def publish_answer(current_user, brief_id, data):
brief = briefs.get(brief_id)
if not brief:
raise NotFoundError("Invalid brief id '{}'".format(brief_id))
if not briefs.has_permission_to_brief(current_user.id, brief.id):
raise UnauthorisedError('Unauthorised to publish answer')
publish_question = data.get('question')
if not publish_question:
raise ValidationError('Question is required')
answer = data.get('answer')
if not answer:
raise ValidationError('Answer is required')
brief_clarification_question = brief_clarification_question_service.save(
BriefClarificationQuestion(_brief_id=brief.id,
question=publish_question,
answer=answer,
user_id=current_user.id))
question_id = data.get('questionId')
if question_id:
question = brief_question_service.get(question_id)
if question.brief_id == brief.id:
question.answered = True
brief_question_service.save(question)
audit_service.log_audit_event(
audit_type=audit_types.create_brief_clarification_question,
user=current_user.email_address,
data={'briefId': brief.id},
db_object=brief_clarification_question)
def update_team(team_id, data):
team = team_service.get_team_for_update(team_id)
if not team:
raise NotFoundError('Team {} does not exist'.format(team_id))
if len([tm for tm in team.team_members if tm.user_id == current_user.id and tm.is_team_lead is True]) == 0:
raise UnauthorisedError('Only team leads can edit a team')
update_team_information(team, data)
result = update_team_leads_and_members(team, data)
update_permissions(team, data)
create_team = data.get('createTeam', False)
saved = False
if create_team:
validation_result = TeamValidator(team, current_user).validate_all()
if len([e for e in validation_result.errors]) > 0:
raise ValidationError([e for e in validation_result.errors])
team.status = 'completed'
team_service.save(team)
saved = True
send_team_lead_notification_emails(team_id)
send_team_member_notification_emails(team_id)
elif team.status == 'completed':
validation_result = TeamValidator(team, current_user).validate_all()
if len([e for e in validation_result.errors]) > 0:
raise ValidationError([e for e in validation_result.errors])
team_service.save(team)
saved = True
new_team_leads = result.get('new_team_leads', [])
new_team_members = result.get('new_team_members', [])
removed_team_members = result.get('removed_team_members', [])
if len(new_team_leads) > 0:
send_team_lead_notification_emails(team_id, new_team_leads)
if len(new_team_members) > 0:
send_team_member_notification_emails(team_id, new_team_members)
if len(removed_team_members) > 0:
send_removed_team_member_notification_emails(team_id, removed_team_members)
elif team.status == 'created':
validation_result = TeamValidator(team, current_user).validate_all()
team_member_errors = [e for e in validation_result.errors if str(e.get('id')).startswith('TM')]
if team_member_errors:
raise ValidationError(team_member_errors)
team_service.save(team)
if saved:
publish_tasks.team.delay(
publish_tasks.compress_team(team),
'updated'
)
return get_team(team_id)
def request_access(data):
if data.get('permission') not in permission_types:
raise ValidationError('Invalid permission')
permission = str(data.get('permission'))
permission_text = ('publish and edit live opportunities' if permission
== 'publish_opportunities' else permission.replace(
'_', ' '))
send_request_access_email(permission_text)
def update_supplier(data, user_info):
supplier_code = user_info.get('supplier_code')
email_address = user_info.get('email_address')
supplier = suppliers.find(code=supplier_code).one_or_none()
mandatory_supplier_checks(supplier)
whitelist_fields = ['representative', 'email', 'phone']
for wf in whitelist_fields:
if wf not in data.get('data'):
raise ValidationError('{} is not recognised'.format(wf))
if 'email' in data.get('data'):
email = data['data']['email']
data['data']['email'] = email.encode('utf-8').lower()
supplier.update_from_json(data.get('data'))
messages = SupplierValidator(supplier).validate_representative(
'representative')
if len([m for m in messages if m.get('severity', '') == 'error']) > 0:
raise ValidationError(',\n'.join([
m.get('message') for m in messages
if m.get('severity', '') == 'error'
]))
suppliers.save(supplier)
publish_tasks.supplier.delay(publish_tasks.compress_supplier(supplier),
'updated',
updated_by=email_address)
audit_service.log_audit_event(audit_type=audit_types.update_supplier,
user=email_address,
data={
'supplierCode': supplier.code,
'supplierData': supplier.data
},
db_object=supplier)
process_auth_rep_email(supplier, data, user_info)
def withdraw_opportunity(user_id, brief_id, withdrawal_reason):
brief = brief_service.get(brief_id)
if not brief:
raise NotFoundError('Opportunity {} does not exist'.format(brief_id))
if not brief_service.has_permission_to_brief(user_id, brief_id):
raise UnauthorisedError(
'Not authorised to withdraw opportunity {}'.format(brief_id))
if brief.status != 'live':
raise BriefError('Unable to withdraw opportunity {}'.format(brief_id))
if not withdrawal_reason:
raise ValidationError(
'Withdrawal reason is required for opportunity {}'.format(
brief_id))
user = users.get(user_id)
if not user:
raise NotFoundError('User {} does not exist'.format(user_id))
brief = brief_service.withdraw_opportunity(brief, withdrawal_reason)
organisation = agency_service.get_agency_name(user.agency_id)
sellers_to_contact = brief_service.get_sellers_to_notify(
brief, brief_business.is_open_to_all(brief))
for email_address in sellers_to_contact:
send_opportunity_withdrawn_email_to_seller(brief, email_address,
organisation)
send_opportunity_withdrawn_email_to_buyers(brief, user)
try:
audit_service.log_audit_event(
audit_type=audit_types.withdraw_opportunity,
data={'briefId': brief.id},
db_object=brief,
user=user.email_address)
publish_tasks.brief.delay(publish_tasks.compress_brief(brief),
'withdrawn',
email_address=user.email_address,
name=user.name)
except Exception as e:
rollbar.report_exc_info()
return brief
def request_to_join(user_email_address, team_id, agency_id):
team = team_service.get_team(team_id)
if not team:
raise NotFoundError('Team {} does not exist'.format(team_id))
if not get_teams_by_agency(agency_id, team_id):
raise UnauthorisedError('Can not request to join this team')
claim = user_claims_service.make_claim(type='join_team',
email_address=user_email_address,
data={
"team_id": team_id,
"team_name": team['name'],
"agency_id": agency_id,
"user_id": current_user.id,
"user_name": current_user.name,
"approved": False
})
if not claim:
raise ValidationError('Could not create join team request')
send_request_to_join_team_leaders_email(team_id, claim.token)
send_request_to_join_requester_email(user_email_address, team_id)
def accept_agreement(user_info):
supplier_code = user_info.get('supplier_code')
email_address = user_info.get('email_address')
user_id = user_info.get('user_id')
supplier = suppliers.get_supplier_by_code(supplier_code)
mandatory_supplier_checks(supplier)
if email_address != supplier.data.get('email'):
raise UnauthorisedError('Unauthorised to accept agreement')
agreement = get_current_agreement()
if agreement is None:
raise NotFoundError('Current master agreement not found')
already_signed = signed_agreement_service.first(
agreement_id=agreement.id, supplier_code=supplier_code)
if already_signed:
raise ValidationError('Already signed agreement')
signed_agreement = SignedAgreement(
agreement_id=agreement.id,
user_id=user_id,
signed_at=pendulum.now('Australia/Canberra'),
supplier_code=supplier_code)
signed_agreement_service.save(signed_agreement)
publish_tasks.supplier.delay(publish_tasks.compress_supplier(supplier),
'accepted_agreement',
updated_by=email_address)
audit_service.log_audit_event(
audit_type=audit_types.accepted_master_agreement,
user=email_address,
data={
'supplierCode': supplier.code,
'supplierData': supplier.data
},
db_object=supplier)
def request_access(data):
if data.get('permission') not in permission_types:
raise ValidationError('Invalid permission')
permission = str(data.get('permission')).replace('_', ' ')
send_request_access_email(permission)