Files
notifications-admin/app/main/views/add_service.py
Katie Smith bbc7b173f0 Ensure non-gov invited users get added to services
We were adding invited users to services in the `main.add_service` view
function as the last step in the process of inviting users. Since this
view function is decorated with `@user_is_gov_user`, invited users with
non-governmental email addresses would never reach this point and would
be able to register an account but would not get linked to a service.

To fix this, we now add the invited user to the service at the point at
which the user gets activated and also ensure that non-gov users don't
get redirected to a page which they don't have permission to view.
2019-01-22 09:52:55 +00:00

82 lines
3.0 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
from flask import current_app, redirect, render_template, session, url_for
from flask_login import login_required
from notifications_python_client.errors import HTTPError
from app import billing_api_client, email_branding_client, service_api_client
from app.main import main
from app.main.forms import CreateServiceForm
from app.utils import AgreementInfo, email_safe, user_is_gov_user
def _create_service(service_name, organisation_type, email_from, form):
free_sms_fragment_limit = current_app.config['DEFAULT_FREE_SMS_FRAGMENT_LIMITS'].get(organisation_type)
email_branding = email_branding_client.get_email_branding_id_for_domain(
'nhs.uk' if organisation_type == 'nhs' else
AgreementInfo.from_current_user().canonical_domain
)
try:
service_id = service_api_client.create_service(
service_name=service_name,
organisation_type=organisation_type,
message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
restricted=True,
user_id=session['user_id'],
email_from=email_from,
)
session['service_id'] = service_id
if email_branding:
service_api_client.update_service(service_id, email_branding=email_branding)
billing_api_client.create_or_update_free_sms_fragment_limit(service_id, free_sms_fragment_limit)
return service_id, None
except HTTPError as e:
if e.status_code == 400 and e.message['name']:
form.name.errors.append("This service name is already in use")
return None, e
else:
raise e
def _create_example_template(service_id):
example_sms_template = service_api_client.create_service_template(
'Example text message template',
'sms',
'Hey ((name)), Im trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
service_id,
)
return example_sms_template
@main.route("/add-service", methods=['GET', 'POST'])
@login_required
@user_is_gov_user
def add_service():
form = CreateServiceForm()
heading = 'About your service'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_name = form.name.data
service_id, error = _create_service(service_name, form.organisation_type.data, email_from, form)
if error:
return render_template('views/add-service.html', form=form, heading=heading)
if len(service_api_client.get_active_services({'user_id': session['user_id']}).get('data', [])) > 1:
return redirect(url_for('main.service_dashboard', service_id=service_id))
example_sms_template = _create_example_template(service_id)
return redirect(url_for(
'main.start_tour',
service_id=service_id,
template_id=example_sms_template['data']['id'],
))
else:
return render_template(
'views/add-service.html',
form=form,
heading=heading
)