We’ve seen from research (a long time ago) that the ‘manage service’
permission is too broad, and gives too much control to someone who only
needs the ability to edit templates. In other words, editing content
should be its own, separate permission, rather than being rolled up
into manage service.
Since this is already disaggregated on the API side, making this change
just means changing the mapping on the admin side and adding an extra
checkbox on the invite/edit page. Which is what this commit does.
So for now, an existing user who has the manage service permission gets
both manage service and manage templates (ie no change to what they can
do). Newly invited users will get to choose if they have both, either,
or neither.
This commit makes sure that the right permission choices are shown in
these pages:
- manage team page
- invite a user page
- edit permissions page
This is in order to make changing these pages easier (see subsequent
commits).
This commit makes the existing tests around user permissions less
verbose by using the new `client_request` fixture.
This fixture takes care of:
- setting up a service
- asserting that the response is `200`
It also tests that the page titles, some of which didn’t match with the
`<h1>`s, so this commit also fixes that mismatch.
- This is done using a new endpoint in the api.
- Removed the AddServiceForm in favor or using the ServiceNameForm
- Removed ServiceApiClient.find_all_service_email_from
Turns out the counts were all showing as zero because the generator had
already been consumed by the time we were trying to do the stats. Making
it a list comprehension means it can’t get exhausted.
This was causing a 500 in production.
This commit:
- reverts the code the working state it was before 68a1426e58
- figures out a way to make the tests pass without breaking the actual
app
- confirms that mocking things is hard
I don’t think it adds anything to tell you that a key’s never been used.
The value of the ‘key was used 3 minutes ago’ message is in stopping you
accidentally revoking something you shouldn’t have.
This makes errors on all pages have a `<h1>` element, which is important
for accessibility. It means a bit of rewriting the messages, but I think
they’re better for it.
Currently revoking an API key takes you to a separate page. It should
work the same way as other destructive actions, ie staying on the same
page but with a banner asking you to confirm the action.
Looks like `radio_button.text` no longer works. Probably a BeautifulSoup
change. More robust to look at the text of the label and the value of
the input anyway.
The Notify API client changed in version 4 to take two arguments, not
three (service ID was removed in favour of the combined API key).
This gets a bit gnarly because the API key has to be at least a certain
length so it can be substringed internally.
We have two new pages for live and trial services that:
- are faster loading
- are now linked to
So the list of services doesn’t need to be on the platform admin index
page any more.
We have a lot of services now. Mostly we want to look at what live
services are doing. So loading up the trial mode services every time
slows things – generating, rendering and using the page – right down.
This commit adds two new pages, one to view only live services, and one
to view trial mode services.
When I split up the error messages on the check CSV page into multiple
templates, I also reduced the repetition of wrapping `<div>`s and macro
calls by moving them up outside the conditional blocks (see
8e947f315d).
Unfortunately I didn’t make the same adjustments for the one-off flow,
which meant that errors on these pages lost their styling. This commit
re-adds the styling for these error messages.
This was causing a 500 because of a bug in utils. It only occurred when
there was missing data for a cell in the recipient column. I’ve also
added a test for missing data in a non-recipient column just in case.
Adds a new endpoint that works like view template/view preview of
letter, so that this page works the same way it does for emails/text
messages (ie showing the full content of the message, including
personalisation).
We’re not worrying about redaction in letters for now.
The status won’t ever change from sending for letters. For now at least.
And even when we do come up with more useful statuses I’m not convinced
it’s useful to expose them to our admin users.
A more useful piece of information to show is when we think the letter
will be delivered.