darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-10 15:13:40 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ddbd4380c997064705ab7a3aeb7bc2ff29930181
notifications-admin/app/main/views/manage_users.py
Chris Hill-Scott 8807028097 Refactor team members into the model 
Follows the pattern we’re using elsewhere of having less logic in the
view methods.
2018-12-03 12:07:58 +00:00

131 lines
4.4 KiB
Python
Raw Blame History

from flask import abort, flash, redirect, render_template, request, url_for
from flask_login import current_user, login_required
from notifications_python_client.errors import HTTPError
from app import (
current_service,
invite_api_client,
service_api_client,
user_api_client,
)
from app.main import main
from app.main.forms import InviteUserForm, PermissionsForm, SearchUsersForm
from app.models.user import permissions
from app.utils import user_has_permissions
@main.route("/services/<service_id>/users")
@login_required
@user_has_permissions()
def manage_users(service_id):
return render_template(
'views/manage-users.html',
users=current_service.team_members,
current_user=current_user,
show_search_box=(len(current_service.team_members) > 7),
form=SearchUsersForm(),
permissions=permissions,
)
@main.route("/services/<service_id>/users/invite", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def invite_user(service_id):
form = InviteUserForm(invalid_email_address=current_user.email_address)
service_has_email_auth = current_service.has_permission('email_auth')
if not service_has_email_auth:
form.login_authentication.data = 'sms_auth'
if form.validate_on_submit():
email_address = form.email_address.data
invited_user = invite_api_client.create_invite(
current_user.id,
service_id,
email_address,
form.permissions,
form.login_authentication.data
)
flash('Invite sent to {}'.format(invited_user.email_address), 'default_with_tick')
return redirect(url_for('.manage_users', service_id=service_id))
return render_template(
'views/invite-user.html',
form=form,
service_has_email_auth=service_has_email_auth
)
@main.route("/services/<service_id>/users/<user_id>", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def edit_user_permissions(service_id, user_id):
service_has_email_auth = current_service.has_permission('email_auth')
# TODO we should probably using the service id here in the get user
# call as well. eg. /user/<user_id>?&service=service_id
user = user_api_client.get_user(user_id)
user_has_no_mobile_number = user.mobile_number is None
form = PermissionsForm.from_user(user, service_id)
if form.validate_on_submit():
user_api_client.set_user_permissions(
user_id, service_id,
permissions=form.permissions,
)
if service_has_email_auth:
user_api_client.update_user_attribute(user_id, auth_type=form.login_authentication.data)
return redirect(url_for('.manage_users', service_id=service_id))
return render_template(
'views/edit-user-permissions.html',
user=user,
form=form,
service_has_email_auth=service_has_email_auth,
user_has_no_mobile_number=user_has_no_mobile_number
)
@main.route("/services/<service_id>/users/<user_id>/delete", methods=['GET', 'POST'])
@login_required
@user_has_permissions('manage_service')
def remove_user_from_service(service_id, user_id):
user = user_api_client.get_user(user_id)
form = PermissionsForm.from_user(user, service_id)
if request.method == 'POST':
try:
service_api_client.remove_user_from_service(service_id, user_id)
except HTTPError as e:
msg = "You cannot remove the only user for a service"
if e.status_code == 400 and msg in e.message:
flash(msg, 'info')
return redirect(url_for(
'.manage_users',
service_id=service_id))
else:
abort(500, e)
return redirect(url_for(
'.manage_users',
service_id=service_id
))
flash('Are you sure you want to remove {}?'.format(user.name), 'remove')
return render_template(
'views/edit-user-permissions.html',
user=user,
form=form
)
@main.route("/services/<service_id>/cancel-invited-user/<invited_user_id>", methods=['GET'])
@user_has_permissions('manage_service')
def cancel_invited_user(service_id, invited_user_id):
invite_api_client.cancel_invited_user(service_id=service_id, invited_user_id=invited_user_id)
return redirect(url_for('main.manage_users', service_id=service_id))
Reference in New Issue View Git Blame Copy Permalink