send mails to notify about access requests

closes #19
seibert-media · Apr 6, 2015 · dd5723d · dd5723d
1 parent 0fe3a73
commit dd5723d
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 0 deletions.
diff --git a/src/teamvault/apps/secrets/models.py b/src/teamvault/apps/secrets/models.py
@@ -14,6 +14,7 @@
 from djorm_pgfulltext.fields import VectorField
 from hashids import Hashids
 
+from ...utils import send_mail
 from ..audit.auditlog import log
 from .exceptions import PermissionError
 
@@ -150,6 +151,23 @@ def approve(self, reviewer):
 
         self.secret.allowed_users.add(self.requester)
 
+        other_reviewers = list(self.reviewers.all())
+        other_reviewers.remove(reviewer)
+
+        send_mail(
+            other_reviewers + [self.requester],
+            _("[TeamVault] Access request for '{}' approved").format(self.secret.name),
+            "secrets/mail_access_request_approved",
+            context={
+                'approved_by': reviewer.username,
+                'base_url': settings.BASE_URL,
+                'secret_name': self.secret.name,
+                'secret_url': self.secret.get_absolute_url(),
+                'username': self.requester.username,
+            },
+            user_from=reviewer,
+        )
+
     def assign_reviewers(self):
         candidates = list(self.secret.allowed_users.order_by('-last_login')[:10])
         for group in self.secret.allowed_groups.all():
@@ -162,6 +180,23 @@ def assign_reviewers(self):
             raise RuntimeError(_("unable to find reviewers for {}").format(self))
         self.reviewers = selected
 
+        send_mail(
+            self.reviewers.all(),
+            _("[TeamVault] Review access request for '{}'").format(self.secret.name),
+            "secrets/mail_access_request_review",
+            context={
+                'access_request_url': reverse(
+                    'secrets.access_request-detail',
+                    kwargs={'hashid': self.hashid},
+                ),
+                'base_url': settings.BASE_URL,
+                'secret_name': self.secret.name,
+                'secret_url': self.secret.get_absolute_url(),
+                'username': self.requester.username,
+            },
+            user_from=self.requester,
+        )
+
     def reject(self, reviewer, reason=None):
         if self.status != self.STATUS_PENDING:
             raise PermissionDenied(_("Can't reject closed access request"))
@@ -189,6 +224,24 @@ def reject(self, reviewer, reason=None):
         self.status = self.STATUS_REJECTED
         self.save()
 
+        other_reviewers = list(self.reviewers.all())
+        other_reviewers.remove(reviewer)
+
+        send_mail(
+            other_reviewers + [self.requester],
+            _("[TeamVault] Access request for '{}' denied").format(self.secret.name),
+            "secrets/mail_access_request_denied",
+            context={
+                'base_url': settings.BASE_URL,
+                'denied_by': reviewer.username,
+                'reason': reason,
+                'secret_name': self.secret.name,
+                'secret_url': self.secret.get_absolute_url(),
+                'username': self.requester.username,
+            },
+            user_from=reviewer,
+        )
+
     def get_absolute_url(self):
         return reverse('secrets.access_request-detail', args=[str(self.hashid)])
 

diff --git a/src/teamvault/apps/secrets/templates/secrets/mail_access_request_approved.txt b/src/teamvault/apps/secrets/templates/secrets/mail_access_request_approved.txt
@@ -0,0 +1,12 @@
+The request from
+
+    {{ username }}
+
+to access
+
+    {{ secret_name }}
+    {{ base_url }}{{ secret_url }}
+
+has been approved by
+
+    {{ approved_by }}
diff --git a/src/teamvault/apps/secrets/templates/secrets/mail_access_request_denied.txt b/src/teamvault/apps/secrets/templates/secrets/mail_access_request_denied.txt
@@ -0,0 +1,17 @@
+The request from
+
+    {{ username }}
+
+to access
+
+    {{ secret_name }}
+    {{ base_url }}{{ secret_url }}
+
+has been denied by
+
+    {{ denied_by }}
+{% if reason %}
+with reason
+
+    {{ reason }}
+{% endif %}
diff --git a/src/teamvault/apps/secrets/templates/secrets/mail_access_request_review.txt b/src/teamvault/apps/secrets/templates/secrets/mail_access_request_review.txt
@@ -0,0 +1,12 @@
+Please review this access request:
+
+    {{ username }}
+
+has requested access to
+
+    {{ secret_name }}
+    {{ base_url }}{{ secret_url }}
+
+You can approve or deny this request here:
+
+    {{ base_url }}{{ access_request_url }}
diff --git a/src/teamvault/utils.py b/src/teamvault/utils.py
@@ -0,0 +1,32 @@
+from django.core.mail import EmailMultiAlternatives
+from django.template import Context
+from django.template.loader import get_template, TemplateDoesNotExist
+from django.utils import translation
+
+
+def send_mail(users_to, subject, template,
+              user_from=None, context={}, lang="en",
+              attachments=None):
+    if attachments is None:
+        attachments = []
+    c = Context(context)
+    translation.activate(lang)
+    text_mail = get_template(template + ".txt").render(c)
+
+    msg = EmailMultiAlternatives(
+        subject,
+        text_mail,
+        user_from.email,
+        [user.email for user in users_to],
+    )
+
+    try:
+        html_mail = get_template(template + ".html").render(c)
+        msg.attach_alternative(html_mail, "text/html")
+    except TemplateDoesNotExist:
+        pass
+
+    for filename, data, content_type in attachments:
+        msg.attach(filename, data, content_type)
+
+    msg.send()