Merge pull request #115 from alphagov/accept-invite

[WIP] Start of api for accepting invite.

app/__init__.py

@@ -48,6 +48,7 @@ def create_app():
     from app.notifications.rest import notifications as notifications_blueprint
     from app.invite.rest import invite as invite_blueprint
     from app.permission.rest import permission as permission_blueprint
+    from app.accept_invite.rest import accept_invite
 
     application.register_blueprint(service_blueprint, url_prefix='/service')
     application.register_blueprint(user_blueprint, url_prefix='/user')
@@ -57,6 +58,7 @@ def create_app():
     application.register_blueprint(job_blueprint)
     application.register_blueprint(invite_blueprint)
     application.register_blueprint(permission_blueprint, url_prefix='/permission')
+    application.register_blueprint(accept_invite, url_prefix='/invite')
 
     return application
 

app/accept_invite/rest.py

@@ -0,0 +1,41 @@
+from flask import (
+    Blueprint,
+    jsonify,
+    current_app
+)
+
+from itsdangerous import SignatureExpired
+
+from utils.url_safe_token import check_token
+
+from app.dao.invited_user_dao import get_invited_user_by_id
+
+from app.errors import register_errors
+from app.schemas import invited_user_schema
+
+
+accept_invite = Blueprint('accept_invite', __name__)
+register_errors(accept_invite)
+
+
+@accept_invite.route('/<token>', methods=['GET'])
+def get_invited_user_by_token(token):
+
+    max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS']
+
+    try:
+        invited_user_id = check_token(token,
+                                      current_app.config['SECRET_KEY'],
+                                      current_app.config['DANGEROUS_SALT'],
+                                      max_age_seconds)
+    except SignatureExpired:
+        message = 'Invitation with id {} expired'.format(invited_user_id)
+        return jsonify(result='error', message=message), 400
+
+    invited_user = get_invited_user_by_id(invited_user_id)
+
+    if not invited_user:
+        message = 'Invited user not found with id: {}'.format(invited_user_id)
+        return jsonify(result='error', message=message), 404
+
+    return jsonify(data=invited_user_schema.dump(invited_user).data), 200

app/dao/invited_user_dao.py

@@ -12,5 +12,9 @@ def get_invited_user(service_id, invited_user_id):
     return InvitedUser.query.filter_by(service_id=service_id, id=invited_user_id).first()
 
 
+def get_invited_user_by_id(invited_user_id):
+    return InvitedUser.query.filter_by(id=invited_user_id).first()
+
+
 def get_invited_users_for_service(service_id):
     return InvitedUser.query.filter_by(service_id=service_id).all()

app/service/rest.py

@@ -19,8 +19,10 @@ from app.dao.services_dao import (
     dao_fetch_all_services,
     dao_create_service,
     dao_update_service,
-    dao_fetch_all_services_by_user
+    dao_fetch_all_services_by_user,
+    dao_add_user_to_service
 )
+
 from app.dao.users_dao import get_model_users
 from app.models import ApiKey
 from app.schemas import (
@@ -155,5 +157,26 @@ def get_users_for_service(service_id):
     return jsonify(data=result.data)
 
 
+@service.route('/<service_id>/users/<user_id>', methods=['POST'])
+def add_user_to_service(service_id, user_id):
+    service = dao_fetch_service_by_id(service_id)
+    if not service:
+        return _service_not_found(service_id)
+    user = get_model_users(user_id=user_id)
+
+    if not user:
+        return jsonify(result='error',
+                       message='User not found for id: {}'.format(user_id)), 404
+
+    if user in service.users:
+        return jsonify(result='error',
+                       message='User id: {} already part of service id: {}'.format(user_id, service_id)), 400
+
+    dao_add_user_to_service(service, user)
+
+    data, errors = service_schema.dump(service)
+    return jsonify(data=data), 201
+
+
 def _service_not_found(service_id):
     return jsonify(result='error', message='Service not found for id: {}'.format(service_id)), 404