Skip to content

Commit

Permalink
Merge pull request #366 from CityOfNewYork/hotfix/OP-1451
Browse files Browse the repository at this point in the history 
Hotfix/OP-1451: Unable to View My Requests After First Login
  • Loading branch information
@johnyu95
johnyu95 authored May 10, 2018
2 parents faee3da + a442671 commit 2f4913f
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 37 deletions.
26 changes: 19 additions & 7 deletions app/auth/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
login_manager,
sentry
)
from app.models import Users, AgencyUsers, Events
from app.models import Users, AgencyUsers, Events, Requests
from app.constants import user_type_auth, USER_ID_DELIMITER
from app.constants.web_services import (
USER_ENDPOINT,
Expand Down Expand Up @@ -304,13 +304,13 @@ def _update_user_data(user, guid, user_type, email, first_name, middle_initial,
`email_validated` and `terms_of_use_accepted` (this function
should be called AFTER email validation and terms-of-use acceptance
has been completed).
Update any database objects this user is associated with.
- user_requests
- events
In order to prevent a possbile negative performance impact
(due to foreign keys CASCADE), guid and user_type are compared with
stored user attributes and are excluded from the update if both are identical.
Update search index for searching by assigned user.
"""
updated_data = {
'email': email,
Expand All @@ -328,18 +328,30 @@ def _update_user_data(user, guid, user_type, email, first_name, middle_initial,
update_events_values = Events.query.filter(Events.new_value['user_guid'].astext == user.guid,
Events.new_value[
'auth_user_type'].astext == user.auth_user_type).all()

for event in update_events_values:
update_object(
{'new_value': {'user_guid': guid,
'auth_user_type': user_type}},
Events,
event.id
)
update_object(
updated_data,
Users,
(user.guid, user.auth_user_type)
)

update_object(
updated_data,
Users,
(user.guid, user.auth_user_type)
)

for user_request in user.user_requests:
Requests.query.filter_by(id=user_request.request_id).one().es_update()

else:
update_object(
updated_data,
Users,
(user.guid, user.auth_user_type)
)


def _validate_email(email_validation_flag, guid, email_address, user_type):
Expand Down
63 changes: 33 additions & 30 deletions app/user/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,8 @@ def patch(user_id):
same_agency = agency_ein in [agency.ein for agency in current_user.agencies.all()]
associated_anonymous_requester = (user_.is_anonymous_requester
and current_user.user_requests.filter_by(
request_id=user_.anonymous_request.id
).first() is None)
request_id=user_.anonymous_request.id
).first() is None)

is_agency_admin = request.form.get('is_agency_admin')
is_agency_active = request.form.get('is_agency_active')
Expand All @@ -112,30 +112,30 @@ def patch(user_id):
if ((updating_self and (
# super user attempting to change their own super status
(current_user.is_super and is_super is not None)
or
or
# agency admin or public user attempting to change their own agency/super status
(changing_status and (current_user_is_agency_admin or current_user.is_public)))) or
(not updating_self and (
# public user attempting to change another user
current_user.is_public
or
# agency user attempting to change a agency/super status
(current_user_is_agency_user and changing_status)
or
# agency user attempting to change a user that is not an anonymous requester
# for a request they are assigned to
(current_user_is_agency_user and (
not user_.is_anonymous_requester or not associated_anonymous_requester))
or
# agency admin attempting to change another user that is not in the same agency or
# attempting to change more than just the agency status of a user
(current_user_is_agency_admin
and not (associated_anonymous_requester or user_.is_anonymous_requester)
and (not same_agency or changing_more_than_agency_status))
or
# agency admin attempting to change an anonymous requester for a request
# they are not assigned to
(current_user_is_agency_admin and associated_anonymous_requester)))):
(not updating_self and (
# public user attempting to change another user
current_user.is_public
or
# agency user attempting to change a agency/super status
(current_user_is_agency_user and changing_status)
or
# agency user attempting to change a user that is not an anonymous requester
# for a request they are assigned to
(current_user_is_agency_user and (
not user_.is_anonymous_requester or not associated_anonymous_requester))
or
# agency admin attempting to change another user that is not in the same agency or
# attempting to change more than just the agency status of a user
(current_user_is_agency_admin
and not (associated_anonymous_requester or user_.is_anonymous_requester)
and (not same_agency or changing_more_than_agency_status))
or
# agency admin attempting to change an anonymous requester for a request
# they are not assigned to
(current_user_is_agency_admin and associated_anonymous_requester)))):
return jsonify({}), 403

# UPDATE
Expand Down Expand Up @@ -181,12 +181,12 @@ def patch(user_id):

# check if missing contact information
if (user_field_val['email'] == ''
and user_field_val['phone_number'] == ''
and user_field_val['fax_number'] == ''
and (address_field_val['city'] == ''
or address_field_val['zip'] == ''
or address_field_val['state'] == ''
or address_field_val['address_one'] == '')):
and user_field_val['phone_number'] == ''
and user_field_val['fax_number'] == ''
and (address_field_val['city'] == ''
or address_field_val['zip'] == ''
or address_field_val['state'] == ''
or address_field_val['address_one'] == '')):
return jsonify({"error": "Missing contact information."}), 400

old = {}
Expand Down Expand Up @@ -307,6 +307,7 @@ def set_permissions_and_create_event(user_req, perms):
create_user_request_event(event_type.USER_PERM_CHANGED,
user_req,
old_permissions)

if is_agency_admin:
permissions = Roles.query.filter_by(name=role_name.AGENCY_ADMIN).one().permissions
# create UserRequests for ALL existing requests under user's agency where user is not assigned
Expand All @@ -331,11 +332,13 @@ def set_permissions_and_create_event(user_req, perms):
user_request.request.es_update()
else:
set_permissions_and_create_event(user_request, permissions)
user_request.request.es_update()

else:
# update ALL UserRequests (strip user of permissions)
for user_request in user_.user_requests.all():
set_permissions_and_create_event(user_request, permission.NONE)
user_request.request.es_update()

# TODO: single email detailing user changes?

Expand Down

0 comments on commit 2f4913f

Please sign in to comment.