Most of the existing platform admin buttons on the service settings
page used to issue GET requests to switch service settings. This
means they weren't protected by CSRF. On top of that as our number
of service permissions increases over time a lot of buttons on the
page made it hard to work with.
To fix these issues we replace most of the buttons with rows in the
platform admin settings table. Each setting has a 'Change' link that
leads to a page with an On/Off switch form.
This removes "research mode" switch completely since we're planning
to deprecate it in the future and we don't expect to switch any new
services into research mode at the moment.
Most service permissions are now handled by a shared endpoint that
is parameterized with the permission name. Some permissions that
require some additional logic before they can be toggled (like document
upload, which requires setting a contact address) have separate
initial endpoints that redirect to `set_service_permission`.
"Archive", "Suspend" and "Resume" actions are kept as buttons since
they display a confirmation banner (which is a CSRF-protected form)
and they're not easily represented as an On/Off switch.
This adds a new OnOffField class that implements a boolean field
that is rendered as two On / Off radio buttons. This allows us to
avoid comparing 'on' and 'off' string values in the views since
the field takes care of transforming form data into python booleans.
This also adds a form class that can be used for any single On / Off
switch forms (e.g. service permissions).
This adds a preview pane which is visible when updating a letter brand.
If JavaScript is enabled, the preview pane shows on the set-letter-branding
page, and submitting the form saves updates the letter brand for a service
immediately. If Javascript is not enabled, there is a separate 'Preview email
branding' page which shows a preview of the brand and has a 'Save' button on it.
I did the update following instructions from this commit:
https://github.com/alphagov/notifications-admin/
commit/136662bd309d986a9b7c3e0ee76588612c1ab761
Password repositiories I used were:
darkweb2017-top10000.txt
probable-v2-top12000.txt
twitter-banned.txt
a form that allows you to clear entries from the cache for all of
either users, services or templates. It'll tell you the largest amount
of keys deleted, since there are multiple keys associated with each
model.
also set redis url locally to be localhost. redis is disabled by
default so this won't do anything unless you set REDIS_ENABLED=1 as an
environment variable
when clients are defined in app/__init__.py, it increases the chance of
cyclical imports. By moving module level client singletons out to a
separate extensions file, we stop cyclical imports, but keep the same
code flow - the clients are still initialised in `create_app` in
`__init__.py`.
The redis client in particular is no longer separate - previously redis
was set up on the `NotifyAdminAPIClient` base class, but now there's one
singleton in `app.extensions`. This was done so that we can access redis
from outside of the existing clients.
The endpoint was removed, but was still linked to in a couple of
places. Some old links were no longer needed, so have been removed.
We do still need a link to `add_template_by_type` on the 'Choose reply'
page - this page is used to allow to let someone pick a template to
reply to inbound SMS with. Since the link only appears if they have no
SMS templates, we now link to `.choose_template` with the templates and
folders form already opened at the option to add a template.
The template list wasn’t getting the right class applied because the
check was referring to an undefined variable (`can_manage_folders`) that
should have been removed when all other references to it were.
So we can auto-assign their letter logos.
Depending on where people sit in these organisations they my or may not have signed the MOU, so it’s `None` not `True` or `False`.
