mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-07-04 10:13:30 +02:00
Add error code for outside org members being added
This commit is contained in:
parent
8b61eb1275
commit
b0fe698af2
2 changed files with 41 additions and 33 deletions
|
@ -23,6 +23,14 @@ class InvalidDomainError(ValueError):
|
|||
pass
|
||||
|
||||
|
||||
class OutsideOrgMemberError(ValueError):
|
||||
"""
|
||||
Error raised when an org member tries adding a user from a different .gov org.
|
||||
To be deleted when users can be members of multiple orgs.
|
||||
"""
|
||||
|
||||
pass
|
||||
|
||||
class ActionNotAllowed(Exception):
|
||||
"""User accessed an action that is not
|
||||
allowed by the current state"""
|
||||
|
|
|
@ -35,6 +35,7 @@ from registrar.utility.errors import (
|
|||
NameserverErrorCodes as nsErrorCodes,
|
||||
DsDataError,
|
||||
DsDataErrorCodes,
|
||||
OutsideOrgMemberError,
|
||||
SecurityEmailError,
|
||||
SecurityEmailErrorCodes,
|
||||
)
|
||||
|
@ -781,12 +782,15 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
"""Get an absolute URL for this domain."""
|
||||
return self.request.build_absolute_uri(reverse("domain", kwargs={"pk": self.object.id}))
|
||||
|
||||
def _is_member_of_different_org(self, email, org):
|
||||
def _is_member_of_different_org(self, email, requested_user, org):
|
||||
"""Verifies if an email belongs to a different organization as a member or invited member."""
|
||||
# Check if user is a member of a different organization
|
||||
existing_org_permission = UserPortfolioPermission.objects.get(email=email)
|
||||
print("Existing org permission: ", existing_org_permission)
|
||||
return True
|
||||
# Check if user is a already member of a different organization than the given org
|
||||
existing_org_permission = UserPortfolioPermission.objects.filter(user=requested_user).first()
|
||||
existing_org_invitation = PortfolioInvitation.objects.filter(email=email).first()
|
||||
|
||||
return (existing_org_permission and existing_org_permission.portfolio != org) or (
|
||||
existing_org_invitation and existing_org_invitation.portfolio != org
|
||||
)
|
||||
|
||||
def _send_domain_invitation_email(self, email: str, requestor: User, requested_user=None, add_success=True):
|
||||
"""Performs the sending of the domain invitation email,
|
||||
|
@ -814,24 +818,16 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
return None
|
||||
|
||||
# Check is user is a member or invited member of a different org from this domain's org
|
||||
print("org feature flag is active: ", flag_is_active_for_user(requestor, "organization_feature"))
|
||||
if flag_is_active_for_user(requestor, "organization_feature"):
|
||||
# Check if invited user is a member from a different org from this domain's org
|
||||
existing_org_permission = UserPortfolioPermission.objects.filter(user=requested_user).first()
|
||||
print("Existing org permission for requested email: ", existing_org_permission)
|
||||
|
||||
existing_org_invitation = PortfolioInvitation.objects.filter(email=email).first()
|
||||
requestor_org = UserPortfolioPermission.objects.get(user=requestor).portfolio
|
||||
print("Requestor org: ", requestor_org)
|
||||
if (existing_org_permission and existing_org_permission.portfolio != requestor_org) or (
|
||||
existing_org_invitation and existing_org_invitation.portfolio != requestor_org
|
||||
):
|
||||
if self._is_member_of_different_org(email, requested_user, requestor_org):
|
||||
add_success = False
|
||||
messages.error(
|
||||
self.request,
|
||||
f"That email is already a member of another .gov organization.",
|
||||
"That email is already a member of another .gov organization.",
|
||||
)
|
||||
raise Exception
|
||||
raise OutsideOrgMemberError
|
||||
|
||||
# Check to see if an invite has already been sent
|
||||
try:
|
||||
|
@ -847,10 +843,7 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
add_success = False
|
||||
# else if it has been sent but not accepted
|
||||
messages.warning(self.request, f"{email} has already been invited to this domain")
|
||||
except Exception:
|
||||
logger.error("An error occured")
|
||||
|
||||
try:
|
||||
send_templated_email(
|
||||
"emails/domain_invitation.txt",
|
||||
"emails/domain_invitation_subject.txt",
|
||||
|
@ -861,6 +854,11 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
"requestor_email": requestor_email,
|
||||
},
|
||||
)
|
||||
|
||||
if add_success:
|
||||
messages.success(self.request, f"{email} has been invited to this domain.")
|
||||
except Exception:
|
||||
logger.error("An error occured")
|
||||
except EmailSendingError as exc:
|
||||
logger.warn(
|
||||
"Could not sent email invitation to %s for domain %s",
|
||||
|
@ -869,9 +867,6 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
exc_info=True,
|
||||
)
|
||||
raise EmailSendingError("Could not send email invitation.") from exc
|
||||
else:
|
||||
if add_success:
|
||||
messages.success(self.request, f"{email} has been invited to this domain.")
|
||||
|
||||
def _make_invitation(self, email_address: str, requestor: User):
|
||||
"""Make a Domain invitation for this email and redirect with a message."""
|
||||
|
@ -901,6 +896,14 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
self._send_domain_invitation_email(
|
||||
requested_email, requestor, requested_user=requested_user, add_success=False
|
||||
)
|
||||
|
||||
UserDomainRole.objects.create(
|
||||
user=requested_user,
|
||||
domain=self.object,
|
||||
role=UserDomainRole.Roles.MANAGER,
|
||||
)
|
||||
|
||||
messages.success(self.request, f"Added user {requested_email}.")
|
||||
except EmailSendingError:
|
||||
logger.warn(
|
||||
"Could not send email invitation (EmailSendingError)",
|
||||
|
@ -908,6 +911,12 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
exc_info=True,
|
||||
)
|
||||
messages.warning(self.request, "Could not send email invitation.")
|
||||
except OutsideOrgMemberError:
|
||||
logger.warn(
|
||||
"Could not send email invitation to a user in a different org.",
|
||||
self.object,
|
||||
exc_info=True,
|
||||
)
|
||||
except Exception:
|
||||
logger.warn(
|
||||
"Could not send email invitation (Other Exception)",
|
||||
|
@ -915,17 +924,8 @@ class DomainAddUserView(DomainFormBaseView):
|
|||
exc_info=True,
|
||||
)
|
||||
messages.warning(self.request, "Could not send email invitation.")
|
||||
else:
|
||||
try:
|
||||
UserDomainRole.objects.create(
|
||||
user=requested_user,
|
||||
domain=self.object,
|
||||
role=UserDomainRole.Roles.MANAGER,
|
||||
)
|
||||
except IntegrityError:
|
||||
messages.warning(self.request, f"{requested_email} is already a manager for this domain")
|
||||
else:
|
||||
messages.success(self.request, f"Added user {requested_email}.")
|
||||
return redirect(self.get_success_url())
|
||||
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue