def publish_answer(current_user, brief_id, data): brief = briefs.get(brief_id) if not brief: raise NotFoundError("Invalid brief id '{}'".format(brief_id)) if not briefs.has_permission_to_brief(current_user.id, brief.id): raise UnauthorisedError('Unauthorised to publish answer') publish_question = data.get('question') if not publish_question: raise ValidationError('Question is required') answer = data.get('answer') if not answer: raise ValidationError('Answer is required') brief_clarification_question = brief_clarification_question_service.save( BriefClarificationQuestion(_brief_id=brief.id, question=publish_question, answer=answer, user_id=current_user.id)) question_id = data.get('questionId') if question_id: question = brief_question_service.get(question_id) if question.brief_id == brief.id: question.answered = True brief_question_service.save(question) audit_service.log_audit_event( audit_type=audit_types.create_brief_clarification_question, user=current_user.email_address, data={'briefId': brief.id}, db_object=brief_clarification_question)
def update_team(team_id, data): team = team_service.get_team_for_update(team_id) if not team: raise NotFoundError('Team {} does not exist'.format(team_id)) if len([tm for tm in team.team_members if tm.user_id == current_user.id and tm.is_team_lead is True]) == 0: raise UnauthorisedError('Only team leads can edit a team') update_team_information(team, data) result = update_team_leads_and_members(team, data) update_permissions(team, data) create_team = data.get('createTeam', False) saved = False if create_team: validation_result = TeamValidator(team, current_user).validate_all() if len([e for e in validation_result.errors]) > 0: raise ValidationError([e for e in validation_result.errors]) team.status = 'completed' team_service.save(team) saved = True send_team_lead_notification_emails(team_id) send_team_member_notification_emails(team_id) elif team.status == 'completed': validation_result = TeamValidator(team, current_user).validate_all() if len([e for e in validation_result.errors]) > 0: raise ValidationError([e for e in validation_result.errors]) team_service.save(team) saved = True new_team_leads = result.get('new_team_leads', []) new_team_members = result.get('new_team_members', []) removed_team_members = result.get('removed_team_members', []) if len(new_team_leads) > 0: send_team_lead_notification_emails(team_id, new_team_leads) if len(new_team_members) > 0: send_team_member_notification_emails(team_id, new_team_members) if len(removed_team_members) > 0: send_removed_team_member_notification_emails(team_id, removed_team_members) elif team.status == 'created': validation_result = TeamValidator(team, current_user).validate_all() team_member_errors = [e for e in validation_result.errors if str(e.get('id')).startswith('TM')] if team_member_errors: raise ValidationError(team_member_errors) team_service.save(team) if saved: publish_tasks.team.delay( publish_tasks.compress_team(team), 'updated' ) return get_team(team_id)
def request_access(data): if data.get('permission') not in permission_types: raise ValidationError('Invalid permission') permission = str(data.get('permission')) permission_text = ('publish and edit live opportunities' if permission == 'publish_opportunities' else permission.replace( '_', ' ')) send_request_access_email(permission_text)
def update_supplier(data, user_info): supplier_code = user_info.get('supplier_code') email_address = user_info.get('email_address') supplier = suppliers.find(code=supplier_code).one_or_none() mandatory_supplier_checks(supplier) whitelist_fields = ['representative', 'email', 'phone'] for wf in whitelist_fields: if wf not in data.get('data'): raise ValidationError('{} is not recognised'.format(wf)) if 'email' in data.get('data'): email = data['data']['email'] data['data']['email'] = email.encode('utf-8').lower() supplier.update_from_json(data.get('data')) messages = SupplierValidator(supplier).validate_representative( 'representative') if len([m for m in messages if m.get('severity', '') == 'error']) > 0: raise ValidationError(',\n'.join([ m.get('message') for m in messages if m.get('severity', '') == 'error' ])) suppliers.save(supplier) publish_tasks.supplier.delay(publish_tasks.compress_supplier(supplier), 'updated', updated_by=email_address) audit_service.log_audit_event(audit_type=audit_types.update_supplier, user=email_address, data={ 'supplierCode': supplier.code, 'supplierData': supplier.data }, db_object=supplier) process_auth_rep_email(supplier, data, user_info)
def withdraw_opportunity(user_id, brief_id, withdrawal_reason): brief = brief_service.get(brief_id) if not brief: raise NotFoundError('Opportunity {} does not exist'.format(brief_id)) if not brief_service.has_permission_to_brief(user_id, brief_id): raise UnauthorisedError( 'Not authorised to withdraw opportunity {}'.format(brief_id)) if brief.status != 'live': raise BriefError('Unable to withdraw opportunity {}'.format(brief_id)) if not withdrawal_reason: raise ValidationError( 'Withdrawal reason is required for opportunity {}'.format( brief_id)) user = users.get(user_id) if not user: raise NotFoundError('User {} does not exist'.format(user_id)) brief = brief_service.withdraw_opportunity(brief, withdrawal_reason) organisation = agency_service.get_agency_name(user.agency_id) sellers_to_contact = brief_service.get_sellers_to_notify( brief, brief_business.is_open_to_all(brief)) for email_address in sellers_to_contact: send_opportunity_withdrawn_email_to_seller(brief, email_address, organisation) send_opportunity_withdrawn_email_to_buyers(brief, user) try: audit_service.log_audit_event( audit_type=audit_types.withdraw_opportunity, data={'briefId': brief.id}, db_object=brief, user=user.email_address) publish_tasks.brief.delay(publish_tasks.compress_brief(brief), 'withdrawn', email_address=user.email_address, name=user.name) except Exception as e: rollbar.report_exc_info() return brief
def request_to_join(user_email_address, team_id, agency_id): team = team_service.get_team(team_id) if not team: raise NotFoundError('Team {} does not exist'.format(team_id)) if not get_teams_by_agency(agency_id, team_id): raise UnauthorisedError('Can not request to join this team') claim = user_claims_service.make_claim(type='join_team', email_address=user_email_address, data={ "team_id": team_id, "team_name": team['name'], "agency_id": agency_id, "user_id": current_user.id, "user_name": current_user.name, "approved": False }) if not claim: raise ValidationError('Could not create join team request') send_request_to_join_team_leaders_email(team_id, claim.token) send_request_to_join_requester_email(user_email_address, team_id)
def accept_agreement(user_info): supplier_code = user_info.get('supplier_code') email_address = user_info.get('email_address') user_id = user_info.get('user_id') supplier = suppliers.get_supplier_by_code(supplier_code) mandatory_supplier_checks(supplier) if email_address != supplier.data.get('email'): raise UnauthorisedError('Unauthorised to accept agreement') agreement = get_current_agreement() if agreement is None: raise NotFoundError('Current master agreement not found') already_signed = signed_agreement_service.first( agreement_id=agreement.id, supplier_code=supplier_code) if already_signed: raise ValidationError('Already signed agreement') signed_agreement = SignedAgreement( agreement_id=agreement.id, user_id=user_id, signed_at=pendulum.now('Australia/Canberra'), supplier_code=supplier_code) signed_agreement_service.save(signed_agreement) publish_tasks.supplier.delay(publish_tasks.compress_supplier(supplier), 'accepted_agreement', updated_by=email_address) audit_service.log_audit_event( audit_type=audit_types.accepted_master_agreement, user=email_address, data={ 'supplierCode': supplier.code, 'supplierData': supplier.data }, db_object=supplier)
def request_access(data): if data.get('permission') not in permission_types: raise ValidationError('Invalid permission') permission = str(data.get('permission')).replace('_', ' ') send_request_access_email(permission)