Commit Graph

3138 Commits

Author SHA1 Message Date
Chris Hill-Scott
dfa2ae0ced Order areas by name in examples
When you click through to the page for a library you see the available
areas in alphabetical order. The examples given for each library should
match this.
2020-08-12 16:34:17 +01:00
Chris Hill-Scott
53fd5b8869 Exclude grouped areas from examples
The given examples should match the choices offered when you visit the
next page. The choices offered on the next page are either the areas
(when a library is not grouped) or the groups (when a library is
grouped).

This commit makes the examples match the choices by excluding sub-areas,
ie those that have a grouping ID.
2020-08-12 16:34:17 +01:00
Chris Hill-Scott
781847d32c Merge pull request #3557 from alphagov/view-only-broadcast-page
Let users without `send_messages` view broadcasts
2020-08-12 15:16:39 +01:00
Chris Hill-Scott
e47dbc0caa Add tests to check permission-restricted broadcast pages
Some pages should only be shown to users who have permission to send or
approve broadcasts. This commit adds a test to ensure that this is true,
and that we don’t accidentally regress the checks for this permission.
2020-08-12 08:19:51 +01:00
Chris Hill-Scott
78c88530b5 Let users without send_messages view broadcasts
At the moment viewing a broadcast is limited to those users who have
the `send_messages` permission.

This doesn’t match how we describe the permissions on the team members
page

This commit makes it so that any team member can see a broadcast that’s
in any state other than `draft`.
2020-08-12 08:19:49 +01:00
Chris Hill-Scott
8570901731 Let users select electoral wards of local authorities
If a library has groups, we should show a link instead of selecting the
group directly.

Then we can give the user the choice of selecting the whole of that
group, or specific areas within the group.

For now the only libraries we have with groups are local authorities,
which group electoral wards.
2020-08-11 17:38:15 +01:00
Chris Hill-Scott
0ce64bcfde Merge pull request #3553 from alphagov/move-broadcast-areas-into-admin
Move broadcast areas into admin
2020-08-11 13:25:21 +01:00
Toby Lorne
b0ff2d41c5 broadcast-areas: examples are deterministic
Signed-off-by: Toby Lorne <toby.lornewelch-richards@digital.cabinet-office.gov.uk>
2020-08-11 12:04:02 +01:00
Chris Hill-Scott
b0fc1cd271 Make test name more explicit 2020-08-11 11:22:59 +01:00
Toby Lorne
73e68c355b broadcast-areas: include electoral wards
Signed-off-by: Toby Lorne <toby.lornewelch-richards@digital.cabinet-office.gov.uk>
2020-08-10 18:09:15 +01:00
Toby Lorne
6649d0ac70 broadcast-areas: use area ids in tests
Signed-off-by: Toby Lorne <toby.lornewelch-richards@digital.cabinet-office.gov.uk>
2020-08-10 18:09:15 +01:00
Chris Hill-Scott
834b0fc3d5 Put hidden email field on register from invite page
Password managers will try to guess what they should save as a username
by looking at the fields on the page where you set up your password.

When registering from an invite the email address (what we use as a
username) is predefined, and only shown on the page as text, not an
input.

This commit also adds a hidden input field for password managers to pick
up.

Adapted from: https://github.com/UKGovernmentBEIS/beis-opss-psd/blob/master/app/views/users/complete_registration.html.erb#L29-L36
2020-08-10 15:59:27 +01:00
Toby Lorne
8c3a8ecd04 broadcast-areas: view test does not assert order
the descriptions are liable to change esp for wards

Signed-off-by: Toby Lorne <toby.lornewelch-richards@digital.cabinet-office.gov.uk>
2020-08-10 13:04:03 +01:00
Toby Lorne
7a1b80e533 broadcast-areas: sort imports
Signed-off-by: Toby Lorne <toby.lornewelch-richards@digital.cabinet-office.gov.uk>
2020-08-10 12:50:22 +01:00
Toby Lorne
488a5440cd broadcast-areas: move broadcast areas into app
Signed-off-by: Toby Lorne <toby.lornewelch-richards@digital.cabinet-office.gov.uk>
2020-08-10 12:50:20 +01:00
Chris Hill-Scott
3573ce1437 Merge pull request #3550 from alphagov/fix-html-escaping-email-subject-preview
Fix HTML being escaped in preview of email subject
2020-08-10 08:59:44 +01:00
Chris Hill-Scott
0e99bede68 Merge pull request #3552 from alphagov/cant-self-approve
Don’t let users self-approve broadcasts
2020-08-06 14:04:07 +01:00
Chris Hill-Scott
479406c02d Don’t let users self-approve broadcasts
At the moment they will get a ‘technical difficulties’ error if they
try.

We probably want to do something around letting people self-approve
broadcasts in trial mode, but for now just telling them they can’t is a
better experience than ‘technical difficulties’ (and will probably be
close to what they should see on a live service as well).
2020-08-05 16:01:21 +01:00
Tom Byers
cd398ab55c Merge pull request #3543 from alphagov/remove-code-supporting-old-permissions-form_fields
Revert support for old user permissions params
2020-08-05 15:51:28 +01:00
Chris Hill-Scott
b31fb7de66 Merge pull request #3546 from alphagov/redis-cache-broadcast-message
Cache broadcast messages in Redis
2020-08-04 16:17:21 +01:00
Chris Hill-Scott
4d65b94c77 Fix HTML being escaped in preview of email subject
`EmailPreviewTemplate.subject` returns a string of HTML, with any
user-submitted HTML already escaped:
b5a61bfb7b/notifications_utils/template.py (L672)

What won’t be escaped is the HTML needed to redact the placeholders. We
generate this HTML so we know its safe, and doesn’t need to be escaped.
However when we pass it to Jinja, Jinja doesn’t know this, so will try
to escape it. This means users will see the raw HTML.

We can get around this by using Flask’s `Markup` class to tell Jinja
that the string is already sanitised and doesn’t need escaping again.

Text message templates don’t have this problem because they already
return `Markup`: b5a61bfb7b/notifications_utils/template.py (L288)

Letter templates don’t suffer from this problem (because they don’t
support redaction) but without making the same change they would still
double-escape ampersands, greater-than symbols, and so on.
2020-08-04 15:16:18 +01:00
Tom Byers
a74501f1d8 Merge pull request #3535 from alphagov/try-introducing-govuk-checkboxes-again
Try introducing govuk checkboxes again
2020-08-04 14:39:54 +01:00
Chris Hill-Scott
63095f7a6c Merge pull request #3536 from alphagov/guest-list-endpoint
Use new guest list API URLs
2020-08-04 11:40:42 +01:00
Chris Hill-Scott
3faf92bfef Go to broadcast, not dashboard after submitting
Once you’ve created a broadcast you’re taken back to the dashboard. This
feels too passive, and you might miss that the broadcast still needs
approval.

We should be much more explicit that you now need to find someone to
approve your broadcast. Taking someone directly to the page for a
broadcast lets us give more information about the status of the
broadcast and what the next steps should be.
2020-08-03 15:46:23 +01:00
Chris Hill-Scott
47a5c2abba Merge pull request #3540 from alphagov/search-whole-postal-address
Tell users that they can search whole postal address
2020-08-03 14:47:58 +01:00
Chris Hill-Scott
19b42e3331 Add a tour for users new to broadcast services
This is an initial, prototype-quality attempt at introducing some kind
of tour for users new to broadcasting. A lot of the users we’re speaking
to don’t have a good concept of what broadcasting means, which is
causing usability problems down the line.

We did a similar thing in the early days of Notify to explain the
concept of message templates and personalisation.
2020-08-03 14:13:48 +01:00
Chris Hill-Scott
058553b6ee Cache broadcast messages in Redis
This should make the pages slightly quicker to load, because Redis will
return the JSON string faster than the API.

The only change that can happen to a broadcast which doesn’t go through
the admin app is a broadcast ending at its scheduled time. So this could
result in a cached broadcast having a status of `broadcasting` when it
had in fact finished. We already account for this here though:
b2b58ec044/app/models/broadcast_message.py (L89-L94)
2020-08-03 11:38:10 +01:00
Tom Byers
468a43bd68 Revert support for old user permissions params
The fields used for user permissions on
permissions forms were changed as part of the work
converting the checkboxes to GOVUK Frontend.

This removes code added to protect against a
situation where the server-side app was running
this updated code but clients were POSTing from
pages that were not, and so sending the old HTTP
params.
2020-07-31 15:40:12 +01:00
Tom Byers
e3c434bb8f Change permissions tests to support old API
User permissions were handled by a group of
BooleanFields but introducing the new checkboxes
changed this to just one field that stores its
data in a list.

It was mentioned in a comment that there could be
a situation, when the instances roll, where clients
are using the old fields but POSTing to a server
running the new code.

https://github.com/alphagov/notifications-admin/pull/3535#discussion_r460872903

This introduces tests for that situation.
2020-07-31 15:15:26 +01:00
Tom Byers
f322229614 Change tests to check permissions_field name
A comment on this group of changes mentioned the
'name' attribute of checkboxes for the
permissions_field should be checked as well as the
'value' attribute:

https://github.com/alphagov/notifications-admin/pull/3535#discussion_r460869797

This adds checks to support that point.
2020-07-31 15:15:16 +01:00
Tom Byers
e266b11ee2 Fix tests for pages using govukCheckboxField
These fields used to use govukCheckboxesField and
so stored their data in a list. They were since
migrated to govukCheckboxField, which extends
BooleanField and so keeps its data as a boolean
value.
2020-07-31 10:20:44 +01:00
Katie Smith
ba5f7d7c36 Check for invalid chars in letter addresses
This now adds validation for invalid characters on the
LetterAddressForm for one off letters. It also adds a validation failed
message for uploaded letters, precompiled letters sent through the API,
and CSV rows with errors.
2020-07-31 08:51:07 +01:00
Chris Hill-Scott
3fbf966719 Display full address on the notifications page
This is what we do on the uploads page now. It makes it more obvious
why your search term has returned a certain result if you can see most
of the address, not just the first line.
2020-07-30 16:40:25 +01:00
Chris Hill-Scott
2789b6a596 Tell users that they can search whole postal address
We’re now normalising and storing the whole address in the
`normalised_to` field. Previously we were only storing the first line
of the address.

Enough time should now have passed that the field will have been
populated for all letters in the database.

Thus we can now tell users that it’s not just the first line they can
search by.
2020-07-30 16:20:19 +01:00
Chris Hill-Scott
e0cb487093 Use new guest list API URLs
The API now[1] accepts requests on `…/guest-list` as well as
`…/whitelist`. This commit starts using the former, which means:
- the use of ‘whitelist’ is fully gone from the admin app
- the API can stop using it, at least in URLs

1. As of https://github.com/alphagov/notifications-api/pull/2928
2020-07-27 13:24:37 +01:00
Tom Byers
64cc9f2520 Make tests work with new template list HTML
Adds the extra text added to each checkbox label.
It's a copy of the text of the link in the same
list item which does add a lot of duplication to
the test data.

This reformats a lot of the test data, stacking it
to separate out the duplicate items.
2020-07-24 11:34:02 +01:00
Tom Byers
e3753ae623 Fix issues in tests from new fields 2020-07-24 11:34:02 +01:00
Leo Hemsted
8f0c6e43c1 fix tests 2020-07-22 15:15:23 +01:00
Chris Hill-Scott
9958460ab3 Update tests for service permission
This commit makes the tests for the `broadcast` service permission more
robust by:
- adding coverage of endpoints that have been created since the test was
  first written
- checking that the endpoint also responds to a `post` request with a
  `403` (or `405` where it is a `get`-only endpoint)
2020-07-20 09:27:46 +01:00
Chris Hill-Scott
6704919a2d Add a confirmation step to cancelling a broadcast
It’s an irreversible action if you do click it, so it feels like an ‘Are
you sure?’ step is sensible. Follows the same pattern for deleting
templates, etc.
2020-07-20 09:27:44 +01:00
Chris Hill-Scott
4f859a69a6 Merge pull request #3527 from alphagov/broadcast-end-time
Let users choose when to end a broadcast
2020-07-17 10:43:10 +01:00
Chris Hill-Scott
2d7d800c64 Merge pull request #3528 from alphagov/fix-set-broadcast-permission
Fix setting of broadcast permission
2020-07-17 10:40:26 +01:00
Chris Hill-Scott
83156bd16e Let users choose when to end a broadcast
Different emergencies will need broadcasts to last for a variable amount
of time. We give users some control over this by letting them stop a
broadcast early. But we should also let them set a maximum broadcast
time, for:
- when the duration of the danger is known
- when the broadcast has been live long enough to alert everyone who
  needs to know about it

This code re-uses the pattern for scheduling jobs, which has some
constraints that are probably OK for now:
- end time is limited to an hour
- longest duration is 3 whole days (eg if you start broadcasting Friday
  you have the choice of Saturday, Sunday and all of Monday, up to
  midnight)
2020-07-17 08:23:10 +01:00
Chris Hill-Scott
03b4aabf5f Add a link to reject a broadcast
If a broadcast definitely shouldn’t go out (for example because it has a
spelling mistake or is going to the wrong areas) then we should have a
way of removing it. Once it’s removed no-one else can approve it, and it
isn’t cluttering up the dashboard.

This is a link (because it’s a secondary action) and red (because it’s
destructive, in that it’s throwing away someone’s work).
2020-07-17 08:07:44 +01:00
Chris Hill-Scott
a99b40304b Add button to approve broadcast
Since new broadcasts will go into `pending-approval`, we now need a way
of approving them.

This commit adds a button to this page to start (or approve) the
broadcast. This button is wrapped in a bordered box, to emphasise that
it’s something consequential.
2020-07-17 08:07:44 +01:00
Chris Hill-Scott
5b83db9768 Don’t start broadcasts immediately
We don’t want one person going full yolo and start broadcasting without
any oversight. This commit changes the flow so that the button on the
‘preview’ page puts the broadcast into `pending-approval`, rather than
directly into `broadcasting`.
2020-07-17 08:07:43 +01:00
Chris Hill-Scott
c270688fe4 Show pending broadcasts on dashboard
When we have an approval flow, `pending-approval` will be the state a
broadcast is in between being a draft and broadcasting.

This means it is the earliest stage at which a broadcast can appear on
the dashboard, so this commit adds a new section at the top of the
dashboard to display these broadcasts (since the dashboard is in a
reverse chronological order).

Rather than displaying the scheduled time, the extra information shown
is the person who drafted the broadcast, since I reckon you’ll be coming
to this page because they’ve asked you to approve their broadcast.
2020-07-17 08:07:40 +01:00
Chris Hill-Scott
e29a477eb1 Fix setting of broadcast permission
This was broken because current_service doesn’t update itself after
calling the `update` method of the API. So we thought we were changing
the permissions like this:
```
{'email', 'sms', 'letter'}
{'email', 'sms', 'letter', 'broadcast'}
{'sms', 'letter', 'broadcast'}
{'letter', 'broadcast'}
{'broadcast'}
```

But actually we were doing this:
```
{'email', 'sms', 'letter'}
{'email', 'sms', 'letter', 'broadcast'}
{'sms', 'letter'}
{'email', 'letter'}
{'email', 'sms'}
```

This commit changes the code to update the permissions like this:
```
{'email', 'sms', 'letter'}
{'broadcast'}
```

It does so by adding a new method to the service model which changes all
the permissions in one API call, and updates the tests to mock the
underlying API call, not the method on the model.
2020-07-16 19:44:20 +01:00
Chris Hill-Scott
5229373341 Make the broadcast dashboard update via AJAX
Same technique as we use for other pages that update via AJAX.

I’ve split the page up into separate chunks because the DiffDOM library
we use finds it easier to work out what’s changed when there are fewer
elements/a shallower tree.
2020-07-16 16:47:08 +01:00
Chris Hill-Scott
414e4b5834 Merge pull request #3520 from alphagov/broadcast-user-permissions
Make user permissions make sense for services with the broadcast permission
2020-07-16 14:59:57 +01:00