darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-16 18:22:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

Don’t respect the whitelist for one off sending

Browse Source 
The whitelist was built to help developers and designers making
prototypes to do realistic usability testing of them, without having to
go through the whole go live process.

These users are sending messages using the API. The whitelist wasn’t
made available to users uploading spreadsheets. The users sending one
off messages are similar to those uploading spreadsheets, not those
using the API. Therefore they shouldn’t be able to use the whitelist to
expand the range of recipients they can send to.

Passing the argument through three methods doesn’t feel that great, but
can’t think of a better way without major refactoring…
This commit is contained in:
Chris Hill-Scott
2018-01-17 15:20:04 +00:00
parent 2018660d12
commit 01cf175cb2
5 changed files with 48 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/notifications/validators.py
View File

@@ -67,8 +67,8 @@ def check_template_is_active(template):
message="Template has been deleted")
def service_can_send_to_recipient(send_to, key_type, service):
if not service_allowed_to_send_to(send_to, service, key_type):
def service_can_send_to_recipient(send_to, key_type, service, allow_whitelisted_recipients=True):
if not service_allowed_to_send_to(send_to, service, key_type, allow_whitelisted_recipients):
if key_type == KEY_TYPE_TEAM:
message = 'Cant send to this recipient using a team-only API key'
else:
@@ -97,11 +97,11 @@ def check_service_can_schedule_notification(permissions, scheduled_for):
raise BadRequestError(message="Cannot schedule notifications (this feature is invite-only)")
def validate_and_format_recipient(send_to, key_type, service, notification_type):
def validate_and_format_recipient(send_to, key_type, service, notification_type, allow_whitelisted_recipients=True):
if send_to is None:
raise BadRequestError(message="Recipient can't be empty")
service_can_send_to_recipient(send_to, key_type, service)
service_can_send_to_recipient(send_to, key_type, service, allow_whitelisted_recipients)
if notification_type == SMS_TYPE:
international_phone_info = get_international_phone_info(send_to)