def post(self):
post_data = request.get_json()
email = post_data.get('email', '')
email = email.lower() if email else ''
tier = post_data.get('tier')
organisation_id = post_data.get('organisation_id', None)
if not (email and tier):
response_object = {'message': 'No email or tier provided'}
return make_response(jsonify(response_object)), 400
if not AccessControl.has_sufficient_tier(g.user.roles, 'ADMIN', tier):
return make_response(
jsonify({
'message':
f'User does not have permission to invite {tier}'
})), 400
if organisation_id and not AccessControl.has_sufficient_tier(
g.user.roles, 'ADMIN', 'sempoadmin'):
response_object = {
'message': 'Not Authorised to set organisation ID'
}
return make_response(jsonify(response_object)), 401
target_organisation_id = organisation_id or g.active_organisation.id
if not target_organisation_id:
response_object = {
'message': 'Must provide an organisation to bind user to'
}
return make_response(jsonify(response_object)), 400
organisation = Organisation.query.get(target_organisation_id)
if not organisation:
response_object = {'message': 'Organisation Not Found'}
return make_response(jsonify(response_object)), 404
email_exists = EmailWhitelist.query.filter(
func.lower(EmailWhitelist.email) == email).first()
if email_exists:
response_object = {'message': 'Email already on whitelist.'}
return make_response(jsonify(response_object)), 400
invite = EmailWhitelist(email=email,
tier=tier,
organisation_id=target_organisation_id)
db.session.add(invite)
send_invite_email(invite, organisation)
db.session.commit()
response_object = {
'message': 'An invite has been sent!',
}
return make_response(jsonify(attach_host(response_object))), 201
def post(self):
post_data = request.get_json()
email = post_data.get('email')
tier = post_data.get('tier')
email_exists = EmailWhitelist.query.filter_by(email=email).first()
if email_exists:
response_object = {'message': 'Email already on whitelist.'}
return make_response(jsonify(response_object)), 400
if not (email or tier):
response_object = {'message': 'No email or tier provided'}
return make_response(jsonify(response_object)), 400
user = EmailWhitelist(email=email, tier=tier)
db.session.add(user)
db.session.commit()
send_invite_email(email)
responseObject = {
'message': 'An invite has been sent!',
}
return make_response(jsonify(responseObject)), 200
def put(self):
put_data = request.get_json()
user_id = put_data.get('user_id')
admin_tier = put_data.get('admin_tier')
deactivated = put_data.get('deactivated', None)
invite_id = put_data.get('invite_id')
resend = put_data.get('resend', False)
if resend:
invite = EmailWhitelist.query.get(invite_id)
if not invite:
return make_response(jsonify({'message': 'Invite not found'})), 404
organisation = Organisation.query.get(invite.organisation_id)
if not organisation:
response_object = {'message': 'Organisation Not Found'}
return make_response(jsonify(response_object)), 404
invite.set_referral_code()
invite.sent += 1
db.session.flush()
send_invite_email(invite, organisation)
return make_response(jsonify({'message': 'An invite has been re-sent!'})), 200
else:
if not user_id:
return make_response(jsonify({'message': 'User ID not provided'})), 400
user = User.query.get(user_id)
if not user:
response_object = {
'status': 'fail',
'message': 'User not found'
}
return make_response(jsonify(response_object)), 404
if admin_tier:
user.set_held_role('ADMIN',admin_tier)
if deactivated is not None:
user.is_disabled = deactivated
response_object = {
'message': 'Account status modified',
'data': {
'admin': {
'id': user.id,
'email': user.email,
'admin_tier': user.admin_tier,
'created': user.created,
'is_activated': user.is_activated,
'is_disabled': user.is_disabled
}
}
}
return make_response(jsonify(response_object)), 200
def post(self):
post_data = request.get_json()
email = post_data.get('email', '')
email = email.lower() if email else ''
tier = post_data.get('tier')
organisation_id = post_data.get('organisation_id', None)
if not (email and tier):
response_object = {'message': 'No email or tier provided'}
return make_response(jsonify(response_object)), 400
if not AccessControl.has_sufficient_tier(g.user.roles, 'ADMIN', tier):
return make_response(jsonify({'message': f'User does not have permission to invite {tier}'})), 400
if organisation_id and not AccessControl.has_sufficient_tier(g.user.roles, 'ADMIN', 'sempoadmin'):
response_object = {'message': 'Not Authorised to set organisation ID'}
return make_response(jsonify(response_object)), 401
target_organisation_id = organisation_id or g.active_organisation.id
if not target_organisation_id:
response_object = {'message': 'Must provide an organisation to bind user to'}
return make_response(jsonify(response_object)), 400
organisation = Organisation.query.get(target_organisation_id)
if not organisation:
response_object = {'message': 'Organisation Not Found'}
return make_response(jsonify(response_object)), 404
email_exists_for_org = EmailWhitelist.query.filter(func.lower(EmailWhitelist.email)==email).first()
if email_exists_for_org:
response_object = {'message': 'Email already on organisation whitelist.'}
return make_response(jsonify(response_object)), 400
email_exists = EmailWhitelist.query.filter(func.lower(EmailWhitelist.email)==email)\
.execution_options(show_all=True).first()
if email_exists and not email_exists.used:
response_object = {'message': 'Email already on another organisation whitelist. '
'Please ask user to create an account first. '
'Contact support if issue persists.'}
return make_response(jsonify(response_object)), 400
user = User.query.filter(func.lower(User.email)==email).execution_options(show_all=True).first()
if user:
user.add_user_to_organisation(organisation, is_admin=True)
send_invite_email_to_existing_user(organisation, user.email)
db.session.commit()
response_object = {
'message': 'An invite has been sent to an existing user!',
}
return make_response(jsonify(attach_host(response_object))), 201
invite = EmailWhitelist(email=email,
tier=tier,
organisation_id=target_organisation_id)
db.session.add(invite)
send_invite_email(invite, organisation)
db.session.commit()
response_object = {
'message': 'An invite has been sent!',
}
return make_response(jsonify(attach_host(response_object))), 201