Commit Graph

109 Commits

Author SHA1 Message Date
Tom Byers
beeb273d6c Fix python tests broken by cookie banner 2020-01-03 17:28:33 +00:00
Katie Smith
e4134072d9 Reduce the errors related to user fixtures
We were using user fixtures in a lot of parameterized tests, but this is
no longer allowed in Pytest 5. To avoid having to split up the parametrized
tests (which would make the test files a lot longer and slightly more
difficult to read) this commit creates functions which return various types
of user json so that we can use these as the test parameters instead.
2019-12-19 16:59:07 +00:00
Rebecca Law
18e3eb6b32 Update tests for content changes. 2019-09-23 13:22:28 +01:00
karlchillmaid
852699e3e8 Replace hasn't with has not 2019-09-23 13:22:26 +01:00
karlchillmaid
92343aa45e Update change links and headings (#3064)
* Update Settings titles
* Update Change links on settings
* Update Team members Change link
* Update Settings pages headings
2019-07-25 11:52:13 +01:00
Chris Hill-Scott
30eeaec154 Add autocomplete to email address on register form
GOV.UK Design System recommends:
> You should also set the autocomplete attribute to email. This lets
> browsers autofill the email address on a user’s behalf if they’ve
> entered it previously.

Only doing this on the register and sign in forms because it’s unlikely
to be helpful where a user is trying to enter someone else’s email
address.
2019-07-16 17:14:49 +01:00
Chris Hill-Scott
f34a252e72 Remove defaults from User model
the api always returns exactly:
```
id
name
email_address
auth_type
current_session_id
failed_login_count
logged_in_at
mobile_number
organisations
password_changed_at
permissions
platform_admin
services
state
```

it does this through `models.py::User.serialize` – there is an old
Marshmallow `user_schema` in `schemas.py` but this isn’t used for
dumping return data, only parsing the json in the create user rest
endpoint.

This means we can rely on these keys always being in the dictionary.
2019-06-05 14:55:43 +01:00
Chris Hill-Scott
628e344b36 Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
                         API (returns JSON)
                                  ⬇
          API client (returns a built in type, usually `dict`)
                                  ⬇
          Model (returns an instance, eg of type `Service`)
                                  ⬇
                         View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:

```
                         API (returns JSON)
                                  ⬇
    API client (returns a model, of type `User`, `InvitedUser`, etc)
                                  ⬇
                         View (returns HTML)
```

This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.

It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.

For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-06-05 11:13:41 +01:00
Chris Hill-Scott
8835486d4e Look in organisation for whitelisted domains
At the moment we have to update a YAML file and deploy the change to get
a new domain whitelisted.

We already have a thing for adding new domains – the organisation stuff.

This commit extends the validation to look in the `domains` table on the
API if it can’t find anything in the YAML whitelist.

This has the advantage of:
- not having to deploy code to whitelist a new domain
- forcing us to create new organisations as they come along, so that
  users’ services automatically get allocated to the organisation once
  their domain is whitelisted
2019-06-03 11:41:13 +01:00
Chris Hill-Scott
fd7a33d0a6 Remove folder permissions feature flag from team members 2019-05-17 14:08:01 +01:00
Alexey Bezhan
cab780b549 Remove edit_folder_permissions service setting (feature flag)
This removes the edit_folder_permission checks from the code, enabling
the folder permissions for all services.

This also fixes folder-related tests to set up appropriate user
permissions.

This should only be merged right after alphagov/notifications-api#2428,
when all other permission stories are done.
2019-05-17 11:20:16 +01:00
Chris Hill-Scott
81b299428f Add tests for editing folder permissions for platform admin users 2019-05-17 11:03:41 +01:00
Alexey Bezhan
5dbd229781 Hide template folder permission editing for platform admin users
Platform admin users can access all template folders, so the folder
permissions form always displays everything as checked for them,
which makes it look like the form isn't actually working. We could
do the check based on folder data, but the field still wouldn't
have any effect on permissions. So instead, we hide it completely
for platform admin users.

Submitting the form will remove any folder permissions from the DB
for the platform admin user (which can still be created by changing
permissions on the template folder 'Manage' page), but that's only
relevant if a user stops being a platform admin but keeps their
Notify services.
2019-05-17 10:46:56 +01:00
Katie Smith
d689b031a2 Allow non-gov email addresses to be changed to gov email addresses
When a user's email address is updated, we not allowing it to be changed
to a non-government email address. We now allow a non-gov email address
to be changed to another non-gov email address. Government email
addresses still cannot be changed to non-government email addresses.

Also fixes the link in the error message on the ChangeEmailAddress form -
this was being escaped before.
2019-04-25 10:36:04 +01:00
Katie Smith
88e9a0ff61 Add audit event when a service manager changes someones profile
We should audit when a service manager changes a user profile that is not
their own. This can be recorded in our events table, which is currently
only used to record successful logins.

This adds two new types of event, `update_user_email` and
`update_user_mobile_number` which store the
- browser fingerprint
- IP address
- user id of the user being updated
- user id of the service manager  making the change
- original email address and new email address (for `update_user_email`
events)
- original mobile number and new mobile number (for
`update_user_mobile_number` events)
2019-04-09 14:37:37 +01:00
Leo Hemsted
249b80762a add count of folders visible per user to the team members page
Shows a count of how many folders that user can see - this doesn't do
anything smart with parent folder stuff, it's just "how many checkboxes
are ticked on the edit page".

* doesn't show if service has no folders
* doesn't show if service hasn't got folder permissions enabled
2019-04-04 17:55:37 +01:00
Chris Hill-Scott
883b07e3f0 Use client_request fixture where possible
It:
- saves repetetive boilerplate code
- does some extra checks (eg checking for a `200` response)
- makes the codebase less confusing to consistently do the same thing in
  the same way
2019-03-26 16:38:00 +00:00
Leo Hemsted
f872294235 remove the remove-user get method
remove `confirm` from `confirm_remove_user_from_service` as there's
only one action now that the initial confirmation prompt takes place
on the edit permissions page
2019-03-26 15:52:37 +00:00
Leo Hemsted
f7f9dd8530 fix user permissions save button sometimes deleting
when you hit the delete button, it flashes the delete button and takes
you to the `/service/../user/../delete` url. If you then click the save
button, it would make a POST to the delete URL... and delete the user.

now the page stays on the edit url, but adds a `?delete=yes` query
string. The dangerous flash banner now has an action field which
defines where the browser will make the POST to (which remains at
/delete).
2019-03-26 15:52:37 +00:00
Katie Smith
7654d3c5fd Send folders if inviting user for service without edit folder permissions
If a new user is being invited for a service which doesn't have edit
folder permissions turned on, we want to send all folders for that
service to api.
2019-03-22 13:29:13 +00:00
Katie Smith
c39f6d49ea Set folder permissions when creating and accepting invites to services
Added a folder permissions form to the page to invite users to services.
This only shows if the service has 'edit_folder_permissions' enabled,
and all folder checkboxes are checked by default. This change means that
InviteApiClient.create_invite now sends folder_permissions through to
notifications_api (so invites get created with folder permissions).

Started passing the folder_permissions through to notifications-api when
accepting an invite. This changes UserApiClient.add_user_to_service to
send folder_permissions to notifications_api so that new users get folder
permissions when they are added to the service.
2019-03-21 10:17:05 +00:00
Pea Tyczynska
a9be6015dc Test if auth type can be chosen while inviting user 2019-03-12 16:53:46 +00:00
Alexey Bezhan
6fa975e867 Send updated user folder permissions to the API
Integrates the folder permissions form with the updated API endpoint
to store changes in the user folders.

Since user folder permissions are returned in the full list of template
folders for the service we need to invalidate the cache key for it each
time we update user permissions.
2019-03-05 11:44:34 +00:00
Pea Tyczynska
7413423243 Display nested folders permissions form on user permissions page
We're reusing the logic for the `move_to` nested radios field for the
user folder permissions nested checkboxes.

The main difference between the two forms (aside from the different
input type) is that "Move" form contains the root "Templates" as an
option, whereas the folder permissions doesn't.

It turns out that, because of the way NestedFieldMixin.children and
select_nested macro are implemented the easiest way to get the desired
folder permissions behaviour is to add the root folder as a choice with
a `None` value and `NONE_OPTION_VALUE = None` set on the field, which
allows the `child_map` to be constructed but doesn't display the root
folder checkbox itself since it gets overwritten in the final `child_map`.
2019-03-05 11:44:34 +00:00
Rebecca Law
184ea5b92b Update the message when changing a users mobile phone number. 2019-03-04 11:14:35 +00:00
Pea Tyczynska
7da2ed4539 Tell api when mobile or email updated by colleague
So that API can send a confirmation email to the affected user
2019-02-26 16:35:11 +00:00
Pea Tyczynska
d93278f5f0 Ensure that mobile of user not belonging to service cannot be edited 2019-02-26 11:51:56 +00:00
Pea Tyczynska
d60ab838a8 Edit mobile page allows users to proceed without changing mobile number
Also:
- change formatting of mobile number redact characters

- redirect if session empty

- update a test with new mock after rebase
2019-02-26 11:50:56 +00:00
Pea Tyczynska
f7e54b7f5b Change team member's mobile number upon confirmation
Also add edit user mobile number urls to navigation exceptions
2019-02-26 11:50:42 +00:00
Pea Tyczynska
94b78a7649 Confirm change of team member's phone number 2019-02-26 11:50:41 +00:00
Pea Tyczynska
5a59989497 Redirect to mobile number confirmation page 2019-02-26 11:50:41 +00:00
Pea Tyczynska
9d57a81029 Edit mobile number page 2019-02-26 11:50:41 +00:00
Pea Tyczynska
94c4151640 Edit user permissions page shows redacted phone number and Change link
Also make plan for story development
2019-02-26 11:50:17 +00:00
Chris Hill-Scott
d82f410325 Don’t allow editing of users from other services
Currently when you load the ‘edit user’ page (which has a URL like
`/service/<service_id>/users/<user_id>`) we check that:
- you belong to the service represented by `service_id`
- you have permission to edit users on this service

We don’t check that:
- the user represented by `user_id` belongs to this service

This means that if you could somehow determine another user’s `user_id`
(which I don’t think is possible if you don’t already have the manage
service permission for that service) then you could:
- edit their permissions on your service (weird, but wouldn’t have any
  effect)
- change their email address (bad)

This commit adds checks to return a `404` any time you’re looking at a
service and trying to do stuff to a user who doesn’t belong to that
service.

We can’t add this check to the API easily because there are still times
that we want to get/modify users outside the context of a service (eg
platform admin pages, or users who have no services).
2019-02-25 17:19:07 +00:00
Chris Hill-Scott
ffaa8cd1a6 Don’t error if email address hasn’t changed
When updating a user’s email address you currently get an validation
error if you save without changing it. Instead it should just obey your
command. And no need for the confirmation step because nothing is
actually changing.
2019-02-25 12:04:07 +00:00
Pea Tyczynska
6c406ae5cd Redirect from confirmation page if session empty 2019-02-22 16:13:46 +00:00
Pea Tyczynska
4faf44b5c5 Content changes following consultation with content and design pros :) 2019-02-21 10:54:56 +00:00
Pea Tyczynska
446a17d801 Confirm edit user email changes user email 2019-02-21 10:54:56 +00:00
Pea Tyczynska
3c9c918963 Redirect to confirmation page 2019-02-21 10:53:23 +00:00
Pea Tyczynska
5158377b2e Add a get view and template that enable changing team members email 2019-02-21 10:53:23 +00:00
Chris Hill-Scott
538a06c0bf Refactor filtering out accepted invites to client
None of our model or view layer code should need to know about accepted
invites. We don’t use them anywhere because once an invite is accepted
that person is now a user.

Putting this logic in the client means that:
- none of the code calling the client needs to care about accepted
  invites
- it’s easier to (if we want) update the API code to not return accepted
  invites
2018-12-03 11:06:03 +00:00
Chris Hill-Scott
e04b2b5631 Split models to prevent circular imports
This commit is the first step to disentangling the models from the API
clients. With the models in the same folder as the API clients it makes
it hard to import the API clients within the model without getting a
circular import.

After this commit the user API clients still has this problem, but at
least the service API client doesn’t.
2018-10-30 15:01:36 +00:00
Chris Hill-Scott
61507fda8f Make the permission labels shorter
They were feeling a bit heavy on the _Team members_ page. We can remove
some words without losing any meaning.
2018-08-09 13:49:06 +01:00
Chris Hill-Scott
347912876c Relabel existing permissions
Since we have added a new, 5th permission the existing permissions
should be relabelled so that the five make sense as a coherent set.

We especially want to make sure that:
- the labels work against the checkboxes and against the tick/crosses on
  the manage users page (a long time ago this page was layed out
  differently so didn’t have space for full labels)
- there is no confusion between usage and reports

This commit also:
- re-adds a line about what all users can see (‘sent messages’) but
  continues to omit the additional bullet points about templates and
  team members (because we think this is clear enough from reading the
  permissions)
- refactors the `Form` subclass so that the content and order of the
  permissions only have to be defined once
- brings back the ‘permissions’ legend on the `fieldset`
2018-08-09 13:49:06 +01:00
Chris Hill-Scott
646ba6e8c3 Add a ‘See dashboard’ permission
Our research and prototyping around ‘basic view’ found that:
- a lot of users who send messages rarely or never look at the dashboard
  (yet it’s the first page they see when they sign in)
- team managers like the idea of taking away things that users don’t
  need in order to make the interface simpler

We’ve disentangled the simpler way of sending messages from being part
of ‘basic view’. This means we can give managers the option of taking
away the dashboard as an independent choice, not something that’s
wrapped up in a separate ‘view’.

I think that this checkbox is a more straightforward proposition than
‘basic view’ ever was (despite all the work we did to explain it and
develop the nested checkbox pattern). In research users would often
explain the feature back to us as being about hiding the dashboard – we
should try to make Notify operate in terms of concepts that come
naturally to people wherever possible.
2018-08-09 13:49:06 +01:00
Chris Hill-Scott
0008d7cda7 Rename ‘caseworker’ to basic view on team members
Missed this in https://github.com/alphagov/notifications-admin/pull/2146
2018-07-10 12:17:22 +01:00
Chris Hill-Scott
f4d2958d58 Allow setting of caseworking on a user
This commit changes the form that the user sees when inviting or editing
another user, if the service has the ‘caseworking’ permission set.

This will allow creating a new type of user, one who only has the
`send_messages` permission, without the `view_activity` permission.

We are doing this because we think there are a number of services with a
lot of users who don’t need to see the dashboard, or the other team
members, and that we can make a simpler interface for these users.
2018-07-05 11:47:30 +01:00
Leo Hemsted
4ddd3aa155 use client_request to always check the response
this'll avoid us accidentally 503ing and ignoring it in tests where we
check for "assert my_content not present"
2018-05-08 11:16:12 +01:00
Leo Hemsted
be038e345d define isort first party (app and tests)
we were seeing isort produce different outputs locally and in docker -
this was due to it having different opinions about whether the tests
module (ie all our unit tests) is a first party (local) or third party
(pip installed) import. It's a first party import, so by defining this
in the setup.cfg isort settings, we can force it to be consistent
between environments.

Note: I don't know why it was different in the first place though
2018-04-25 14:12:58 +01:00
Leo Hemsted
3be4b57bbd fix imports 2018-03-06 13:10:37 +00:00