diff --git a/app/auth/utils.py b/app/auth/utils.py index 36f81107c..f5df9c2d8 100644 --- a/app/auth/utils.py +++ b/app/auth/utils.py @@ -27,7 +27,7 @@ login_manager, sentry ) -from app.models import Users, AgencyUsers, Events +from app.models import Users, AgencyUsers, Events, Requests from app.constants import user_type_auth, USER_ID_DELIMITER from app.constants.web_services import ( USER_ENDPOINT, @@ -304,13 +304,13 @@ def _update_user_data(user, guid, user_type, email, first_name, middle_initial, `email_validated` and `terms_of_use_accepted` (this function should be called AFTER email validation and terms-of-use acceptance has been completed). - Update any database objects this user is associated with. - user_requests - events In order to prevent a possbile negative performance impact (due to foreign keys CASCADE), guid and user_type are compared with stored user attributes and are excluded from the update if both are identical. + Update search index for searching by assigned user. """ updated_data = { 'email': email, @@ -328,6 +328,7 @@ def _update_user_data(user, guid, user_type, email, first_name, middle_initial, update_events_values = Events.query.filter(Events.new_value['user_guid'].astext == user.guid, Events.new_value[ 'auth_user_type'].astext == user.auth_user_type).all() + for event in update_events_values: update_object( {'new_value': {'user_guid': guid, @@ -335,11 +336,22 @@ def _update_user_data(user, guid, user_type, email, first_name, middle_initial, Events, event.id ) - update_object( - updated_data, - Users, - (user.guid, user.auth_user_type) - ) + + update_object( + updated_data, + Users, + (user.guid, user.auth_user_type) + ) + + for user_request in user.user_requests: + Requests.query.filter_by(id=user_request.request_id).one().es_update() + + else: + update_object( + updated_data, + Users, + (user.guid, user.auth_user_type) + ) def _validate_email(email_validation_flag, guid, email_address, user_type): diff --git a/app/user/views.py b/app/user/views.py index 62072e301..51ab49a62 100644 --- a/app/user/views.py +++ b/app/user/views.py @@ -89,8 +89,8 @@ def patch(user_id): same_agency = agency_ein in [agency.ein for agency in current_user.agencies.all()] associated_anonymous_requester = (user_.is_anonymous_requester and current_user.user_requests.filter_by( - request_id=user_.anonymous_request.id - ).first() is None) + request_id=user_.anonymous_request.id + ).first() is None) is_agency_admin = request.form.get('is_agency_admin') is_agency_active = request.form.get('is_agency_active') @@ -112,30 +112,30 @@ def patch(user_id): if ((updating_self and ( # super user attempting to change their own super status (current_user.is_super and is_super is not None) - or + or # agency admin or public user attempting to change their own agency/super status (changing_status and (current_user_is_agency_admin or current_user.is_public)))) or - (not updating_self and ( - # public user attempting to change another user - current_user.is_public - or - # agency user attempting to change a agency/super status - (current_user_is_agency_user and changing_status) - or - # agency user attempting to change a user that is not an anonymous requester - # for a request they are assigned to - (current_user_is_agency_user and ( - not user_.is_anonymous_requester or not associated_anonymous_requester)) - or - # agency admin attempting to change another user that is not in the same agency or - # attempting to change more than just the agency status of a user - (current_user_is_agency_admin - and not (associated_anonymous_requester or user_.is_anonymous_requester) - and (not same_agency or changing_more_than_agency_status)) - or - # agency admin attempting to change an anonymous requester for a request - # they are not assigned to - (current_user_is_agency_admin and associated_anonymous_requester)))): + (not updating_self and ( + # public user attempting to change another user + current_user.is_public + or + # agency user attempting to change a agency/super status + (current_user_is_agency_user and changing_status) + or + # agency user attempting to change a user that is not an anonymous requester + # for a request they are assigned to + (current_user_is_agency_user and ( + not user_.is_anonymous_requester or not associated_anonymous_requester)) + or + # agency admin attempting to change another user that is not in the same agency or + # attempting to change more than just the agency status of a user + (current_user_is_agency_admin + and not (associated_anonymous_requester or user_.is_anonymous_requester) + and (not same_agency or changing_more_than_agency_status)) + or + # agency admin attempting to change an anonymous requester for a request + # they are not assigned to + (current_user_is_agency_admin and associated_anonymous_requester)))): return jsonify({}), 403 # UPDATE @@ -181,12 +181,12 @@ def patch(user_id): # check if missing contact information if (user_field_val['email'] == '' - and user_field_val['phone_number'] == '' - and user_field_val['fax_number'] == '' - and (address_field_val['city'] == '' - or address_field_val['zip'] == '' - or address_field_val['state'] == '' - or address_field_val['address_one'] == '')): + and user_field_val['phone_number'] == '' + and user_field_val['fax_number'] == '' + and (address_field_val['city'] == '' + or address_field_val['zip'] == '' + or address_field_val['state'] == '' + or address_field_val['address_one'] == '')): return jsonify({"error": "Missing contact information."}), 400 old = {} @@ -307,6 +307,7 @@ def set_permissions_and_create_event(user_req, perms): create_user_request_event(event_type.USER_PERM_CHANGED, user_req, old_permissions) + if is_agency_admin: permissions = Roles.query.filter_by(name=role_name.AGENCY_ADMIN).one().permissions # create UserRequests for ALL existing requests under user's agency where user is not assigned @@ -331,11 +332,13 @@ def set_permissions_and_create_event(user_req, perms): user_request.request.es_update() else: set_permissions_and_create_event(user_request, permissions) + user_request.request.es_update() else: # update ALL UserRequests (strip user of permissions) for user_request in user_.user_requests.all(): set_permissions_and_create_event(user_request, permission.NONE) + user_request.request.es_update() # TODO: single email detailing user changes?