissions=['manage_api_keys', 'access_developer_docs'])) }}
|
||||
{{ boolean_field(item.has_permissions(permissions=['manage_api_keys'])) }}
|
||||
{% if item.status == 'pending' %}
|
||||
{% call field(align='right') %}
|
||||
<a href="{{ url_for('.cancel_invited_user', service_id=service_id, invited_user_id=item.id)}}">Cancel invitation</a>
|
||||
{% if current_user.has_permissions(['manage_users']) %}
|
||||
<a href="{{ url_for('.cancel_invited_user', service_id=service_id, invited_user_id=item.id)}}">Cancel invitation</a>
|
||||
{% endif %}
|
||||
{% endcall %}
|
||||
{% else %}
|
||||
{% call field() %}
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
</ul>
|
||||
|
||||
{% if not template_count and not jobs %}
|
||||
{% if current_user.has_permissions(['manage_templates', 'send_texts', 'send_emails', 'send_letters'], or_=True, admin_override=True) %}
|
||||
{% if current_user.has_permissions(['manage_templates', 'send_texts', 'send_emails', 'send_letters'], any_=True, admin_override=True) %}
|
||||
{% call banner_wrapper(subhead='Get started', type="tip") %}
|
||||
<ol>
|
||||
{% if current_user.has_permissions(['manage_templates'], admin_override=True) %}
|
||||
|
||||
@@ -30,13 +30,13 @@ class BrowsableItem(object):
|
||||
pass
|
||||
|
||||
|
||||
def user_has_permissions(*permissions, admin_override=False, or_=False):
|
||||
def user_has_permissions(*permissions, admin_override=False, any_=False):
|
||||
def wrap(func):
|
||||
@wraps(func)
|
||||
def wrap_func(*args, **kwargs):
|
||||
from flask_login import current_user
|
||||
if current_user and current_user.has_permissions(permissions=permissions,
|
||||
admin_override=admin_override, or_=or_):
|
||||
admin_override=admin_override, any_=any_):
|
||||
return func(*args, **kwargs)
|
||||
else:
|
||||
abort(403)
|
||||
|
||||
Reference in New Issue
Block a user