def accept_invite(token): try: invited_user = InvitedUser.from_token(token) except InviteTokenError as exception: flash(_(str(exception))) return redirect(url_for("main.sign_in")) if not current_user.is_anonymous and current_user.email_address.lower() != invited_user.email_address.lower(): message = Markup( _( "You’re signed in as %(email)s. This invite is for another email address. " + "<a href=%(href)s>Sign out</a> and click the link again to accept this invite.", email=current_user.email_address, href=url_for("main.sign_out", _external=True), ) ) flash(message=message) abort(403) if invited_user.status == "cancelled": service = Service.from_id(invited_user.service) return render_template( "views/cancelled-invitation.html", from_user=invited_user.from_user.name, service_name=service.name, ) if invited_user.status == "accepted": session.pop("invited_user", None) return redirect(url_for("main.service_dashboard", service_id=invited_user.service)) session["invited_user"] = invited_user.serialize() existing_user = User.from_email_address_or_none(invited_user.email_address) if existing_user: invited_user.accept_invite() if existing_user in Users(invited_user.service): return redirect(url_for("main.service_dashboard", service_id=invited_user.service)) else: service = Service.from_id(invited_user.service) # if the service you're being added to can modify auth type, then check if this is relevant if service.has_permission("email_auth") and ( # they have a phone number, we want them to start using it. if they dont have a mobile we just # ignore that option of the invite (existing_user.mobile_number and invited_user.auth_type == "sms_auth") or # we want them to start sending emails. it's always valid, so lets always update invited_user.auth_type == "email_auth" ): existing_user.update(auth_type=invited_user.auth_type) existing_user.add_to_service( service_id=invited_user.service, permissions=invited_user.permissions, folder_permissions=invited_user.folder_permissions, ) return redirect(url_for("main.service_dashboard", service_id=service.id)) else: return redirect(url_for("main.register_from_invite"))
def accept_invite(token): invited_user = InvitedUser.from_token(token) if not current_user.is_anonymous and current_user.email_address.lower( ) != invited_user.email_address.lower(): message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={} class="govuk-link govuk-link--no-visited-state">Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': service = Service.from_id(invited_user.service) return render_template('views/cancelled-invitation.html', from_user=invited_user.from_user.name, service_name=service.name) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = User.from_email_address_or_none(invited_user.email_address) if existing_user: invited_user.accept_invite() if existing_user in Users(invited_user.service): return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: service = Service.from_id(invited_user.service) # if the service you're being added to can modify auth type, then check if this is relevant if service.has_permission('email_auth') and ( # they have a phone number, we want them to start using it. if they dont have a mobile we just # ignore that option of the invite (existing_user.mobile_number and invited_user.auth_type == 'sms_auth') or # we want them to start sending emails. it's always valid, so lets always update invited_user.auth_type == 'email_auth'): existing_user.update(auth_type=invited_user.auth_type) existing_user.add_to_service( service_id=invited_user.service, permissions=invited_user.permissions, folder_permissions=invited_user.folder_permissions, ) return redirect( url_for('main.service_dashboard', service_id=service.id)) else: return redirect(url_for('main.register_from_invite'))
def has_permissions(self, *permissions, restrict_admin_usage=False, allow_org_user=False): unknown_permissions = set(permissions) - all_permissions if unknown_permissions: raise TypeError("{} are not valid permissions".format(list(unknown_permissions))) # Service id is always set on the request for service specific views. service_id = _get_service_id_from_view_args() org_id = _get_org_id_from_view_args() if not service_id and not org_id: # we shouldn't have any pages that require permissions, but don't specify a service or organisation. # use @user_is_platform_admin for platform admin only pages return False # platform admins should be able to do most things (except eg send messages, or create api keys) if self.platform_admin and not restrict_admin_usage: return True if org_id: return self.belongs_to_organisation(org_id) if not permissions and self.belongs_to_service(service_id): return True if any(self.has_permission_for_service(service_id, permission) for permission in permissions): return True from app.models.service import Service return allow_org_user and self.belongs_to_organisation(Service.from_id(service_id).organisation_id)
def activate_user(user_id): user = User.from_id(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id organisation_id = session.get('organisation_id') activated_user = user.activate() activated_user.login() invited_user = InvitedUser.from_session() if invited_user: service_id = _add_invited_user_to_service(invited_user) service = Service.from_id(service_id) if service.has_permission('broadcast'): return redirect( url_for('main.broadcast_tour', service_id=service.id, step_index=1)) return redirect( url_for('main.service_dashboard', service_id=service_id)) invited_org_user = InvitedOrgUser.from_session() if invited_org_user: user_api_client.add_user_to_organisation(invited_org_user.organisation, session['user_details']['id']) if organisation_id: return redirect( url_for('main.organisation_dashboard', org_id=organisation_id)) else: return redirect(url_for('main.add_service', first='first'))