Commit Graph

24 Commits

Author SHA1 Message Date
Ben Thorner
7c27646d6a Extract user utility code into own module
This provides more room for expansion, and reduces the amount of
arbitrary code in the __init__.py file for the new package.
2021-06-09 13:19:05 +01:00
Chris Hill-Scott
20f857753a Use constants for organisation type
This reduces the chances of making a typo, because doing so will raise
an exception rather than fail silently.
2019-09-16 11:33:50 +01:00
Chris Hill-Scott
8b8893ed1d Let NHS Trusts and CCGs choose own organisation
All we do via support is ask which organisation they work for and
manually assign their service to it. This commit makes that process self
service.

We think we have all the trusts and clinical commissioning groups
loaded into the database now.

This will make the go live process smoother for these teams.
2019-09-06 16:26:51 +01:00
Chris Hill-Scott
daeefefeaa Let GP surgeries create their own organisations
We have a bunch of GP surgeries who want to go live. They don’t
automatically assigned to organisations. So this means a lot of back and
forth to get these organisations set up, and then the service has to
re-request to go live, and… it’s painful.

Instead, let’s let GPs create their own organisations, by confirming the
name of their organisation before going on to letting them accept the
agreement.
2019-09-05 15:01:12 +01:00
Chris Hill-Scott
a256b9c33a Remove the user-specific agreement pages
We used to give users the right version of the agreement by guessing
their organisation from their email address.

Now we do it by looking at the organisation of the service they’re
looking at.

In other words, users should only be downloading the agreement as part
of the go live journey, not outside it. This is because we think that
users will get confused if they download the agreement and:
- find there’s nowhere to physically sign it
- think that accepting the agreement is all they need to do to go live

Maintaining two paths to download the agreement also makes the code more
complicated, and makes it harder to update the content on these pages.
2019-07-15 15:25:05 +01:00
Chris Hill-Scott
b620b677d3 Have permissions decorators check user signed in
Rather than force us to write the decorators in a specific order let’s
just have one decorator call the other. This should make fewer lines of
code, and fewer annoying test failures. It also means that the same way
of raising a `401` (through the `current_app` method) is used
everywhere.
2019-07-03 09:54:35 +01:00
Chris Hill-Scott
3da9e84ece Enforce order of permissions decorators
At the moment we mostly have `user_has_permissions` execute first. It
shouldn’t matter, but it feels right for us to check that a user is
logged in before we check their permissions to a service. Otherwise a
malicious user could (maybe) check if a service ID belongs to a real
service, and go on to do something malicious with that information.

This commit adds some extra test code to enforce that the order is
always the same.

N.B. decorators in Python execute from closest to furthest (from the
line on which the function is defined).
2019-07-03 09:54:17 +01:00
Chris Hill-Scott
91f2da8b68 Ensure all service route have permission decorators
We accidentally miss these sometimes. This code adds a test which
inspects the code to automatically check that any function which:
- handles a route
- accepts a service_id

For each function it checks that each of these routes have the
permissions decorator we’d expect.

Most of the introspection/AST code is adapted from here:
https://mvdwoord.github.io/exploration/2017/08/18/ast_explore.html
2019-07-03 09:47:20 +01:00
Chris Hill-Scott
1f02a2d3ab Determine agreement by service not user’s org
A user might not have a guessable organisation type, even if the service
they’re working on does have an organisation set. This can happen for
users with @nhs.net email addresses, for example.
2019-07-02 17:22:36 +01:00
Chris Hill-Scott
0728d9b4fb Add validation for agreement accepted on behalf of
If the user has selected that they are accepting the agreement on behalf
of someone else then we need to make the they provide that person’s
details.

If they’ve selected that they are accepting the agreement themselves
then we have to ignore what they might have put in the ‘on behalf of
boxes’ (for example if they filled them out but then changed their
mind).
2019-06-19 13:19:50 +01:00
Chris Hill-Scott
eb3f9aad2a Add pages to let users accept the agreement online
At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.
2019-06-19 13:14:02 +01:00
Chris Hill-Scott
4cb08eb8ff Look at service’s organisation on agreement page
Usually the service’s organisation and the user’s current organisation
will be the same. But this won’t be the case when:
- someone with a non-government email address is looking at the page
- someone from our team, as a platform admin user, is looking at the
  page (it will show Cabinet Office instead)

This commit fixes these problems by explicitly looking at the service’s
organisation. We couldn’t do this previously because when this page
wasn’t service-specific `current_service` was not guaranteed to be set.
2019-05-02 09:21:44 +01:00
Rebecca Law
acd564873a Say services in URL path
It’s what we do everywhere else…

Co-Authored-By: quis <me@quis.cc>
2019-05-01 15:41:43 +01:00
Chris Hill-Scott
35bf42b024 Add service-specific versions of agreement page
Our usability testing found that jumping out of the service when going
to download the agreement made it difficult for people to find their way
back to the ‘Request to go live’ page.

This commit adds a duplicate, service-specific versions of these pages
which have the same content but:
- keep the service navigation
- have a link back to the ‘Request to go live’ page
2019-05-01 08:51:34 +01:00
Chris Hill-Scott
dbf8b22d3c Organise agreement pages into a folder
This keeps them all in one place so they’re easier to work with.
2019-05-01 08:33:53 +01:00
Chris Hill-Scott
835d11d8d6 Remove domains.yml dependence from agreement pages
This will allow us to remove the `domains.yml` file, by using
information about organisations that is now stored in the database
instead.
2019-04-12 14:12:10 +01:00
Katie Smith
f005d7a569 Refactor to split s3_client.py into multiple files
Separated s3_client.py into 3 files - for logos, CSV files and the MOU.
This helps to keep things clearer now that we need to add lots more logo
functions for letters.
2019-02-06 17:26:58 +00:00
Chris Hill-Scott
f8546c8611 Refactor to be more DRY 2018-05-09 13:44:42 +01:00
Chris Hill-Scott
220e11ccdd Customise download page if agreement signed
If the user’s organisation has already signed the agreement we shouldn’t
give them the instructions for how to sign it.
2018-05-09 13:44:33 +01:00
Chris Hill-Scott
947b67ee1a Let people choose which agreement to download
If we don’t know whether people belong to a crown organisation we should
give them the option of self-selecting, because they might themselves
know.

This commit adds a new version of the ‘agreement’ page which gives
people exactly that choice. It doesn’t link to it yet.
2018-05-09 13:40:21 +01:00
Chris Hill-Scott
771f916630 Add URLs to download the agreement without login
So that we can share these URLs in an email we’re sending out.
2018-05-08 14:49:06 +01:00
Chris Hill-Scott
8fb909101b Reword the download agreement page 2018-04-03 10:58:48 +01:00
Chris Hill-Scott
dca5546cbd Only offer agreement download to non-crown for now
We don’t have the crown agreement in a nice downloadable format at the
moment.
2018-03-28 12:43:03 +01:00
Chris Hill-Scott
68292d2299 Add endpoints to serve the agreement
Rather than making users contact us to get the agreement, we should just
let them download it, when we know which version to send them.

This commit adds two endpoints:
- one to serve a page which links to the agreement
- one to serve the agreement itself

These pages are not linked to anywhere because the underlying files
don’t exist yet. So I haven’t bothered putting real content on the page
yet either. I imagine the deploy sequence will be:

1. Upload the files to the buckets in each environment
2. Deploy this code through each enviroment, checking the links work
3. Make another PR to start linking to the endpoints added by this
   commit
2018-03-27 11:35:17 +01:00