From 2963c1f25a60a794a417d011fe3bacecfbc0d1d0 Mon Sep 17 00:00:00 2001
From: Mo Sohani <msohani@goraft.tech>
Date: Thu, 31 Oct 2024 10:32:50 -0400
Subject: [PATCH] Send email using signals

---
 .gitignore                                    |  2 ++
 tdrs-backend/tdpservice/email/email_enums.py  |  1 +
 .../email/helpers/admin_notifications.py      | 34 ++++++++++++++++++-
 tdrs-backend/tdpservice/email/tasks.py        |  8 +++++
 .../templates/system-admin-role-changed.html  | 18 ++++++++++
 tdrs-backend/tdpservice/users/apps.py         |  3 ++
 tdrs-backend/tdpservice/users/signals.py      | 23 +++++++++++++
 7 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 tdrs-backend/tdpservice/email/templates/system-admin-role-changed.html
 create mode 100644 tdrs-backend/tdpservice/users/signals.py

diff --git a/.gitignore b/.gitignore
index 6be3a5017..533b0f804 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,6 +43,7 @@ compliance/opencontrols/
 compliance/exports/
 tdrs-backend/tdpservice/static/*
 *gunicorn.log
+*.log
 
 # don't ignore requirements.txt
 !requirements.txt
@@ -110,3 +111,4 @@ cypress.env.json
 # Patches
 *.patch
 tdrs-backend/*.pg
+tdrs-backend/django.log
diff --git a/tdrs-backend/tdpservice/email/email_enums.py b/tdrs-backend/tdpservice/email/email_enums.py
index 82e15e66d..de8f46f1b 100644
--- a/tdrs-backend/tdpservice/email/email_enums.py
+++ b/tdrs-backend/tdpservice/email/email_enums.py
@@ -16,3 +16,4 @@ class EmailType(Enum):
     ACCOUNT_DEACTIVATED_ADMIN = 'account-deactivated-admin.html'
     UPCOMING_SUBMISSION_DEADLINE = 'upcoming-submission-deadline.html'
     STUCK_FILE_LIST = 'stuck-file-list.html'
+    SYSTEM_ADMIN_ROLE_CHANGED = 'system-admin-role-changed.html'
diff --git a/tdrs-backend/tdpservice/email/helpers/admin_notifications.py b/tdrs-backend/tdpservice/email/helpers/admin_notifications.py
index 594e48710..927169ff8 100644
--- a/tdrs-backend/tdpservice/email/helpers/admin_notifications.py
+++ b/tdrs-backend/tdpservice/email/helpers/admin_notifications.py
@@ -5,7 +5,7 @@ def email_admin_deactivated_user(user):
     from tdpservice.users.models import User
     from tdpservice.email.email_enums import EmailType
     from tdpservice.email.email import automated_email, log
-    from tdpservice.email.tasks import get_ofa_admin_user_emails
+    from tdpservice.email.tasks import get_ofa_admin_user_emails, get_system_owner_email
 
     recipient_emails = get_ofa_admin_user_emails()
     logger_context = {
@@ -33,3 +33,35 @@ def email_admin_deactivated_user(user):
             text_message=text_message,
             logger_context=logger_context
         )
+
+def email_system_owner_system_admin_role_change(user):
+    """Send an email to the System Owner when a user is assigned or removed from the System Admin role."""
+    from tdpservice.users.models import User
+    from tdpservice.email.email_enums import EmailType
+    from tdpservice.email.email import automated_email, log
+    from tdpservice.email.tasks import get_ofa_admin_user_emails, get_system_owner_email
+    recipient_email = get_system_owner_email()
+    logger_context = {
+        'user_id': user.id,
+        'object_id': user.id,
+        'object_repr': user.username,
+        'content_type': User,
+    }
+
+    template_path = EmailType.SYSTEM_ADMIN_ROLE_CHANGED.value
+    text_message = 'A user has been assigned or removed from the System Admin role.'
+    subject = 'TDP User Role Change: System Admin'
+    context = {
+        'user': user,
+    }
+
+    log(f"Preparing email to System Owner for System Admin role change for user {user.username}", logger_context=logger_context)
+
+    automated_email(
+        email_path=template_path,
+        recipient_email=recipient_email,
+        subject=subject,
+        email_context=context,
+        text_message=text_message,
+        logger_context=logger_context
+    )
\ No newline at end of file
diff --git a/tdrs-backend/tdpservice/email/tasks.py b/tdrs-backend/tdpservice/email/tasks.py
index 179eeed86..9c2a431ed 100644
--- a/tdrs-backend/tdpservice/email/tasks.py
+++ b/tdrs-backend/tdpservice/email/tasks.py
@@ -75,6 +75,14 @@ def get_ofa_admin_user_emails():
         groups__in=Group.objects.filter(name__in=('OFA Admin', 'OFA System Admin'))
     ).values_list('email', flat=True).distinct()
 
+def get_system_owner_email():
+    """Return the email of the System Owner."""
+    try:
+        user_email = User.objects.filter(groups__name='System Owner').values_list('email', flat=True).distinct()
+    except User.DoesNotExist:
+        user_email=[None]
+    return user_email
+
 def get_num_access_requests():
     """Return the number of users requesting access."""
     return User.objects.filter(
diff --git a/tdrs-backend/tdpservice/email/templates/system-admin-role-changed.html b/tdrs-backend/tdpservice/email/templates/system-admin-role-changed.html
new file mode 100644
index 000000000..bde8d6700
--- /dev/null
+++ b/tdrs-backend/tdpservice/email/templates/system-admin-role-changed.html
@@ -0,0 +1,18 @@
+{% extends 'base.html' %}
+{% block content %}
+<!-- Body copy -->
+<p style="color: #000000;">
+
+    <p>The following user account for the TANF Data Portal (TDP) has been deactivated.</p>
+
+    <p>Account Information:</p>
+    <ul>
+        <li>Name: {{ user.first_name }}</li>
+        <li>Last name: {{ user.last_name }}</li>
+        <li>Email: {{ user.email }}</li>
+    </ul>
+
+    <p>Thank you,</p>
+    TDP Team
+</p>
+{% endblock %}
diff --git a/tdrs-backend/tdpservice/users/apps.py b/tdrs-backend/tdpservice/users/apps.py
index 5cb2627fd..f936036bc 100644
--- a/tdrs-backend/tdpservice/users/apps.py
+++ b/tdrs-backend/tdpservice/users/apps.py
@@ -8,3 +8,6 @@ class UsersConfig(AppConfig):
 
     name = "tdpservice.users"
     verbose_name = "Users"
+
+    def ready(self):
+        import tdpservice.users.signals
diff --git a/tdrs-backend/tdpservice/users/signals.py b/tdrs-backend/tdpservice/users/signals.py
new file mode 100644
index 000000000..f0c4b5704
--- /dev/null
+++ b/tdrs-backend/tdpservice/users/signals.py
@@ -0,0 +1,23 @@
+from django.db.models.signals import m2m_changed
+from django.dispatch import receiver
+from tdpservice.users.models import User
+from django.contrib.auth.models import Group
+from tdpservice.email.helpers.admin_notifications import email_system_owner_system_admin_role_change
+
+import logging
+logger = logging.getLogger()
+
+@receiver(m2m_changed, sender=User.groups.through)
+def user_group_changed(sender, instance, action, pk_set, **kwargs):
+    ADMIN_GROUP_PK = Group.objects.get(name="OFA System Admin").pk
+    ACTIONS = {
+        'PRE_REMOVE' : 'pre_remove',
+        'PRE_ADD' : 'pre_add',
+    }
+    group_change_list = [pk for pk in pk_set]
+    if ADMIN_GROUP_PK in group_change_list and action == ACTIONS['PRE_ADD']:
+        # EMAIL ADMIN GROUP ADDED to OFA ADMIN
+        email_system_owner_system_admin_role_change(instance)
+    elif ADMIN_GROUP_PK in group_change_list and action == ACTIONS['PRE_REMOVE']:
+        # EMAIL ADMIN GROUP REMOVED from OFA ADMIN
+        email_system_owner_system_admin_role_change(instance)