def accept_invite(token):
try:
invited_user = InvitedUser.from_token(token)
except InviteTokenError as exception:
flash(_(str(exception)))
return redirect(url_for("main.sign_in"))
if not current_user.is_anonymous and current_user.email_address.lower() != invited_user.email_address.lower():
message = Markup(
_(
"You’re signed in as %(email)s. This invite is for another email address. "
+ "<a href=%(href)s>Sign out</a> and click the link again to accept this invite.",
email=current_user.email_address,
href=url_for("main.sign_out", _external=True),
)
)
flash(message=message)
abort(403)
if invited_user.status == "cancelled":
service = Service.from_id(invited_user.service)
return render_template(
"views/cancelled-invitation.html",
from_user=invited_user.from_user.name,
service_name=service.name,
)
if invited_user.status == "accepted":
session.pop("invited_user", None)
return redirect(url_for("main.service_dashboard", service_id=invited_user.service))
session["invited_user"] = invited_user.serialize()
existing_user = User.from_email_address_or_none(invited_user.email_address)
if existing_user:
invited_user.accept_invite()
if existing_user in Users(invited_user.service):
return redirect(url_for("main.service_dashboard", service_id=invited_user.service))
else:
service = Service.from_id(invited_user.service)
# if the service you're being added to can modify auth type, then check if this is relevant
if service.has_permission("email_auth") and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number and invited_user.auth_type == "sms_auth")
or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == "email_auth"
):
existing_user.update(auth_type=invited_user.auth_type)
existing_user.add_to_service(
service_id=invited_user.service,
permissions=invited_user.permissions,
folder_permissions=invited_user.folder_permissions,
)
return redirect(url_for("main.service_dashboard", service_id=service.id))
else:
return redirect(url_for("main.register_from_invite"))
def accept_invite(token):
invited_user = InvitedUser.from_token(token)
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={} class="govuk-link govuk-link--no-visited-state">Sign out</a>
and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
service = Service.from_id(invited_user.service)
return render_template('views/cancelled-invitation.html',
from_user=invited_user.from_user.name,
service_name=service.name)
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = User.from_email_address_or_none(invited_user.email_address)
if existing_user:
invited_user.accept_invite()
if existing_user in Users(invited_user.service):
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
service = Service.from_id(invited_user.service)
# if the service you're being added to can modify auth type, then check if this is relevant
if service.has_permission('email_auth') and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number
and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'):
existing_user.update(auth_type=invited_user.auth_type)
existing_user.add_to_service(
service_id=invited_user.service,
permissions=invited_user.permissions,
folder_permissions=invited_user.folder_permissions,
)
return redirect(
url_for('main.service_dashboard', service_id=service.id))
else:
return redirect(url_for('main.register_from_invite'))
def has_permissions(self, *permissions, restrict_admin_usage=False, allow_org_user=False):
unknown_permissions = set(permissions) - all_permissions
if unknown_permissions:
raise TypeError("{} are not valid permissions".format(list(unknown_permissions)))
# Service id is always set on the request for service specific views.
service_id = _get_service_id_from_view_args()
org_id = _get_org_id_from_view_args()
if not service_id and not org_id:
# we shouldn't have any pages that require permissions, but don't specify a service or organisation.
# use @user_is_platform_admin for platform admin only pages
return False
# platform admins should be able to do most things (except eg send messages, or create api keys)
if self.platform_admin and not restrict_admin_usage:
return True
if org_id:
return self.belongs_to_organisation(org_id)
if not permissions and self.belongs_to_service(service_id):
return True
if any(self.has_permission_for_service(service_id, permission) for permission in permissions):
return True
from app.models.service import Service
return allow_org_user and self.belongs_to_organisation(Service.from_id(service_id).organisation_id)
def activate_user(user_id):
user = User.from_id(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
organisation_id = session.get('organisation_id')
activated_user = user.activate()
activated_user.login()
invited_user = InvitedUser.from_session()
if invited_user:
service_id = _add_invited_user_to_service(invited_user)
service = Service.from_id(service_id)
if service.has_permission('broadcast'):
return redirect(
url_for('main.broadcast_tour',
service_id=service.id,
step_index=1))
return redirect(
url_for('main.service_dashboard', service_id=service_id))
invited_org_user = InvitedOrgUser.from_session()
if invited_org_user:
user_api_client.add_user_to_organisation(invited_org_user.organisation,
session['user_details']['id'])
if organisation_id:
return redirect(
url_for('main.organisation_dashboard', org_id=organisation_id))
else:
return redirect(url_for('main.add_service', first='first'))
