mirror of
https://github.com/GSA/notifications-api.git
synced 2026-02-05 18:52:50 -05:00
Getting permission types configured.
Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
This commit is contained in:
Cliff Hill
@@ -1,7 +1,8 @@
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from app import db
|
||||
from app.models import INVITE_EXPIRED, INVITE_PENDING, InvitedUser
|
||||
from app.enums import InvitedUserStatusType
|
||||
from app.models import InvitedUser
|
||||
|
||||
|
||||
def save_invited_user(invited_user):
|
||||
@@ -20,7 +21,7 @@ def get_expired_invite_by_service_and_id(service_id, invited_user_id):
|
||||
return InvitedUser.query.filter(
|
||||
InvitedUser.service_id == service_id,
|
||||
InvitedUser.id == invited_user_id,
|
||||
InvitedUser.status == INVITE_EXPIRED,
|
||||
InvitedUser.status == InvitedUserStatusType.EXPIRED,
|
||||
).one()
|
||||
|
||||
|
||||
@@ -41,9 +42,9 @@ def expire_invitations_created_more_than_two_days_ago():
|
||||
db.session.query(InvitedUser)
|
||||
.filter(
|
||||
InvitedUser.created_at <= datetime.utcnow() - timedelta(days=2),
|
||||
InvitedUser.status.in_((INVITE_PENDING,)),
|
||||
InvitedUser.status.in_((InvitedUserStatusType.PENDING,)),
|
||||
)
|
||||
.update({InvitedUser.status: INVITE_EXPIRED})
|
||||
.update({InvitedUser.status: InvitedUserStatusType.EXPIRED})
|
||||
)
|
||||
db.session.commit()
|
||||
return expired
|
||||
|
||||
@@ -1,26 +1,7 @@
|
||||
from app import db
|
||||
from app.dao import DAOClass
|
||||
from app.models import (
|
||||
MANAGE_API_KEYS,
|
||||
MANAGE_SETTINGS,
|
||||
MANAGE_TEMPLATES,
|
||||
MANAGE_USERS,
|
||||
SEND_EMAILS,
|
||||
SEND_TEXTS,
|
||||
VIEW_ACTIVITY,
|
||||
Permission,
|
||||
)
|
||||
|
||||
# Default permissions for a service
|
||||
default_service_permissions = [
|
||||
MANAGE_USERS,
|
||||
MANAGE_TEMPLATES,
|
||||
MANAGE_SETTINGS,
|
||||
SEND_TEXTS,
|
||||
SEND_EMAILS,
|
||||
MANAGE_API_KEYS,
|
||||
VIEW_ACTIVITY,
|
||||
]
|
||||
from app.enums import PermissionType
|
||||
from app.models import Permission
|
||||
|
||||
|
||||
class PermissionDAO(DAOClass):
|
||||
@@ -28,7 +9,7 @@ class PermissionDAO(DAOClass):
|
||||
model = Permission
|
||||
|
||||
def add_default_service_permissions_for_user(self, user, service):
|
||||
for name in default_service_permissions:
|
||||
for name in PermissionType.defaults:
|
||||
permission = Permission(permission=name, user=user, service=service)
|
||||
self.create_instance(permission, _commit=False)
|
||||
|
||||
|
||||
@@ -43,12 +43,6 @@ from app.utils import (
|
||||
get_midnight_in_utc,
|
||||
)
|
||||
|
||||
DEFAULT_SERVICE_PERMISSIONS = [
|
||||
ServicePermissionType.SMS,
|
||||
ServicePermissionType.EMAIL,
|
||||
ServicePermissionType.INTERNATIONAL_SMS,
|
||||
]
|
||||
|
||||
|
||||
def dao_fetch_all_services(only_active=False):
|
||||
query = Service.query.order_by(asc(Service.created_at)).options(joinedload("users"))
|
||||
@@ -278,7 +272,7 @@ def dao_create_service(
|
||||
raise ValueError("Can't create a service without a user")
|
||||
|
||||
if service_permissions is None:
|
||||
service_permissions = DEFAULT_SERVICE_PERMISSIONS
|
||||
service_permissions = ServicePermissionType.defaults
|
||||
|
||||
organization = dao_get_organization_by_email_address(user.email_address)
|
||||
|
||||
|
||||
58
app/enums.py
58
app/enums.py
@@ -13,6 +13,12 @@ class NotificationType(Enum):
|
||||
LETTER = "letter"
|
||||
|
||||
|
||||
class TemplateProcessType(Enum):
|
||||
# TODO: Should Template.process_type be changed to use this?
|
||||
NORMAL = "normal"
|
||||
PRIORITY = "priority"
|
||||
|
||||
|
||||
class UserAuthType(Enum):
|
||||
SMS = "sms_auth"
|
||||
EMAIL = "email_auth"
|
||||
@@ -20,11 +26,33 @@ class UserAuthType(Enum):
|
||||
|
||||
|
||||
class ServiceCallbackType(Enum):
|
||||
# TODO: Should ServiceCallbackApi.callback_type be changed to use this?
|
||||
DELIVERY_STATUS = "delivery_status"
|
||||
COMPLAINT = "complaint"
|
||||
|
||||
|
||||
class PermissionType(Enum):
|
||||
MANAGE_USERS = "manage_users"
|
||||
MANAGE_TEMPLATES = "manage_templates"
|
||||
MANAGE_SETTINGS = "manage_settings"
|
||||
SEND_TEXTS = "send_texts"
|
||||
SEND_EMAILS = "send_emails"
|
||||
MANAGE_API_KEYS = "manage_api_keys"
|
||||
PLATFORM_ADMIN = "platform_admin"
|
||||
VIEW_ACTIVITY = "view_activity"
|
||||
|
||||
@property
|
||||
def defaults(self) -> tuple["PermissionType", ...]:
|
||||
cls = type(self)
|
||||
return (
|
||||
cls.MANAGE_USERS,
|
||||
cls.MANAGE_TEMPLATES,
|
||||
cls.MANAGE_SETTINGS,
|
||||
cls.SEND_TEXTS,
|
||||
cls.SEND_EMAILS,
|
||||
cls.MANAGE_API_KEYS,
|
||||
cls.VIEW_ACTIVITY,
|
||||
)
|
||||
|
||||
class ServicePermissionType(Enum):
|
||||
EMAIL = "email"
|
||||
SMS = "sms"
|
||||
@@ -35,6 +63,14 @@ class ServicePermissionType(Enum):
|
||||
UPLOAD_DOCUMENT = "upload_document"
|
||||
EDIT_FOLDER_PERMISSIONS = "edit_folder_permissions"
|
||||
|
||||
@property
|
||||
def defaults(self) -> tuple["ServicePermissionType", ...]:
|
||||
cls = type(self)
|
||||
return (
|
||||
cls.SMS,
|
||||
cls.EMAIL,
|
||||
cls.INTERNATIONAL_SMS,
|
||||
)
|
||||
|
||||
class GuestListRecipientType(Enum):
|
||||
MOBILE = "mobile"
|
||||
@@ -59,6 +95,26 @@ class JobStatusType(Enum):
|
||||
ERROR = "error"
|
||||
|
||||
|
||||
class InvitedUserStatusType(Enum):
|
||||
PENDING = "pending"
|
||||
ACCEPTED = "accepted"
|
||||
CANCELLED = "cancelled"
|
||||
EXPIRED = "expired"
|
||||
|
||||
|
||||
class BrandingType(Enum):
|
||||
# TODO: Should EmailBranding.branding_type be changed to use this?
|
||||
GOVUK = "govuk" # Deprecated outside migrations
|
||||
ORG = "org"
|
||||
BOTH = "both"
|
||||
ORG_BANNER = "org_banner"
|
||||
|
||||
|
||||
class VerifyCodeType(Enum):
|
||||
EMAIL = "email"
|
||||
SMS = "sms"
|
||||
|
||||
|
||||
class AgreementType(Enum):
|
||||
MOU = "MOU"
|
||||
IAA = "IAA"
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import datetime
|
||||
import itertools
|
||||
import uuid
|
||||
from enum import Enum
|
||||
|
||||
from flask import current_app, url_for
|
||||
from notifications_utils.clients.encryption.encryption_client import EncryptionError
|
||||
@@ -21,12 +20,16 @@ from sqlalchemy.orm import validates
|
||||
from sqlalchemy.orm.collections import attribute_mapped_collection
|
||||
|
||||
from app import db, encryption
|
||||
from app.enums import ( # JobStatusType,; KeyType,; ServicePermissionType,; UserAuthType,
|
||||
from app.enums import ( # JobStatusType,; KeyType,; UserAuthType,; TemplateProcessType,
|
||||
AgreementStatus,
|
||||
AgreementType,
|
||||
GuestListRecipientType,
|
||||
InvitedUserStatusType,
|
||||
NotificationType,
|
||||
PermissionType,
|
||||
ServicePermissionType,
|
||||
TemplateType,
|
||||
VerifyCodeType,
|
||||
)
|
||||
from app.hashing import check_hash, hashpw
|
||||
from app.history_meta import Versioned
|
||||
@@ -36,17 +39,12 @@ from app.utils import (
|
||||
get_dt_string_or_none,
|
||||
)
|
||||
|
||||
# TODO: Change this
|
||||
NORMAL = "normal"
|
||||
PRIORITY = "priority"
|
||||
TEMPLATE_PROCESS_TYPE = [NORMAL, PRIORITY]
|
||||
|
||||
|
||||
class TemplateProcessType(Enum):
|
||||
# TODO: Should Template.process_type be changed to use this?
|
||||
NORMAL = "normal"
|
||||
PRIORITY = "priority"
|
||||
|
||||
|
||||
# TODO: Change this
|
||||
SMS_AUTH_TYPE = "sms_auth"
|
||||
EMAIL_AUTH_TYPE = "email_auth"
|
||||
@@ -282,14 +280,6 @@ BRANDING_ORG_BANNER = "org_banner"
|
||||
BRANDING_TYPES = [BRANDING_ORG, BRANDING_BOTH, BRANDING_ORG_BANNER]
|
||||
|
||||
|
||||
class BrandingType(Enum):
|
||||
# TODO: Should EmailBranding.branding_type be changed to use this?
|
||||
GOVUK = "govuk" # Deprecated outside migrations
|
||||
ORG = "org"
|
||||
BOTH = "both"
|
||||
ORG_BANNER = "org_banner"
|
||||
|
||||
|
||||
class BrandingTypes(db.Model):
|
||||
__tablename__ = "branding_type"
|
||||
name = db.Column(db.String(255), primary_key=True)
|
||||
@@ -343,13 +333,6 @@ service_email_branding = db.Table(
|
||||
)
|
||||
|
||||
|
||||
# TODO: This need to be changed
|
||||
class ServicePermissionTypes(db.Model):
|
||||
__tablename__ = "service_permission_types"
|
||||
|
||||
name = db.Column(db.String(255), primary_key=True)
|
||||
|
||||
|
||||
class Domain(db.Model):
|
||||
__tablename__ = "domain"
|
||||
domain = db.Column(db.String(255), primary_key=True)
|
||||
@@ -766,12 +749,12 @@ class ServicePermission(db.Model):
|
||||
index=True,
|
||||
nullable=False,
|
||||
)
|
||||
permission = db.Column(
|
||||
db.String(255),
|
||||
db.ForeignKey("service_permission_types.name"),
|
||||
permission = db.Enum(
|
||||
PermissionType,
|
||||
name="permission_type",
|
||||
index=True,
|
||||
primary_key=True,
|
||||
nullable=False,
|
||||
nullable=False
|
||||
)
|
||||
created_at = db.Column(
|
||||
db.DateTime, default=datetime.datetime.utcnow, nullable=False
|
||||
@@ -1398,11 +1381,6 @@ class Job(db.Model):
|
||||
archived = db.Column(db.Boolean, nullable=False, default=False)
|
||||
|
||||
|
||||
class VerifyCodeType(Enum):
|
||||
EMAIL = "email"
|
||||
SMS = "sms"
|
||||
|
||||
|
||||
class VerifyCode(db.Model):
|
||||
__tablename__ = "verify_codes"
|
||||
|
||||
@@ -1924,25 +1902,6 @@ class NotificationHistory(db.Model, HistoryModel):
|
||||
self.status = original.status
|
||||
|
||||
|
||||
INVITE_PENDING = "pending"
|
||||
INVITE_ACCEPTED = "accepted"
|
||||
INVITE_CANCELLED = "cancelled"
|
||||
INVITE_EXPIRED = "expired"
|
||||
INVITED_USER_STATUS_TYPES = [
|
||||
INVITE_PENDING,
|
||||
INVITE_ACCEPTED,
|
||||
INVITE_CANCELLED,
|
||||
INVITE_EXPIRED,
|
||||
]
|
||||
# TODO: Change these
|
||||
|
||||
|
||||
class InviteStatusType(db.Model):
|
||||
__tablename__ = "invite_status_type"
|
||||
|
||||
name = db.Column(db.String, primary_key=True)
|
||||
|
||||
|
||||
class InvitedUser(db.Model):
|
||||
__tablename__ = "invited_users"
|
||||
|
||||
@@ -1964,9 +1923,9 @@ class InvitedUser(db.Model):
|
||||
default=datetime.datetime.utcnow,
|
||||
)
|
||||
status = db.Column(
|
||||
db.Enum(*INVITED_USER_STATUS_TYPES, name="invited_users_status_types"),
|
||||
db.Enum(InvitedUserStatusType, name="invited_users_status_types"),
|
||||
nullable=False,
|
||||
default=INVITE_PENDING,
|
||||
default=InvitedUserStatusType.PENDING,
|
||||
)
|
||||
permissions = db.Column(db.String, nullable=False)
|
||||
auth_type = db.Column(
|
||||
@@ -2002,10 +1961,9 @@ class InvitedOrganizationUser(db.Model):
|
||||
)
|
||||
|
||||
status = db.Column(
|
||||
db.String,
|
||||
db.ForeignKey("invite_status_type.name"),
|
||||
db.Enum(InvitedUserStatusType, name="invited_users_status_types"),
|
||||
nullable=False,
|
||||
default=INVITE_PENDING,
|
||||
default=InvitedUserStatusType.PENDING,
|
||||
)
|
||||
|
||||
def serialize(self):
|
||||
@@ -2019,30 +1977,6 @@ class InvitedOrganizationUser(db.Model):
|
||||
}
|
||||
|
||||
|
||||
# Service Permissions
|
||||
MANAGE_USERS = "manage_users"
|
||||
MANAGE_TEMPLATES = "manage_templates"
|
||||
MANAGE_SETTINGS = "manage_settings"
|
||||
SEND_TEXTS = "send_texts"
|
||||
SEND_EMAILS = "send_emails"
|
||||
MANAGE_API_KEYS = "manage_api_keys"
|
||||
PLATFORM_ADMIN = "platform_admin"
|
||||
VIEW_ACTIVITY = "view_activity"
|
||||
|
||||
# List of permissions
|
||||
PERMISSION_LIST = [
|
||||
MANAGE_USERS,
|
||||
MANAGE_TEMPLATES,
|
||||
MANAGE_SETTINGS,
|
||||
SEND_TEXTS,
|
||||
SEND_EMAILS,
|
||||
MANAGE_API_KEYS,
|
||||
PLATFORM_ADMIN,
|
||||
VIEW_ACTIVITY,
|
||||
]
|
||||
# TODO: Change These
|
||||
|
||||
|
||||
class Permission(db.Model):
|
||||
__tablename__ = "permissions"
|
||||
|
||||
@@ -2061,7 +1995,7 @@ class Permission(db.Model):
|
||||
)
|
||||
user = db.relationship("User")
|
||||
permission = db.Column(
|
||||
db.Enum(*PERMISSION_LIST, name="permission_types"),
|
||||
db.Enum(ServicePermissionType, name="permission_types"),
|
||||
index=False,
|
||||
unique=False,
|
||||
nullable=False,
|
||||
|
||||
Reference in New Issue
Block a user