darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

Permissions added for templates and send_messages pages. All tests passing.

Browse Source 
Fix up page heading.
This commit is contained in:
Nicholas Staples
2016-02-29 17:03:56 +00:00
parent 900f4cd7ff
commit ffe30c3070
11 changed files with 106 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/main/views/send.py
View File

@@ -26,11 +26,17 @@ from app.main.uploader import (
from app.main.dao import templates_dao
from app.main.dao import services_dao
from app import job_api_client
from app.utils import validate_recipient, InvalidPhoneError, InvalidEmailError
from app.utils import (
validate_recipient, InvalidPhoneError, InvalidEmailError, user_has_permissions)
page_headings = {
'email': 'Send emails',
'sms': 'Send text messages'
'manage_service': {
'email': 'Send emails',
'sms': 'Send text messages'},
'manage_templates': {
'email': 'Manage templates',
'sms': 'Manage templates'
}
}
@@ -42,6 +48,8 @@ def letters_stub(service_id):
@main.route("/services/<service_id>/send/<template_type>", methods=['GET'])
@login_required
@user_has_permissions('send_messages', 'manage_templates', or_=True)
def choose_template(service_id, template_type):
service = services_dao.get_service_by_id_or_404(service_id)
@@ -55,6 +63,9 @@ def choose_template(service_id, template_type):
abort(404)
else:
raise e
# TODO fix up how page_heading is loaded.
page_heading = page_headings['manage_service'][template_type] if current_user.has_permissions(session.get('service_id', ''), 'manage_service') else \
page_headings['manage_templates'][template_type]
return render_template(
'views/choose-template.html',
templates=[
@@ -65,7 +76,7 @@ def choose_template(service_id, template_type):
if template['template_type'] == template_type
],
template_type=template_type,
page_heading=page_headings[template_type],
page_heading=page_heading,
service=service,
has_jobs=len(jobs),
service_id=service_id
@@ -74,6 +85,7 @@ def choose_template(service_id, template_type):
@main.route("/services/<service_id>/send/<int:template_id>", methods=['GET', 'POST'])
@login_required
@user_has_permissions('send_messages')
def send_messages(service_id, template_id):
form = CsvUploadForm()
@@ -110,6 +122,7 @@ def send_messages(service_id, template_id):
@main.route("/services/<service_id>/send/<template_id>.csv", methods=['GET'])
@login_required
@user_has_permissions('send_messages', 'manage_templates', or_=True)
def get_example_csv(service_id, template_id):
template = templates_dao.get_service_template_or_404(service_id, template_id)['data']
placeholders = list(Template(template).placeholders)
@@ -127,6 +140,7 @@ def get_example_csv(service_id, template_id):
@main.route("/services/<service_id>/send/<template_id>/to-self", methods=['GET'])
@login_required
@user_has_permissions('send_messages')
def send_message_to_self(service_id, template_id):
template = templates_dao.get_service_template_or_404(service_id, template_id)['data']
placeholders = list(Template(template).placeholders)
@@ -150,6 +164,7 @@ def send_message_to_self(service_id, template_id):
@main.route("/services/<service_id>/check/<upload_id>",
methods=['GET', 'POST'])
@login_required
@user_has_permissions('send_messages')
def check_messages(service_id, upload_id):
upload_data = session['upload_data']

9
app/main/views/service_settings.py
View File

@@ -3,6 +3,7 @@ from flask import (
from flask_login import (login_required, current_user)
from app.main import main
from app.utils import user_has_permissions
from app.main.dao.services_dao import (
get_service_by_id, delete_service, update_service)
from app.main.dao.users_dao import verify_password
@@ -12,6 +13,7 @@ from notifications_python_client.errors import HTTPError
@main.route("/services/<service_id>/service-settings")
@login_required
@user_has_permissions('manage_service')
def service_settings(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -29,6 +31,7 @@ def service_settings(service_id):
@main.route("/services/<service_id>/service-settings/name", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_name_change(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -53,6 +56,7 @@ def service_name_change(service_id):
@main.route("/services/<service_id>/service-settings/name/confirm", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_name_change_confirm(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -82,6 +86,7 @@ def service_name_change_confirm(service_id):
@main.route("/services/<service_id>/service-settings/request-to-go-live", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_request_to_go_live(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -104,6 +109,7 @@ def service_request_to_go_live(service_id):
@main.route("/services/<service_id>/service-settings/status", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_status_change(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -125,6 +131,7 @@ def service_status_change(service_id):
@main.route("/services/<service_id>/service-settings/status/confirm", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_status_change_confirm(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -153,6 +160,7 @@ def service_status_change_confirm(service_id):
@main.route("/services/<service_id>/service-settings/delete", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_delete(service_id):
try:
service = get_service_by_id(service_id)['data']
@@ -174,6 +182,7 @@ def service_delete(service_id):
@main.route("/services/<service_id>/service-settings/delete/confirm", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def service_delete_confirm(service_id):
try:
service = get_service_by_id(service_id)['data']

4
app/main/views/templates.py
View File

@@ -5,6 +5,7 @@ from notifications_python_client.errors import HTTPError
from utils.template import Template
from app.main import main
from app.utils import user_has_permissions
from app.main.forms import SMSTemplateForm, EmailTemplateForm
from app import job_api_client
from app.main.dao.services_dao import get_service_by_id_or_404
@@ -20,6 +21,7 @@ form_objects = {
@main.route("/services/<service_id>/templates/add-<template_type>", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_templates')
def add_service_template(service_id, template_type):
service = sdao.get_service_by_id_or_404(service_id)
@@ -51,6 +53,7 @@ def add_service_template(service_id, template_type):
@main.route("/services/<service_id>/templates/<int:template_id>", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_templates')
def edit_service_template(service_id, template_id):
template = tdao.get_service_template_or_404(service_id, template_id)['data']
template['template_content'] = template['content']
@@ -78,6 +81,7 @@ def edit_service_template(service_id, template_id):
@main.route("/services/<service_id>/templates/<int:template_id>/delete", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_templates')
def delete_service_template(service_id, template_id):
template = tdao.get_service_template_or_404(service_id, template_id)['data']

4
app/notify_client/user_api_client.py
View File

@@ -167,8 +167,10 @@ class User(UserMixin):
def permissions(self, permissions):
raise AttributeError("Read only property")
def has_permissions(self, service_id, permissions):
def has_permissions(self, service_id, permissions, or_=False):
if service_id in self._permissions:
if or_:
return any([x in self._permissions[service_id] for x in permissions])
return set(self._permissions[service_id]) > set(permissions)
return False

6
app/templates/main_nav.html
View File

@@ -8,6 +8,12 @@
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Send emails</a></li>
<li><a href="{{ url_for('.letters_stub', service_id=service_id) }}">Send letters</a></li>
</ul>
{% elif current_user.has_permissions(session.get('service_id', ''), ['manage_templates']) %}
<ul>
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='sms') }}">Text message templates</a></li>
<li><a href="{{ url_for('.choose_template', service_id=service_id, template_type='email') }}">Text email templates</a></li>
<li><a href="{{ url_for('.letters_stub', service_id=service_id) }}">Send letters</a></li>
</ul>
{% endif %}
{% if current_user.has_permissions(session.get('service_id', ''), ['manage_service']) %}
<ul>

8
app/templates/views/choose-template.html
View File

@@ -16,6 +16,7 @@
{% if templates %}
{% if not has_jobs %}
{% if current_user.has_permissions(session.get('service_id', ''), ['manage_service']) %}
{{ banner(
"""
Send yourself a test message
@@ -23,6 +24,7 @@
subhead='Next step',
type="tip"
)}}
{% endif %}
{% endif %}
<div class="grid-row">
{% for template in templates %}
@@ -39,9 +41,13 @@
</div>
<div class="column-one-third">
<div class="sms-message-use-links">
{% if current_user.has_permissions(session.get('service_id', ''), ['manage_service']) %}
<a href="{{ url_for(".send_messages", service_id=service_id, template_id=template.id) }}">Add recipients</a>
<a href="{{ url_for(".send_message_to_self", service_id=service_id, template_id=template.id) }}">Send yourself a test</a>
{% endif %}
{% if current_user.has_permissions(session.get('service_id', ''), ['manage_templates']) %}
<a href="{{ url_for(".edit_service_template", service_id=service_id, template_id=template.id) }}">Edit template</a>
{% endif %}
</div>
</div>
{% endfor %}
@@ -49,7 +55,9 @@
{% endif %}
<p>
{% if current_user.has_permissions(session.get('service_id', ''), ['manage_templates']) %}
<a href="{{ url_for('.add_service_template', service_id=service_id, template_type=template_type) }}" class="button">Add a new template</a>
{% endif %}
</p>
</form>

4
app/utils.py
View File

@@ -94,14 +94,14 @@ def validate_recipient(recipient, template_type):
}[template_type](recipient)
def user_has_permissions(*permissions):
def user_has_permissions(*permissions, or_=False):
def wrap(func):
@wraps(func)
def wrap_func(*args, **kwargs):
# We are making the assumption that the user is logged in.
from flask_login import current_user
service_id = session.get('service_id', '')
if current_user and current_user.has_permissions(service_id, permissions):
if current_user and current_user.has_permissions(service_id, permissions, or_=or_):
return func(*args, **kwargs)
else:
abort(403)

24
tests/app/main/views/test_send.py
View File

@@ -17,7 +17,8 @@ def test_choose_template(
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs
mock_get_jobs,
mock_has_permissions
):
with app_.test_request_context():
with app_.test_client() as client:
@@ -40,7 +41,8 @@ def test_upload_empty_csvfile_returns_to_upload_page(
mock_get_service,
mock_get_service_templates,
mock_check_verify_code,
mock_get_service_template
mock_get_service_template,
mock_has_permissions
):
with app_.test_request_context():
with app_.test_client() as client:
@@ -64,7 +66,8 @@ def test_upload_csvfile_with_invalid_phone_shows_check_page_with_errors(
mock_login,
mock_get_service,
mock_get_service_template,
mock_s3_upload
mock_s3_upload,
mock_has_permissions
):
contents = 'to,name\n+44 123,test1\n+44 456,test2'
@@ -95,7 +98,8 @@ def test_upload_csvfile_removes_empty_lines_and_trailing_commas(
mock_login,
mock_get_service,
mock_get_service_template,
mock_s3_upload
mock_s3_upload,
mock_has_permissions
):
contents = 'to,name,,,\n++44 7700 900981,test1,,,\n+44 7700 900981,test2,,,\n ,,, \n ,,, \t \t \n'
@@ -127,7 +131,8 @@ def test_send_test_message_to_self(
mock_login,
mock_get_service,
mock_get_service_template,
mock_s3_upload
mock_s3_upload,
mock_has_permissions
):
expected_data = {'data': ['to', '+4412341234'], 'file_name': 'Test run'}
@@ -150,7 +155,8 @@ def test_download_example_csv(
api_user_active,
mock_login,
mock_get_service,
mock_get_service_template
mock_get_service_template,
mock_has_permissions
):
with app_.test_request_context():
@@ -172,7 +178,8 @@ def test_upload_csvfile_with_valid_phone_shows_all_numbers(
mock_login,
mock_get_service,
mock_get_service_template,
mock_s3_upload
mock_s3_upload,
mock_has_permissions
):
contents = 'to\n+44 7700 900981\n+44 7700 900982\n+44 7700 900983\n+44 7700 900984\n+44 7700 900985\n+44 7700 900986' # noqa
@@ -211,7 +218,8 @@ def test_create_job_should_call_api(
mock_create_job,
mock_get_job,
mock_get_service,
mock_get_service_template
mock_get_service_template,
mock_has_permissions
):
service_id = service_one['id']

45
tests/app/main/views/test_service_settings.py
View File

@@ -6,7 +6,8 @@ def test_should_show_overview(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -25,7 +26,8 @@ def test_should_show_service_name(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -44,7 +46,8 @@ def test_should_redirect_after_change_service_name(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -64,7 +67,8 @@ def test_should_show_service_name_confirmation(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -85,7 +89,8 @@ def test_should_redirect_after_service_name_confirmation(app_,
mock_get_user,
mock_get_user_by_email,
mock_login,
mock_verify_password):
mock_verify_password,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -110,7 +115,8 @@ def test_should_show_request_to_go_live(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -130,7 +136,8 @@ def test_should_redirect_after_request_to_go_live(app_,
mock_update_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -151,7 +158,8 @@ def test_should_show_status_page(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -170,7 +178,8 @@ def test_should_show_redirect_after_status_change(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -190,7 +199,8 @@ def test_should_show_status_confirmation(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -211,7 +221,8 @@ def test_should_redirect_after_status_confirmation(app_,
mock_get_user,
mock_get_user_by_email,
mock_login,
mock_verify_password):
mock_verify_password,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -232,7 +243,8 @@ def test_should_show_delete_page(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -250,7 +262,8 @@ def test_should_show_redirect_after_deleting_service(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -269,7 +282,8 @@ def test_should_show_delete_confirmation(app_,
mock_get_service,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -289,7 +303,8 @@ def test_should_redirect_delete_confirmation(app_,
mock_get_user,
mock_get_user_by_email,
mock_login,
mock_verify_password):
mock_verify_password,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)

12
tests/app/main/views/test_templates.py
View File

@@ -9,7 +9,8 @@ def test_should_show_page_for_one_templates(app_,
mock_get_service_template,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -33,7 +34,8 @@ def test_should_redirect_when_saving_a_template(app_,
mock_update_service_template,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -65,7 +67,8 @@ def test_should_show_delete_template_page(app_,
mock_get_service_template,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -91,7 +94,8 @@ def test_should_redirect_when_deleting_a_template(app_,
mock_delete_service_template,
mock_get_user,
mock_get_user_by_email,
mock_login):
mock_login,
mock_has_permissions):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)

2
tests/conftest.py
View File

@@ -519,7 +519,7 @@ def mock_get_jobs(mocker):
@pytest.fixture(scope='function')
def mock_has_permissions(mocker):
def _has_permission(service_id, permissions):
def _has_permission(service_id, permissions, or_=False):
return True
return mocker.patch(
'app.notify_client.user_api_client.User.has_permissions',