Merge pull request #3102 from DFE-Digital/ce-dsi-id-only

Allow School Administrators to invite users via School Dashboard in Manage School Experience
DFE-Digital · May 2, 2024 · f2731ac · f2731ac
2 parents b7e5c83 + 0ce3580
commit f2731ac
Show file tree

Hide file tree

Showing 29 changed files with 735 additions and 27 deletions.
diff --git a/app/controllers/schools/users_controller.rb b/app/controllers/schools/users_controller.rb
@@ -0,0 +1,46 @@
+module Schools
+  class UsersController < BaseController
+    def index; end
+
+    def new
+      @user_invite = DFESignInAPI::UserInvite.new
+    end
+
+    def create
+      @user_invite = DFESignInAPI::UserInvite.new(user_params)
+      @user_invite.organisation_id = DFESignInAPI::Organisation.new(current_user.sub, current_school.urn).current_organisation_id
+
+      if params[:confirmed] == 'true'
+        if @user_invite.valid?
+          begin
+            @user_invite.create
+            redirect_to schools_users_path, notice: "#{@user_invite.email} has been added."
+          rescue StandardError => e
+            Rails.logger.error("User invite failed with: #{e}")
+            flash.notice = "An error occurred while adding #{@user_invite.email}"
+            render :show, locals: { user_invite: @user_invite }
+          end
+        else
+          render :new
+        end
+      else
+        render :show, locals: { user_invite: @user_invite }
+      end
+    end
+
+    def show
+      render :show
+    end
+
+    def edit
+      @user_invite = DFESignInAPI::UserInvite.new(user_params)
+      render :new, locals: { user_invite: @user_invite }
+    end
+
+  private
+
+    def user_params
+      params.require(:schools_dfe_sign_in_api_user_invite).permit(:email, :firstname, :lastname, :organisation_id)
+    end
+  end
+end
diff --git a/app/notify/notify_email/school_user_invite.8ac4d9f9-f51d-4c3b-9cc7-fd59751ece3d.md b/app/notify/notify_email/school_user_invite.8ac4d9f9-f51d-4c3b-9cc7-fd59751ece3d.md
@@ -0,0 +1,21 @@
+Dear colleague,
+
+# You have been added as a new user to the manage school experience service
+
+Use manage school experience to view and make decisions on school experience requests.
+
+To view and manage requests use the following link:
+
+https://schoolexperience.education.gov.uk/schools
+
+You’ll need a DfE Sign-in account to be able to access manage school experience service. If you don’t already have an account, you can create one at https://profile.signin.education.gov.uk/register
+
+# Help and support
+
+If you’ve got any questions email us with your URN at [email protected].
+
+# Provide feedback
+
+Help us improve the manage school experience service:
+
+Give feedback on this service – https://schoolexperience.education.gov.uk/schools/feedbacks/new
diff --git a/app/notify/notify_email/school_user_invite.rb b/app/notify/notify_email/school_user_invite.rb
@@ -0,0 +1,18 @@
+class NotifyEmail::SchoolUserInvite < NotifyDespatchers::Email
+  def initialize(
+    to:
+  )
+
+    super(to: to)
+  end
+
+private
+
+  def template_id
+    '8ac4d9f9-f51d-4c3b-9cc7-fd59751ece3d'
+  end
+
+  def personalisation
+    {}
+  end
+end
diff --git a/app/services/schools/dfe_sign_in_api/organisation.rb b/app/services/schools/dfe_sign_in_api/organisation.rb
@@ -0,0 +1,24 @@
+module Schools
+  module DFESignInAPI
+    class Organisation < Organisations
+      attr_accessor :current_school_urn
+
+      def initialize(user_uuid, current_school_urn)
+        super(user_uuid)
+        self.current_school_urn = current_school_urn
+      end
+
+      def current_organisation
+        @current_organisation ||= organisations.find { |org| org['urn'].to_i == current_school_urn }
+      end
+
+      def current_organisation_ukprn
+        current_organisation['ukprn'] if current_organisation
+      end
+
+      def current_organisation_id
+        current_organisation['id'] if current_organisation
+      end
+    end
+  end
+end
diff --git a/app/services/schools/dfe_sign_in_api/user_invite.rb b/app/services/schools/dfe_sign_in_api/user_invite.rb
@@ -0,0 +1,66 @@
+module Schools
+  module DFESignInAPI
+    class UserInvite < Client
+      include ActiveModel::Model
+      include ActiveModel::Attributes
+      include ActiveRecord::AttributeAssignment
+
+      attribute :email, :string
+      attribute :firstname, :string
+      attribute :lastname, :string
+      attribute :organisation_id, :string
+
+      validates :firstname, presence: true, length: { maximum: 50 }
+      validates :lastname, presence: true, length: { maximum: 50 }
+      validates :email, presence: true, length: { maximum: 100 }
+      validates :email, email_format: true, if: -> { email.present? }
+      validates :organisation_id, presence: true
+
+      def create
+        @response = response
+        send_user_invite_email
+      end
+
+    private
+
+      def send_user_invite_email
+        NotifyEmail::SchoolUserInvite.new(
+          to: email
+        ).despatch_later!
+      end
+
+      def response
+        raise ApiDisabled unless enabled?
+
+        resp = faraday.post(endpoint) do |req|
+          req.headers['Authorization'] = "bearer #{token}"
+          req.headers['Content-Type'] = 'application/json'
+          req.body = payload.to_json
+        end
+
+        resp.body
+      end
+
+      def service_id
+        ENV.fetch('DFE_SIGNIN_SCHOOL_EXPERIENCE_ADMIN_SERVICE_ID')
+      end
+
+      def endpoint
+        URI::HTTPS.build(
+          host: Rails.configuration.x.dfe_sign_in_api_host,
+          path: ['/services', service_id, 'invitations'].join('/')
+        )
+      end
+
+      def payload
+        super.merge(
+          sourceId: SecureRandom.uuid,
+          given_name: firstname,
+          family_name: lastname,
+          email: email,
+          organisation: organisation_id
+        )
+      end
+    end
+  end
+end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -116,6 +116,9 @@
                   <%= link_to 'Privacy policy', privacy_policy_path, class: 'govuk-footer__link' %>
                 </li>
               <% end %>
+              <li class="govuk-footer__inline-list-item">
+                <%= link_to 'Terms and conditions', terms_and_conditions_path, class: 'govuk-footer__link' %>
+              </li>
               <li class="govuk-footer__inline-list-item">
                 <%= link_to 'Accessibility statement', accessibility_statement_path, class: 'govuk-footer__link' %>
               </li>

diff --git a/app/views/pages/dfe_signin_help.html.erb b/app/views/pages/dfe_signin_help.html.erb
@@ -6,7 +6,7 @@
 
 
     <p>
-      You need a DfE Sign-in account username and password to manage school
+      You need a DfE Sign-in account, username and password to manage school
       experience for an organisation.
     </p>
 
@@ -21,8 +21,7 @@
     </div>
 
     <p>
-      Don't worry if you don't have or don't know your details - all you need to
-      do is contact your organisation's DfE Sign-in approver.
+      If you do not have, or have forgotten your details, contact your organisation's DfE Sign-in approver.
     </p>
 
     <p>
@@ -52,8 +51,8 @@
         </div>
         <div id="accordion-default-content-3" class="govuk-accordion__section-content">
             <p>Your approver will normally be the head or deputy head.<p>
-            <p>If they're not or you're not sure, don't worry. We just need to get some of your details so we can find them. Email our School Experience
-            Service team at <%= mail_to '[email protected]' %>.</p>
+            <p>If your head or deputy head is not the approver, or you're not sure, and you need help you can email the school experience
+            service team at <%= mail_to '[email protected]' %>.</p>
             <p>We'll be in touch within 3 to 5 working days.</p>
         </div>
       </div>