def organisation_invites():
data = current_request.get_json()
organisation_id = data["organisation_id"]
confirm_organisation_admin(organisation_id)
administrators = data.get("administrators", [])
intended_role = data.get("intended_role")
intended_role = "manager" if intended_role not in ["admin", "manager"] else intended_role
message = data.get("message", None)
organisation = Organisation.query.get(organisation_id)
user = User.query.get(current_user_id())
for administrator in administrators:
invitation = OrganisationInvitation(hash=generate_token(), intended_role=intended_role,
message=message, invitee_email=administrator,
organisation=organisation, user=user,
expiry_date=default_expiry_date(json_dict=data),
created_by=user.uid)
invitation = db.session.merge(invitation)
mail_organisation_invitation({
"salutation": "Dear",
"invitation": invitation,
"base_url": current_app.app_config.base_url,
"recipient": administrator
}, organisation, [administrator])
return None, 201
def delete_organisation_invitation(id):
organisation_invitation = _organisation_invitation_query() \
.filter(OrganisationInvitation.id == id) \
.one()
confirm_organisation_admin(organisation_invitation.organisation_id)
return delete(OrganisationInvitation, id)
def delete_organisation_membership(organisation_id, user_id):
if current_user_id() != int(user_id):
confirm_organisation_admin(organisation_id)
memberships = OrganisationMembership.query \
.filter(OrganisationMembership.organisation_id == organisation_id) \
.filter(OrganisationMembership.user_id == user_id) \
.all()
for membership in memberships:
db.session.delete(membership)
return (None, 204) if len(memberships) > 0 else (None, 404)
def do_resend(organisation_invitation_id):
organisation_invitation = _organisation_invitation_query() \
.filter(OrganisationInvitation.id == organisation_invitation_id) \
.one()
confirm_organisation_admin(organisation_invitation.organisation_id)
organisation_invitation.expiry_date = default_expiry_date()
organisation_invitation.created_at = datetime.date.today(),
organisation_invitation = db.session.merge(organisation_invitation)
mail_organisation_invitation({
"salutation": "Dear",
"invitation": organisation_invitation,
"base_url": current_app.app_config.base_url,
"recipient": organisation_invitation.invitee_email
}, organisation_invitation.organisation, [organisation_invitation.invitee_email])
def test_organisation_admin(self):
admin_organisation_membership = OrganisationMembership.query \
.join(OrganisationMembership.organisation) \
.join(OrganisationMembership.user) \
.filter(Organisation.name == uuc_name) \
.filter(User.uid == "urn:mary") \
.one()
self.assertEqual("admin", admin_organisation_membership.role)
with self.app.app_context():
session["user"] = {"uid": "urn:john", "admin": False, "id": admin_organisation_membership.user_id}
request_context.is_authorized_api_call = False
confirm_organisation_admin(admin_organisation_membership.organisation_id)
def update_organisation_membership_role():
client_data = current_request.get_json()
organisation_id = client_data["organisationId"]
user_id = client_data["userId"]
role = client_data["role"]
confirm_organisation_admin(organisation_id)
organisation_membership = OrganisationMembership.query \
.filter(OrganisationMembership.organisation_id == organisation_id) \
.filter(OrganisationMembership.user_id == user_id) \
.one()
organisation_membership.role = role
db.session.merge(organisation_membership)
return organisation_membership, 201
def activate():
body = current_request.get_json()
if "collaboration_id" in body:
confirm_collaboration_admin(body["collaboration_id"], org_manager_allowed=False)
elif "organisation_id" in body:
confirm_organisation_admin(body["organisation_id"])
else:
confirm_write_access()
user = User.query.get(body["user_id"])
user.suspended = False
retention = current_app.app_config.retention
user.last_login_date = datetime.datetime.now() - datetime.timedelta(days=retention.allowed_inactive_period_days)
user.suspend_notifications = []
db.session.merge(user)
create_suspend_notification(user, retention, current_app, True)
return {}, 201
def organisation_invites_preview():
data = current_request.get_json()
message = data.get("message", None)
intended_role = data.get("intended_role", "manager")
organisation = Organisation.query.get(data["organisation_id"])
confirm_organisation_admin(organisation.id)
user = User.query.get(current_user_id())
invitation = munchify({
"user": user,
"organisation": organisation,
"intended_role": intended_role,
"message": message,
"hash": generate_token(),
"expiry_date": default_expiry_date(data)
})
html = mail_organisation_invitation({
"salutation": "Dear",
"invitation": invitation,
"base_url": current_app.app_config.base_url
}, organisation, [], preview=True)
return {"html": html}, 201
def delete_api_key(api_key_id):
organisation_id = ApiKey.query.get(api_key_id).organisation_id
confirm_organisation_admin(organisation_id)
return delete(ApiKey, api_key_id)
def save_api_key():
data = current_request.get_json()
confirm_organisation_admin(data["organisation_id"])
data = hash_secret_key(data)
return save(ApiKey, custom_json=data)