Commit Graph

2730 Commits

Author SHA1 Message Date
Tom Byers
6ae9d15141 Add analytics error tracking to checkbox fields
The existing macros added data attributes to any
error message displayed which communicated the
error to Google Analytics (if the user had given
consent).

This re-implements that functionality.
2020-07-14 10:41:09 +01:00
Tom Byers
2ad0d5f18c Convert checkboxes for broadcast areas
Includes removal of MultiCheckboxField due to it
no longer being used elsewhere in this file.
2020-07-14 10:41:09 +01:00
Tom Byers
d1ae3b812a Update all single field checkboxes
Includes adding some code to govukCheckboxesField
to add a single boolean-like option by default, if
there are no choices added.
2020-07-14 10:41:09 +01:00
Tom Byers
2cdea66c88 Update templates page
Includes:
- changes to the govukCheckboxesField class
  to allow params to be extended at render time
- updates to templates and folders CSS
2020-07-14 10:41:09 +01:00
Tom Byers
91ce7b32e0 Update manage folder page 2020-07-14 10:41:09 +01:00
Tom Byers
b8aa85e9bb Update permissions page 2020-07-14 10:41:09 +01:00
Tom Byers
a43ab9d0eb Split common checkbox methods off into mixin 2020-07-14 10:41:09 +01:00
Tom Byers
5185f8bae6 Add govukCheckboxField for single checkboxes
Single checkboxes are distinct because:
- they don't need to be wrapped in a `<fieldset>`
- they are a subclass of BooleanField so their
  data is either True or False
2020-07-14 10:41:09 +01:00
Tom Byers
c10969084f Fix nested checkboxes with single top-level node
Nested checkboxes with a single top-level node
will only have one item in their `items` list.
This is because the other choices are children of
that list item.

This means we need to check the `choices`
attribute, which lists all the checkboxes, to see
if they should be marked as a group (by being
wrapped in a `<fieldset>`) or not.
2020-07-14 10:41:09 +01:00
Tom Byers
e0cd3c5efb Add govukCollapsibleNestedCheckboxesField
Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.
2020-07-14 10:41:09 +01:00
Tom Byers
e6e81ec2fe Add mixin & field to make collapsible checkboxes
Allows checkboxes to be collapsed so they take up
less space in the page. The collapsed state
includes a live summary tracking which of them are
selected.

Includes changes to the JS for collapsible
checkboxes to make it work with the GOVUK
Checkboxes component HTML.
2020-07-14 10:41:09 +01:00
Tom Byers
6f4d117e1d Add govukCheckboxesField
govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6
2020-07-14 10:41:09 +01:00
Chris Hill-Scott
b57bbd4642 Fix back link 2020-07-10 09:57:06 +01:00
Chris Hill-Scott
44e177b402 Allow broadcasts to be cancelled
Currently this is a `get` request from the dashboard. Once we have a page
for viewing an individual broadcast it should probably show there
instead and be a `get`/confirm/`post` loop like for deleting a template.
2020-07-10 09:57:06 +01:00
Chris Hill-Scott
6b822f9fde Add broadcasts to the dashboard
Shows current and previous broadcasts. Does not add a page for viewing
an individual broadcast.

Broadcasts are split into live and previous.

Draft broadcasts are excluded from the dashboard.
2020-07-09 16:32:15 +01:00
Chris Hill-Scott
effe24893e Make the broadcast flow talk to the API
This commit removes the code the puts areas into the session and instead
creates and then updates a draft broadcast in the database.

This is so we can avoid session-related bugs, and potentially having a
large session when we start adding personalisation etc.

Once a broadcast is ready to go it is set to `broadcasting` straight
away with no approval. We’ll revisit this as we learn more about how
users might want to manage who can create and approve broadcasts.

The tests are a bit light in terms of checking what’s on the page, but
clicking through the pages is probably good enough for now.
2020-07-09 14:31:12 +01:00
Chris Hill-Scott
846fcbb8dd Add a rendered template to the preview page 2020-07-08 17:31:51 +01:00
Chris Hill-Scott
5c52d3c362 Redirect from normal dashboard to broadcast dashboard
There are lots of places where we redirect people to the dashboard, for
example after logging in. Rather than add logic to all these places to
check for the broadcast permission, let’s just redirect from the normal
dashboard to the broadcast dashboard.

Other places like the main navigation can still link directly to the
broadcast dashboard, where we do care about speed and not going through
multiple redirect jumps.
2020-07-08 14:18:13 +01:00
Chris Hill-Scott
6ec9a25dd1 Add a dashboard for broadcast services
This is just a placeholder for now
2020-07-08 14:18:13 +01:00
Chris Hill-Scott
773f0b9ce7 Add search form
There can be lots of areas in a library, for example local councils. So
when there is, let’s allow people to do the find-as-you-type thing we
support in lots of other places.
2020-07-08 10:28:14 +01:00
Chris Hill-Scott
29ad5cf510 Add a form for choosing areas
Picking multiple areas at once definitely feels like a need, so let’s
make them checkboxes.
2020-07-08 10:28:04 +01:00
Chris Hill-Scott
18d464d4f0 Add some views for selecting broadcast areas
These are just so we have some pages to click through for now. They
don’t use real templates, or any of the broadcast stuff from the
database.

But I think it’s useful to get some skeleton pages in first so that we
can see the map etc working in production, then build on that, without
having to do it all in one mega PR.

For that reason there are two short term things I’ve done in this commit
which should be revisited soon:
- no tests for the endpoints
- data about which areas are selected is stored in the session
2020-07-08 10:27:42 +01:00
Chris Hill-Scott
98eb3c61f6 Merge pull request #3498 from alphagov/add-broadcast-template
Allow adding broadcast templates
2020-07-06 09:06:16 +01:00
Chris Hill-Scott
e832d18002 Make error message specific to template type 2020-07-03 15:46:00 +01:00
Chris Hill-Scott
dd2b737d24 Use service_has_permission decorator on inbox
This proves that the decorator works, because the inbox code is already
tested:
bad1e69cc3/tests/app/main/views/test_dashboard.py (L353-L367)
2020-07-03 10:12:55 +01:00
Chris Hill-Scott
154d4bdb85 Allow adding broadcast templates
At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.
2020-07-01 17:17:46 +01:00
Tom Byers
4eea8bfe57 Add variant page for service-settings/name
Includes correction of class used for bulleted
list.
2020-07-01 14:57:45 +01:00
Pea Tyczynska
b3bc3a6447 Write test for separate page for service name change for local orgs
Also make a bullet list gov uk style
2020-07-01 14:57:45 +01:00
Pea Tyczynska
d0dd6218f7 Show different page for local org users when adding new service 2020-07-01 14:57:44 +01:00
Leo Hemsted
8b3aa43101 add broadcast service permission 2020-06-30 13:06:26 +01:00
Chris Hill-Scott
c98d21da12 Merge pull request #3491 from alphagov/platform-admin-services-layout
Platform admin services layout
2020-06-29 16:22:16 +01:00
Chris Hill-Scott
fb4076dc5b Don’t break statistics down by sending/failed/delivered
This should:
- make the page load faster because it has to render less HTML for each
  service
- make the page easier to scan for services that are sending lots of
  text messages or letters

We used to scan this page to look for services with high failure rates,
and the design of the page was gear towards this. Now we have alerting
for high failure rates, so the page can focus on volumes instead.

This commit also puts the service name above the statistics, so that
long service names don’t break the layout of the page.
2020-06-24 11:45:32 +01:00
Chris Hill-Scott
45697aac43 Stop expecting letter contact block in service JSON
We’re removing it for performance reasons.

This means removing the old pages that edited the letter contact block
when it was stored directly on the service, rather than the current
model where a service can have multiple contact blocks.
2020-06-23 08:13:52 +01:00
Chris Hill-Scott
972ba9e3da Remove term ‘blacklist’ from codebase
‘Commonly used passwords’ is more specific, and avoids the terminology
‘blacklist’ which the National Cyber Security Centre explain to be
problematic:

> It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use.
>
> However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will
> avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps.

– https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
2020-06-16 18:07:47 +01:00
Chris Hill-Scott
8bc5fa5bb0 Rename URL to remove term ‘whitelist’
See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.
2020-06-12 10:27:55 +01:00
Chris Hill-Scott
e721c73119 Rename Jinja template to remove term ‘whitelist’
See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.
2020-06-12 10:27:30 +01:00
Chris Hill-Scott
16cc640822 Rename API client methods to remove term ‘whitelist’
See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.
2020-06-12 10:27:18 +01:00
Chris Hill-Scott
23f9728108 Rename endpoint to remove term ‘whitelist’
See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.
2020-06-12 10:26:59 +01:00
Chris Hill-Scott
bf6bd8ad0f Rename form objects to remove the term ‘whitelist’
See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.
2020-06-12 10:25:44 +01:00
Chris Hill-Scott
c31264d4c9 Rename ‘whitelist’ to ‘guest list’ in UI
This commit changes all the places where a user would see the term
‘whitelist’ in the content of page to say guestlist instead.

We’re removing the term ‘whitelist’ for two reasons. The first reason
is that we agree with the National Cyber Security Centre say:

> It's fairly common to say whitelisting and blacklisting to describe
> desirable and undesirable things in cyber security. For instance, when
> talking about which applications you will allow or deny on your
> corporate network; or deciding which bad passwords you want your users
> not to be able to use.

> However, there's an issue with the terminology. It only makes sense if
> you equate white with 'good, permitted, safe' and black with 'bad,
> dangerous, forbidden'. There are some obvious problems with this. So
> in the name of helping to stamp out racism in cyber security, we will
> avoid this casually pejorative wording on our website in the future.
> No, it's not the biggest issue in the world - but to borrow a slogan
> from elsewhere: every little helps.

– https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white

The second reason is that we’ve observed some users think that they have
to put recipients in the whitelist even when they’re already with in the
team. We think that the term ‘whitelist’ might be reinforcing this
mental model because of how ‘whitelists’ might work in other
applications.

We considered the following alternatives or concepts:
- Development
- Recipients
- Sandbox
- Extended team
- Smoke test recipients
- Allowed
- Nominated
- Bonus
- Additional
- Safe
- Team list
- Trusted contacts
- Designated people
- Guest list
- Team key list

We also considered not giving it a name, and explaining it as a nuance
of how the team key works. After mocking this up it felt more disjoined.
We think it’s still useful for the thing to have a name so that it’s
easy to refer to between the docs and the UI.

We like the term ‘guest list’ because:
- of how it sits with team members – members and guests in the abstract
- a guest list is a concept that a lot of people will be familiar with
  – a list of people who can access a thing
- ‘guest’ is very different to ‘recipient’ – we want to mitigate any
  confusion between this and the (emergency) contact lists
2020-06-12 09:56:31 +01:00
Chris Hill-Scott
84f67bf1dd Don’t allow unstyled links
They should always be styled with the `govuk-link` class from GOV.UK
Frontend, or another custom class.
2020-05-29 17:25:11 +01:00
Chris Hill-Scott
c142a8056a Merge pull request #3462 from alphagov/meta-tag-instead-of-robots
Hide pages from search engines using a meta tag instead of robots.txt
2020-05-27 16:02:04 +01:00
Chris Hill-Scott
e430455822 Merge pull request #3458 from alphagov/bump-utils-letter-timings
Bump utils to 39.4.2
2020-05-27 15:42:21 +01:00
Leo Hemsted
026d4af2ec Merge pull request #3457 from alphagov/redirect-preview-to-notifications
Redirect preview to notifications if the notification already exists in the db
2020-05-27 15:00:33 +01:00
Pea M. Tyczynska
33d749ab4c Merge pull request #3460 from alphagov/handle-session-expiring-name-change
Handle session expiring during service name change
2020-05-27 12:27:36 +01:00
Pea Tyczynska
f997cc2801 Improve the error message following content review.
'Session expired' or similar makes it sound like a new error.
It could confuse the user and make them think the sign in didn't work
and that their session has expired again.

So we went with:
The change you made was not saved. Please try again.
2020-05-27 11:21:06 +01:00
Pea Tyczynska
8f8c250124 Handle session expiring during service name change 2020-05-27 11:21:06 +01:00
Chris Hill-Scott
f12f0fae87 Remove robots.txt
Google’s documentation says:

> robots.txt is not a mechanism for keeping a web page out of Google. To
> keep a web page out of Google, you should use noindex directives

We’ve implemented a noindex directive now, so we don’t need to serve
robots.txt any more.
2020-05-27 10:20:07 +01:00
Chris Hill-Scott
f902205ef3 Remove email features page from search engines
Reimplements https://github.com/alphagov/notifications-aws/pull/796

Since deploying alphagov/notifications-utils#736 I’ve been looking at
how members of the public are ending up on our support page. The vast
majority are landing on https://www.notifications.service.gov.uk/features/email

Previously we thought that they were clicking the ‘contact us’ link in
the page, which deep linked into the support journey, so we removed
these deep links in alphagov/notifications-admin#3451

But the tickets are still coming in, so I think that people are still
landing on this page, then going directly to ‘support’ in the top
navigation. So the next measure we have available is to try to stop
people from landing on this page in the first place. All the examples
I’ve looked at show people coming from Google to this page. By putting
the page’s URL in our robots.txt it should stop Google (and other search
engines) listing it in search results.
2020-05-27 10:19:58 +01:00
David McDonald
979eab92c7 Merge pull request #3459 from alphagov/delete-cache-on-archive
Delete cached users and templates when archiving a service
2020-05-27 10:19:48 +01:00