Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@SamDudley
SamDudley committed Mar 26, 2024
1 parent bf2ae68 commit f5e0e06
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 65 deletions.
12 changes: 6 additions & 6 deletions .env.example
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
DJANGO_SETTINGS_MODULE="config.settings.local"
SECRET_KEY="A_RANDOM_SECRET_KEY"
DJANGO_SETTINGS_MODULE=config.settings.local
SECRET_KEY=super-secret-key
ALLOWED_HOSTS="*"
DEBUG="True"
DEBUG=True
DISABLE_COLLECTSTATIC="0"

# Authbroker
AUTHBROKER_CLIENT_ID="get-from-vault"
AUTHBROKER_CLIENT_SECRET="get-from-vault"
AUTHBROKER_URL="get-from-vault"
AUTHBROKER_CLIENT_ID=copy-from-dev-environment
AUTHBROKER_CLIENT_SECRET=copy-from-dev-environment
AUTHBROKER_URL=copy-from-dev-environment

# ClamAV
CLAM_AV_DOMAIN=
Expand Down
98 changes: 39 additions & 59 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,73 +2,74 @@

## Requirements

- [Docker](https://www.docker.com/) - To get the project running locally.
- Access to Vault. (dit/finance/)
- SSO Access to Finance Admin Tool[non prod].
- [docker](https://docs.docker.com/engine/install/)
- [poetry](https://python-poetry.org/docs/#installation)

## Initial Setup
## Local setup

First you will need to make a copy of the `.env.example` file and rename it to `.env`. This file contains most of the environment variables that the project needs to run.
First you will need to make a copy of the `.env.example` file and rename it to `.env`.
This file contains most of the environment variables that the project needs to run.

```bash
cp .env.example .env
```

To get `AUTHBROKER_CLIENT_ID`, `AUTHBROKER_CLIENT_SECRET` and `AUTHBROKER_URL` variables, you need to have access to `dit/finance/` directory in Vault. You can get access to this directory by asking SRE to add you to the finance team on GitHub.
Fill out the required variables in your `.env` file.

Make sure your SSO profile has access rights for FFT on [dev](https://fft.trade.dev.uktrade.digital) environment. If not, please contact SRE for access to Finance Admin Tool[non prod].
> [!TIP]
> For the `AUTHBROKER_CLIENT_ID`, `AUTHBROKER_CLIENT_SECRET` and `AUTHBROKER_URL`
> variables, ask a member of the team to assist you in getting the values from the dev
> environment.
In your terminal run `make setup` command from the project’s root directory.
In a terminal run the `make setup` command from the project’s root directory.

```bash
make setup
```

This command will run the initial migrations, create stub data and a test user.
> [!NOTE]
> This command will run the initial migrations, create stub data and test users.
In another terminal run `npm run dev` to load the node packages for the frontend.
Open a second terminal and run `npm run dev` to load the node packages for the frontend.

```bash
npm run dev
```

### Local Development
You should now be able to access the application at http://localhost:8000/.

If you can connect to the dev environment but still have issues such as; `403 - Forbidden Error` on your local, there are few steps you can follow to resolve this:

- Using dev tools on your browser, go to Application tab and clear data for Local Storage, Session Storage and Cookies.

- If the problem persists you may need to temporarily pause your VPN while you work on FFT on your local.
If you want full admin access, you can elevate your by running:

You can access the webserver on port `8000`:
```bash
make elevate
```

- [http://localhost:8000/](http://localhost:8000/)
> [!TIP]
> Don't forget to refresh the page.
### Access to Admin Tool
## Local Development

You need to run `make elevate` command to elevate your user permissions in order to access the admin tool.
If you can connect to the dev environment but still have issues such as; `403 - Forbidden Error` on your local, there are few steps you can follow to resolve this:

```bash
make elevate
```
- Using dev tools on your browser, go to Application tab and clear data for Local Storage, Session Storage and Cookies.

After running this command refresh the FFT page and you will have the admin privileges.
- If the problem persists you may need to temporarily pause your VPN while you work on FFT on your local.

### Running docker-compose run with port access
## Running docker-compose run with port access

```
docker-compose run --service-ports
```

### Important notes on design
## Important notes on design

We use Django Guardian for model instance level permissions https://github.com/django-guardian/django-guardian

Django Guardian **should not be used directly**. There is a set of wrapper functions in _forecast.permission_shortcuts_

These add an additional permission check for the user being able to view forecasts at all.

### Creating data/non-auto migrations
## Creating data/non-auto migrations

When adding data or non-auto generated migrations, please use the convention:

Expand All @@ -82,51 +83,31 @@ for example:
0004_data_20200501_1345
```

### Running manage.py on an app droplet

```
/home/vcap/deps/1/bin/python3.6 ~/app/manage.py
```

### Running BDD tests

## Run BDD front end from host machine

```
```bash
npm run bdd
``
## SSH into web container
```

docker-compose exec web bash
## SSH into web container

```bash
docker compose exec web bash
```

## Run BDD tests

```

```bash
python manage.py behave --settings=config.settings.bdd

```

### Notes
## Notes

In order to get the node docker container working, this guide was followed: https://jdlm.info/articles/2019/09/06/lessons-building-node-app-docker.html

### Product URLs
#### Dev URL
https://fft.trade.dev.uktrade.digital/core/
#### Production URL
https://fft.trade.gov.uk/core/
### Managing user permissions
## Managing user permissions

4 management commands have been added to make dealing with user cost centre easier:

Expand All @@ -137,24 +118,23 @@ https://fft.trade.gov.uk/core/

The names of the management commands denote their function.

### Permissions within the system
## Permissions within the system

#### Any logged in SSO user
### Any logged in SSO user

- Access Chart of Account Gifts and Hospitality Register

#### Specific permissions
### Specific permissions

- Upload budget and Oracle actuals file
- Download Oscar report file
- View forecast (permission to view all forecast data)
- Edit 1 - n cost centres (specific user can edit cost centre data)

#### Migrating to new user model (to be removed once complete)
### Migrating to new user model (to be removed once complete)

- Take the system off line
- Add username field to HistoricalUser table (max length 150, allow null)
- Amend the custom_usermodel table to be the same as the new User app one
- Add the user app initial migration to the list of django migrations that have been run
- Deploy new codebase
```

0 comments on commit f5e0e06

Please sign in to comment.