Commit Graph

212 Commits

Author SHA1 Message Date
David McDonald
752b685b26 Show only relevant platform admin settings for broadcast service
A few of note

Count in list of live services - this should be set to no in the API (to
be implemented) so we never show broadcast services in the list of live
services to reduce security leaks

Organisation - all broadcast services are currently going to be found in
a single organisation so we keep track of them easily. Therefore there
is no need to allow the changing of the organisation

Email authentication - we may in time not allow these services to use
email auth to log in but this hasn't been decided so let's keep it for
the moment

Rate limit - although a service may end up using our API to create
broadcasts, there is currently no rate limit check on this endpoint
and it's also extremely unlikely that any service would ever breach
the default limit
2021-02-04 17:36:30 +00:00
Pea Tyczynska
73031962a7 Change link leads to edit billing details view 2021-02-03 10:29:19 +00:00
Pea Tyczynska
4a7bfcc9c5 Add billing details property
This property lets service settings know if there are any
billing details to preview.
2021-02-03 10:29:18 +00:00
Pea Tyczynska
8219e5a2f9 Show billing details row for admins on service settings page 2021-02-03 10:29:18 +00:00
Pea Tyczynska
5818942908 'Change' link links to edit_service_notes 2021-01-14 18:00:44 +00:00
Pea Tyczynska
89b3f6ace2 Display notes section in Service Settings 2021-01-13 18:48:20 +00:00
Chris Hill-Scott
43b4acf1f9 Allow platform admins to change rate limit
One less thing we have to go into the database to do, and remember to
manually clear the cache for after.
2020-10-23 12:05:45 +01:00
Chris Hill-Scott
fcd34ef989 Merge pull request #3689 from alphagov/set-message-limit
Allow platform admins to change daily message limit
2020-10-20 10:34:58 +01:00
Chris Hill-Scott
268929a093 Allow platform admins to change daily message limit
One less thing we have to go into the database to do, and remember to
manually clear the cache for after.
2020-10-19 17:44:32 +01:00
Chris Hill-Scott
9b7357025c Make custom data retention look a bit nicer
This should make it easier to see what’s set without having to click
into the table.
2020-10-19 16:56:36 +01:00
Rebecca Law
52954191fa Merge branch 'master' into international-letters-form 2020-09-07 09:45:17 +01:00
Tom Byers
e42adecd07 Add context to service settings links 2020-08-25 21:27:03 +01:00
Chris Hill-Scott
f852c27586 Let users switch international letters on and off
We’ve decided that this feature should be self-service, and on by
default for all users. Before we can make it on by default we should
give users a way to switch it off for themselves. Which is what this PR
does.
2020-08-06 09:29:57 +01:00
Chris Hill-Scott
fd05bed600 Remove references to email, text and letters in trial mode
We don’t know what trial mode for broadcast services is going to look
like, but it’s not going to involve sending emails.
2020-07-15 09:14:56 +01:00
Chris Hill-Scott
c17db333d3 Hide email, text message and letter settings
Services with the broadcast permission won’t be able to send emails,
text messages or letters. So we should avoid confusion by removing any
reference to these things.
2020-07-13 09:59:05 +01:00
Chris Hill-Scott
4df99bd27f Don’t allow paragraphs without class attribute
All paragraphs should have class="govuk-body", or be otherwise
custom-styled. This commit adds some extra checks to our test fixture
that looks for paragraphs that don’t have any styling. Our test coverage
is pretty good, so this should check almost all pages, and prevent
regressions.

I’ve done this in such a way that it can be extended for other elements
(e.g. links) in the future.
2020-05-29 17:11:01 +01:00
Chris Hill-Scott
047ca8a48c Fix unnecessary call to organisation API endpoint
We’re caching the organisation name, but still talking to the API
to see if the organisation exists.

`Service().organisation_id` only goes to the JSON for the service.

`Service().organisation` makes a separate API call.

We only need the former to know if a service belongs to an organisation.
2020-04-02 15:24:02 +01:00
Chris Hill-Scott
cc5701e870 Cache organisation name in Redis
A lot of pages in the admin app are now generated entirely from Redis,
without touching the API.

The one remaining API call that a lot of pages make, when the user is
platform admin or a member of an organisation, is to get the name of
the current service’s organisation.

This commit adds some code to start caching that as well, which should
speed up page load times for when we’re clicking around the admin app
(it’s typically 100ms just to get the organisation, and more than that
when the API is under load).

This means changing the service model to get the organisation from the
API by ID, not by service ID. Otherwise it would be very hard to clear
the cache if the name of the organisation ever changed.

We can’t cache the whole organisation because it has a
`count_of_live_services` field which can change at any time, without an
update being made.
2020-04-02 12:07:19 +01:00
Pea Tyczynska
a601d6e700 Send files by email on for everyone and only depending on service
having contact details set up.

Display not set up yet for send files by email row when contact_link not set up
2020-02-27 13:36:27 +00:00
Pea Tyczynska
b2e6d14958 Enable users to turn send file by email setting on and off 2020-02-27 11:55:09 +00:00
Tom Byers
2a71cc5481 Convert warning links to govuk-link--destructive
Converts links in the following:
- the page-footer component
- the table component
- the browse-list component
- the notification status, when reporting failures
- validation messaging in the whitelist page
2020-02-25 10:52:03 +00:00
Tom Byers
ee9f348ce4 Update all links to use GOVUK Frontend style
Includes:
- turning off :visited styles to match existing
  design
- swapping heading classes used to make links bold
  for the GOVUK Frontend bold override class
- adding visually hidden text to some links to
  make them work when isolated from their context

We may need to revisit whether some links, such as
those for documentation and features, may benefit
from having some indication that their target has
been visited.
2020-02-25 10:47:24 +00:00
Tom Byers
5b306dde4d Revert "Convert all links to govuk frontend" 2020-02-24 11:56:38 +00:00
Tom Byers
548265dbe4 Convert warning links to govuk-link--destructive
Converts links in the following:
- the page-footer component
- the table component
- the browse-list component
- the notification status, when reporting failures
- validation messaging in the whitelist page
2020-02-20 09:11:26 +00:00
Tom Byers
cd36182ea6 Update all links to use GOVUK Frontend style
Includes:
- turning off :visited styles to match existing
  design
- swapping heading classes used to make links bold
  for the GOVUK Frontend bold override class
- adding visually hidden text to some links to
  make them work when isolated from their context

We may need to revisit whether some links, such as
those for documentation and features, may benefit
from having some indication that their target has
been visited.
2020-02-20 09:11:26 +00:00
Pea M. Tyczynska
ba6b412bca Merge pull request #3268 from alphagov/proper-form-for-letter-branding
Parametrise branding request flow so it serves both email and letter branding
2020-01-23 16:50:41 +00:00
Leo Hemsted
f3fa6a67e1 fix one more place where senders weren't sanitised
make sure everything is using the `nl2br` formatter that properly wraps
it in markdown to keep everything sanitised nicely. Also write a couple
of tests
2020-01-22 17:22:01 +00:00
Leo Hemsted
5bbbdc3cd9 fix xss with service letter contact blocks
service contact blocks contain new lines - and jinja2 normally ignores
newlines (as in it keeps them as new lines) - but we need to turn them
into `<br>` tags so that we can show the formatting that the user has
added. We were previously just doing `{{ block | nl2br | safe }}`. nl2br
turns the new lines into `<br>` tags, and then `safe` tells jinja that
it doesn't need to escape the html.

this causes issues if the user adds `<script>alert(1)</script>` to their
contact block (or some other evil xss hack), where that will get let
through due to the safe flag

To solve this, use `Markup(html='escape')` to sanitise any html, and
then convert new lines to <br>.

bump utils

another xss
2020-01-21 17:34:49 +00:00
Pea Tyczynska
02cb6c9c38 Create a letter branding request flow to match email branding request
Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding
2020-01-21 16:47:14 +00:00
karlchillmaid
6675793241 Update link text 2019-11-22 14:17:15 +00:00
karlchillmaid
b5fb43212a Update lead in and second bullet 2019-11-20 11:32:42 +00:00
karlchillmaid
1a25ac9676 Update trial mode content 2019-11-20 11:25:36 +00:00
Chris Hill-Scott
6d0d10e8de Only show relevant choices of email branding
Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.
2019-09-16 11:03:52 +01:00
Chris Hill-Scott
c9a32c7327 Remove duplication of org type lookup
There’s a couple of places where we’re looking up the label for the type
of organisation.

Having this repeated in multiple places means it’s more likely we forget
to update one of these places when making a change.

This commit looks up from the tuple in the organisation model, which is
where other code references this stuff from. This is only possible now
that we don’t have duplicate keys (ie GP practice doesn’t share a key
any more).
2019-08-28 15:36:09 +01:00
Pea (Malgorzata Tyczynska)
eb7504bc0d Merge pull request #3067 from alphagov/new_org_types_part_2
Delete references to 'nhs' generic organisation type
2019-07-26 11:49:15 +01:00
karlchillmaid
92343aa45e Update change links and headings (#3064)
* Update Settings titles
* Update Change links on settings
* Update Team members Change link
* Update Settings pages headings
2019-07-25 11:52:13 +01:00
karlchillmaid
3e179e49eb Update text message setting name
Update text message setting name for `Start text messages with service name`
2019-07-24 11:58:43 +01:00
karlchillmaid
d0a0b17f7b Update trial mode content 2019-07-24 11:58:42 +01:00
Chris Hill-Scott
45ae5b1782 Merge pull request #3041 from alphagov/delete-letter-contact
Let users delete letter contact blocks
2019-07-24 10:47:48 +01:00
Pea Tyczynska
c8bad44db4 Delete references to NHS generic organisation type 2019-07-22 15:59:31 +01:00
Pea (Malgorzata Tyczynska)
1bd5ff1dfc Merge pull request #3057 from alphagov/new_org_types_part_1
Introduce new org types
2019-07-22 15:56:31 +01:00
Chris Hill-Scott
44d5dc44d3 Allow deleting default letter contact blocks
It’s possible to delete default letter contact blocks because there is a
fallback – having a blank letter contact block. This is different to SMS
senders and reply to addresses.

For this to make sense it also means:
- adding the ‘blank’ letter contact block to the list of letter contact
  blocks
- having a way of setting the default back to being blank
2019-07-22 11:57:11 +01:00
Chris Hill-Scott
c1a5383a3f Even out the spacing on the settings page
This makes the spacing above and below each heading on the settings
page consistent.
2019-07-22 11:37:15 +01:00
Pea Tyczynska
c8ed608c9a Only show nhs radios if user has nhs domain email
Also split local NHS into two groups following designer advice
on readability.
2019-07-18 17:07:42 +01:00
Katie Smith
53214937a8 Stop allowing the service org type to be changed
The service organisation type will either be the same as the org type of
the service's organisation or will be set by a user when creating a new
service. This removes the ability to change it from the platform admin
settings table.
2019-07-16 11:36:19 +01:00
karlchillmaid
d60675071e Update 'reply-to email address' 2019-07-09 16:43:54 +01:00
Chris Hill-Scott
954f43ae48 Let users archive their own trial mode services
At the moment we have a blanket rule that users can’t archive their own
services, to prevent someone accidentally deleting a real live service,
because that would be Very Bad.

But the tickets we get from users asking us to delete services are for
services they set up when they were just trying out Notify. There’s not
much harm in letting users delete these services, the consequences of
doing so are much lower than those of deleting a live service. And it
should mean fewer support tickets for us to deal with.
2019-06-04 09:45:51 +01:00
Chris Hill-Scott
9d40986d53 Make ‘you must set organisation’ text shorter
So it fits in the column.
2019-05-20 16:15:47 +01:00
Chris Hill-Scott
d9da63401f Normalise heading sizes
Since we added template folders the templates page has had a ‘medium’
sized heading, where other pages have stuck with a ‘large’ size.

This commit rationalises the decision around which pages have which
heading size:
- ‘navigation’ pages (eg templates, team members, email reply to
  addresses) have medium sized headings
- transactional pages (ie ones which have a green button) keep the
  larger heading size
2019-04-30 15:30:31 +01:00
Chris Hill-Scott
d3caaf94b1 Make archive/suspend links not buttons
They don’t immediately perform an action, so semantically they are
links, not buttons.
2019-04-24 16:11:32 +01:00