Commit Graph

2281 Commits

Author SHA1 Message Date
Rebecca Law
3fc072af09 Merge pull request #3037 from alphagov/fix-org-invite
Fix a bug with inviting existing users to an organisation.
2019-06-28 11:06:52 +01:00
Chris Hill-Scott
6026ce3f8d Refactor model to put add_to… methods on user
An invited user can’t be added to an organisation or service, only a
real user can. So the methods to do this should be on the user model,
and take the details of the invite as arguments.
2019-06-27 15:48:29 +01:00
Rebecca Law
d344bc7006 Fix a bug with inviting existing users to an organisation.
The method to add the user to the organisation was missing the user id. This PR fixes that.
2019-06-27 15:34:23 +01:00
Chris Hill-Scott
305920733a Merge pull request #3019 from alphagov/sign-online
Allow online acceptance of the contract/memorandum of understanding
2019-06-27 15:26:41 +01:00
Rebecca Law
21c23c276f Fix a bug were the user_has_permission.
This is an immediate fix to add the permission checks to the callback page.
However, we have a plan to add a unit test to check for permission introspectively for all routes that have service_id.
2019-06-27 12:20:58 +01:00
Katie Smith
a9ff4b1d48 Bump utils to add alt text to email branding
Utils 33.0.0 adds alt text to email branding - the HTMLEmailTemplate now
initializes slightly differently as a result (with both `branding_name`
and `branding_text`).
2019-06-25 16:56:45 +01:00
Chris Hill-Scott
afedf431e0 Link to all services from organisation
Because a member of the organisation can now see some pages for any live
service they should be able to click into each one.
2019-06-20 15:38:02 +01:00
Chris Hill-Scott
3968d5b766 Allow org team members to see team and usage
Organisation team members will be ultimately interested in the detailed
usage of each service, but shouldn't necessarily have access to the
personal data of that services users.

So we should allow these organisation team members to navigate to live
services usage page from the organisation page. They may need to contact
the team so they should also be able to view the team members page.

So they'll then see just usage and team members pages.

If they are actually a team member of the service they're viewing, then
they'll see the full range of options as usual.

This commit implement the above by adding an extra flag to the
`user.has_permissions` decorator which allows certain pages to be marked
as viewable by an organisation user. The default (for all other existing
pages) is that organisation users don’t have permission.
2019-06-20 15:37:52 +01:00
Chris Hill-Scott
0728d9b4fb Add validation for agreement accepted on behalf of
If the user has selected that they are accepting the agreement on behalf
of someone else then we need to make the they provide that person’s
details.

If they’ve selected that they are accepting the agreement themselves
then we have to ignore what they might have put in the ‘on behalf of
boxes’ (for example if they filled them out but then changed their
mind).
2019-06-19 13:19:50 +01:00
Chris Hill-Scott
eb3f9aad2a Add pages to let users accept the agreement online
At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.
2019-06-19 13:14:02 +01:00
Chris Hill-Scott
913095fe60 Wrap a model around list of all organisations 2019-06-17 16:00:59 +01:00
Chris Hill-Scott
cf3e9302a0 Merge pull request #3015 from alphagov/optional-platform-admin
add option to suppress platform admin temporarily
2019-06-17 10:00:45 +01:00
Chris Hill-Scott
082349e68e Merge pull request #3014 from alphagov/cache-organisations
Cache organisations, not just domains in Redis
2019-06-14 16:55:53 +01:00
Chris Hill-Scott
08fe6865bd Merge pull request #2944 from alphagov/allow-replace-revoked-key
Allow replacing a revoked key
2019-06-14 16:55:45 +01:00
Leo Hemsted
c724f84c23 change wording of platform admin toggle to positive rather than negative
CHS Approved Wording 👍

also rename suppress_platform_admin -> disable_platform_admin_view in
the backend, as suppress is a kinda weird word.
2019-06-14 15:13:56 +01:00
Leo Hemsted
7b02cb72c6 add option to suppress platform admin temporarily
so that platform admins (us) can view pages as regular users do easily.
Simply adds a flag in the session cookie that overrides the actual
platform admin flag on the user model if set. This way it's safe, since
this only downgrades existing functionality, so if someone managed to
alter it they could only get less permissions, not more.

You can change this value from the user profile page if either:

* you're a platform admin
* the flag is set (to any value) on the cookie.

This slightly weird check means that we don't check the underlying
`user._platform_admin` flag anywhere in the code, even when toggling
the suppression.
2019-06-14 11:59:12 +01:00
Chris Hill-Scott
8f9ade7a8b Cache organisations, not just domains in Redis
This should make the ‘All organisations’ page load a lil’ bit quicker.
Still worth caching the domains separately so the response is smaller
when we only care about domains. This is because the code that uses the
domains is part of the sign up flow, so it’s really important that it’s
snappy.
2019-06-14 11:20:19 +01:00
Chris Hill-Scott
e31570e93d Refactor to use .belongs_to methods
The view code shouldn’t need to know the internals of a service’s data
structure; the idea of having a service model is to abstract this kind
of thing.
2019-06-13 13:47:28 +01:00
Chris Hill-Scott
1b395c04f3 Go straight into org if no trial mode services
You might still belong to some services, but because they’re live
they’re all in your organisation.
2019-06-13 13:47:28 +01:00
Chris Hill-Scott
71dc650db6 Make user model return a service model, not JSON
This makes it:
- nicer, by having access to sensibly named things like
  `Service.trial_mode` instead of `service['restricted']`.
- less likely to write Jinja code like `service.trail_mode`, which would
  fail silently if `service` was a dictionary
2019-06-13 13:47:28 +01:00
Chris Hill-Scott
062f42b769 Rename all_services property on user
For consistency with `.organisations`/`.organisation_ids`.

`.services` returns a list of semi-rich dictionaries for each service.

`.service_ids` returns service IDs only.
2019-06-13 13:47:28 +01:00
Chris Hill-Scott
f774a10e3a Only show live services without an organisation
In reality we shouldn’t have any live services that don’t have an
organisation. But we probably do locally, in preview, etc., and we
shouldn’t lose a way of accessing them.
2019-06-13 13:47:27 +01:00
Chris Hill-Scott
63ba3a6f30 Put organisations on the user model
As in other places, putting a model layer between the view and the API
client makes the code cleaner and clearer.
2019-06-13 13:42:11 +01:00
Chris Hill-Scott
88e36d6841 Move some methods from the API client to the model
They make more sense being on the model, and it doesn’t make any sense
to duplicate them.
2019-06-13 13:42:10 +01:00
Chris Hill-Scott
c6b21ab022 Hide back link when you’ve just sent a message
Changed this yesterday. Changing it again now because I think it’s
confusing.

There’s really no going ‘back’ once you’ve sent a message – you can’t
undo it. If you want to get back to the template you used, well, that
link is in the page.

This commit changes the back link logic so it only appears when you’ve
navigated to a notification, not when you’ve just sent it.
2019-06-07 16:16:13 +01:00
Chris Hill-Scott
6130004b0c Fix inviting existing users
The API needs the id of the user, not the id of the invite.

The problem with the tests is that the update mock returned a different
user ID than the user it was being passed. So the tests didn’t catch
this.
2019-06-06 17:24:48 +01:00
Chris Hill-Scott
f2303ff20a Merge pull request #3005 from alphagov/fix-back-links-tour
Fix back links in tour
2019-06-06 16:43:02 +01:00
Chris Hill-Scott
8034d7ecc2 Merge pull request #3006 from alphagov/fix-placeholder-collection-order-send-test
Fix order of steps in send/send test journeys
2019-06-06 16:42:42 +01:00
Chris Hill-Scott
7cc8fcfb2d Fix order of steps in send/send test journeys
This fixes the bug where if you have three placeholders:
> ((one)) ((two)) ((three))

The first one you are asked to fill in is `((three))` (ie
`template.placeholders[-1]`).

This reintroduces a bug where if you use the ‘Use my phone number’ link
you skip straight to filling in `((two))` and can never proceed because
you’re never given the chance to fill in `((one))`. This commit also
fixes that bug.
2019-06-06 12:24:02 +01:00
Chris Hill-Scott
48eb698713 Fix back link on ‘sent’ page in tour
If the user wants to go back from here they need to be sent back to the
start of entering the placeholders, because we won’t have their previous
personalisation in the session still

I think the back link on this page was introduced by accident. But it’s
good to still have it on this page, because it keeps consistency with
the previous pages.
2019-06-06 12:00:23 +01:00
Chris Hill-Scott
62fb71966b Add back links to all steps of tour 2019-06-06 11:31:50 +01:00
Katie Smith
f57f8641ad Add an event if a user is archived
This adds a new type of event, 'archive_user', which stores the id of
the archived user and the id of the user who is doing the archiving.
2019-06-06 09:56:16 +01:00
Katie Smith
00bb7a0ea0 Add page to archive user
Users can only be archived by Platform Admin from the user page
(/users/<user_id>). This removes them from all services and orgs and
updates their details.
2019-06-06 09:56:16 +01:00
Chris Hill-Scott
7b3d522070 Merge pull request #2991 from alphagov/user-api-client-return-json
Make user API client return JSON, not a model
2019-06-06 09:51:52 +01:00
Chris Hill-Scott
0c2aa0824b Merge pull request #2995 from alphagov/new-email-reply-to
Update email_reply_to.html
2019-06-05 16:53:58 +01:00
Chris Hill-Scott
944a7d302c Fix logic for showing and hiding checkbox
The ‘make this default’ checkbox should be shown, except when:
- the user is adding their first email reply to address (because the
  first one has to be the default)
- they’re editing the existing default (because they can’t change it
  to be not default)
2019-06-05 16:41:06 +01:00
Pea (Malgorzata Tyczynska)
ecfd20b9cf Merge pull request #3002 from alphagov/email_as_placeholder_test_flow
Recipient email/number works as placeholder in test send one off journey
2019-06-05 15:44:17 +01:00
Leo Hemsted
9922752640 Merge pull request #2996 from alphagov/free-sms-fragment-report
Show free sms fragments in live services billing report
2019-06-05 14:46:49 +01:00
Chris Hill-Scott
bd9acb1310 Make invited user model inherit from JSONModel
This is more consistent, and less fiddly that always having to call it
with a dictionary expansion.
2019-06-05 14:39:02 +01:00
Chris Hill-Scott
628e344b36 Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
                         API (returns JSON)
                                  ⬇
          API client (returns a built in type, usually `dict`)
                                  ⬇
          Model (returns an instance, eg of type `Service`)
                                  ⬇
                         View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:

```
                         API (returns JSON)
                                  ⬇
    API client (returns a model, of type `User`, `InvitedUser`, etc)
                                  ⬇
                         View (returns HTML)
```

This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.

It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.

For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-06-05 11:13:41 +01:00
Pea Tyczynska
f34b2ea038 Recipient email/number works as placeholder in test send one off jourrney 2019-06-04 16:12:09 +01:00
Chris Hill-Scott
77469e0710 Add left-hand navigation to pricing pages
So that you don’t have to use the footer navigation to switch between
these related pages. Matches the template we use for organising
features-related content.
2019-06-04 13:49:31 +01:00
Chris Hill-Scott
22299ea97d Add ‘How to pay’ page
Content from https://docs.google.com/document/d/1uIFW8c7Vk0-FQ-d8H1FmNZLHKn_tOXWg5oUL8bbcZzw/edit?ts=5ced1ae4#
2019-06-04 13:49:16 +01:00
Chris Hill-Scott
20c4719d07 Move pricing template into own folder
So we can keep thing organised when adding more pricing-related content.
2019-06-04 13:04:24 +01:00
Chris Hill-Scott
bbbda5f968 Merge pull request #2994 from alphagov/let-trial-mode-services-be-archived
Let users archive their own trial mode services
2019-06-04 13:03:41 +01:00
Chris Hill-Scott
954f43ae48 Let users archive their own trial mode services
At the moment we have a blanket rule that users can’t archive their own
services, to prevent someone accidentally deleting a real live service,
because that would be Very Bad.

But the tickets we get from users asking us to delete services are for
services they set up when they were just trying out Notify. There’s not
much harm in letting users delete these services, the consequences of
doing so are much lower than those of deleting a live service. And it
should mean fewer support tickets for us to deal with.
2019-06-04 09:45:51 +01:00
Chris Hill-Scott
3b22216a68 Remove redundant decorators
`@user_has_permissions` is overridden by @user_is_platform_admin – it
doesn’t make sense to have them used together.
2019-06-03 14:12:12 +01:00
Chris Hill-Scott
647daa6ca4 Make organisation settings platform admin only
At the moment the only setting that a normal organisation team member
can change is the name of the organisation is its name. And we don’t
even want them to be able to change this. So this commit hides the
settings page entirely for non-platform-admin users.
2019-06-03 14:12:11 +01:00
Leo Hemsted
fb0279b820 return free sms allowance in live services csv report 2019-05-31 12:24:18 +01:00
Leo Hemsted
c559ff8c97 refactored live_services_csv
with the aim of making the link between api return values and csv
column headers more apparent
2019-05-31 12:13:34 +01:00