This should make the ‘All organisations’ page load a lil’ bit quicker.
Still worth caching the domains separately so the response is smaller
when we only care about domains. This is because the code that uses the
domains is part of the sign up flow, so it’s really important that it’s
snappy.
This allows us to split the page into sections without over-using bold
fonts. And it means that when the user clicks into a service from this
page the column layout stays the same 1/4 – 3/4, rather than jumping
about so much.
In reality we shouldn’t have any live services that don’t have an
organisation. But we probably do locally, in preview, etc., and we
shouldn’t lose a way of accessing them.
We think users fall into three buckets:
Has access to a few live services, no organisations
--
In this case they user will just see the list of live services they have
access to – pretty straightforward.
Has access to all live services, plus the organisation
--
Conceptually the live services are part of the organisation, whereas the
trial mode ones aren’t. So it makes sense to go through the organisation
to see the live services. If we listed the live services on the choose
service page then we’d be confusingly duplicating them on the
organisation page.
Has access to the organisation, but no services
--
The user doesn’t have direct access to their organisation’s services, so
they need to go to via the organisation page to change service.
For both of the latter we’ll be providing a quick breadcrumb route back
into the organisation, so most of the time they won’t need to use the
choose service page at all.
At the moment the service list doesn’t disambiguate between live and
trial mode services. This makes it hard to tell which of the things are
important and which aren’t.
The first step towards making this page clearer is to list trial mode
services separately.
It’s annoying having to go through the slow-to-load platform admin index
page to get to organisations. And it makes more sense for them to be
in the same place as other organisations and services that you can see.
Changed this yesterday. Changing it again now because I think it’s
confusing.
There’s really no going ‘back’ once you’ve sent a message – you can’t
undo it. If you want to get back to the template you used, well, that
link is in the page.
This commit changes the back link logic so it only appears when you’ve
navigated to a notification, not when you’ve just sent it.
The API needs the id of the user, not the id of the invite.
The problem with the tests is that the update mock returned a different
user ID than the user it was being passed. So the tests didn’t catch
this.
This fixes the bug where if you have three placeholders:
> ((one)) ((two)) ((three))
The first one you are asked to fill in is `((three))` (ie
`template.placeholders[-1]`).
This reintroduces a bug where if you use the ‘Use my phone number’ link
you skip straight to filling in `((two))` and can never proceed because
you’re never given the chance to fill in `((one))`. This commit also
fixes that bug.
If the user wants to go back from here they need to be sent back to the
start of entering the placeholders, because we won’t have their previous
personalisation in the session still
I think the back link on this page was introduced by accident. But it’s
good to still have it on this page, because it keeps consistency with
the previous pages.
Users can only be archived by Platform Admin from the user page
(/users/<user_id>). This removes them from all services and orgs and
updates their details.
The ‘make this default’ checkbox should be shown, except when:
- the user is adding their first email reply to address (because the
first one has to be the default)
- they’re editing the existing default (because they can’t change it
to be not default)
the api always returns exactly:
```
id
name
email_address
auth_type
current_session_id
failed_login_count
logged_in_at
mobile_number
organisations
password_changed_at
permissions
platform_admin
services
state
```
it does this through `models.py::User.serialize` – there is an old
Marshmallow `user_schema` in `schemas.py` but this isn’t used for
dumping return data, only parsing the json in the create user rest
endpoint.
This means we can rely on these keys always being in the dictionary.
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
When a user deletes their service we take them to the ‘Choose service’
page. Like other non-service-specific pages this has a link to the last
service you were looking at. But in this specific case the last service
you were looking at is the one you’ve just deleted. Which means the link
is confusing because:
- you thought the thing was ‘gone’
- we’ve secretly renamed it to ‘_archived Example service name’
So this commit hides the link in this specific case.
At the moment we have a blanket rule that users can’t archive their own
services, to prevent someone accidentally deleting a real live service,
because that would be Very Bad.
But the tickets we get from users asking us to delete services are for
services they set up when they were just trying out Notify. There’s not
much harm in letting users delete these services, the consequences of
doing so are much lower than those of deleting a live service. And it
should mean fewer support tickets for us to deal with.
At the moment the only setting that a normal organisation team member
can change is the name of the organisation is its name. And we don’t
even want them to be able to change this. So this commit hides the
settings page entirely for non-platform-admin users.
If a domain is already in our organisation list then we no longer need
to manually update it here. As part of this process I went and
proactively added some organisations, so I could remove more of them
from this file. I only did this where I could clearly determine from the
domain or a suppot ticket what the organisation was.
The domains lookup is a bit slow because it’s serialising all the
organisations in the database. Since we’re putting this in the sign up
flow it should feel snappy, so lets cache just the domain bit of it in
Redis.
At the moment we have to update a YAML file and deploy the change to get
a new domain whitelisted.
We already have a thing for adding new domains – the organisation stuff.
This commit extends the validation to look in the `domains` table on the
API if it can’t find anything in the YAML whitelist.
This has the advantage of:
- not having to deploy code to whitelist a new domain
- forcing us to create new organisations as they come along, so that
users’ services automatically get allocated to the organisation once
their domain is whitelisted
first way round and then collected placeholders again. Now the flow
collects all placeholders in one round.
Also fix the back link for step-1 for test flow so it goes back
to choosing recipient number
Also move operators around following flake8's advice :)
