Bugfix/database access (#270)

* Capture exception in sentry when attempting to grant access fails * Hide password on user admin form * Fix bug displaying which users have table access * Display basic error when granting fails * Update help text on access forms * Bump chart version
ministryofjustice · Sep 6, 2024 · b25379e · b25379e
1 parent f50e1b0
commit b25379e
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 9 deletions.
diff --git a/ap/database_access/forms.py b/ap/database_access/forms.py
@@ -21,14 +21,14 @@ class AccessForm(forms.ModelForm):
         queryset=None,
         widget=forms.CheckboxSelectMultiple,
         template_name="forms/fields/checkbox.html",
-        help_text="Select all that apply",
+        help_text="Choose actions the selected user will have on the table",
         required=True,
     )
     grantable_permissions = forms.ModelMultipleChoiceField(
         queryset=None,
         widget=forms.CheckboxSelectMultiple,
         template_name="forms/fields/checkbox.html",
-        help_text="Select all that apply",
+        help_text="Choose actions the selected user can grant to other users",
         required=False,
     )
 
@@ -75,14 +75,14 @@ class ManageAccessForm(forms.ModelForm):
         queryset=None,
         widget=forms.CheckboxSelectMultiple,
         template_name="forms/fields/checkbox.html",
-        help_text="Select all that apply",
+        help_text="Choose actions the selected user will have on the table",
         required=True,
     )
     grantable_permissions = forms.ModelMultipleChoiceField(
         queryset=None,
         widget=forms.CheckboxSelectMultiple,
         template_name="forms/fields/checkbox.html",
-        help_text="Grantable permissions allow the user to grant the selected permissions to other users.",  # noqa
+        help_text="Choose actions the selected user can grant to other users",
         required=False,
     )
 

diff --git a/ap/database_access/views.py b/ap/database_access/views.py
@@ -9,6 +9,7 @@
 from django.views.generic.detail import SingleObjectMixin
 
 import botocore
+import sentry_sdk
 
 from ap import aws
 from ap.auth.views.mixins import OIDCLoginRequiredMixin
@@ -97,6 +98,7 @@ def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
         context = super().get_context_data(**kwargs)
         context["access_queryset"] = (
             models.TableAccess.objects.select_related("database_access__user")
+            .prefetch_related("grantable_permissions")
             .filter(
                 database_access__name=self.kwargs["database_name"], name=self.kwargs["table_name"]
             )
@@ -147,9 +149,9 @@ def form_valid(self, form: BaseModelForm) -> HttpResponse:
             return super().form_valid(form)
         except botocore.exceptions.ClientError as error:
             if error.response["Error"]["Code"] == "InvalidInputException":
-                form.add_error(None, str(error))
+                sentry_sdk.capture_exception(error)
+                form.add_error(None, "An error occured granting permissions")
                 return self.form_invalid(form)
-            raise error
 
 
 class GrantTableAccessView(OIDCLoginRequiredMixin, TableAccessMixin, CreateView):

diff --git a/ap/users/admin.py b/ap/users/admin.py
@@ -6,3 +6,4 @@
 @admin.register(models.User)
 class UserAdmin(admin.ModelAdmin):
     list_display = ("email", "user_id", "name", "is_superuser")
+    exclude = ["password"]
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -3,8 +3,8 @@ apiVersion: v2
 name: analytical-platform-ui
 description: Analytical Platform UI
 type: application
-version: 0.2.0
-appVersion: 0.2.0
+version: 0.2.1
+appVersion: 0.2.1
 icon: https://upload.wikimedia.org/wikipedia/en/thumb/4/4a/Ministry_of_Justice_logo_%28United_Kingdom%29.svg/611px-Ministry_of_Justice_logo_%28United_Kingdom%29.svg.png
 maintainers:
   - name: moj-data-platform-robot

diff --git a/templates/database_access/database/grant_access.html b/templates/database_access/database/grant_access.html
@@ -9,6 +9,7 @@ <h2 class="govuk-heading-l">Grant Table Access</h2>
 
     <form method="post">
         {% csrf_token %}
+        {{ form.non_field_errors }}
         {{ form.user.as_field_group }}
         {{ form.permissions.as_field_group }}
         {{ form.grantable_permissions.as_field_group }}

diff --git a/templates/database_access/database/table.html b/templates/database_access/database/table.html
@@ -23,7 +23,7 @@ <h2 class="govuk-heading-l">User Access</h2>
       {% for table_access in access_queryset %}
       <tr class="govuk-table__row">
         <td class="govuk-table__cell">{{ table_access.database_access.user.email }}</td>
-        <td class="govuk-table__cell">{{ can_manage_access }}</td>
+        <td class="govuk-table__cell">{{ table_access.grantable_permissions.exists }}</td>
         {% if can_manage_access %}
           <td class="govuk-table__cell align-right no-wrap">
               <a class="govuk-button" href="{{ table_access.get_absolute_url }}">