Merge branch 'main' into update-slack-emojis

Author: nathanmyee

src/dispatch/auth/permissions.py

@@ -1,5 +1,6 @@
 import logging
 from abc import ABC, abstractmethod
+import json
 
 from fastapi import HTTPException
 from starlette.requests import Request
@@ -16,6 +17,7 @@
 from dispatch.organization import service as organization_service
 from dispatch.organization.models import OrganizationRead
 from dispatch.participant_role.enums import ParticipantRoleType
+from dispatch.task import service as task_service
 
 log = logging.getLogger(__name__)
 
@@ -335,6 +337,51 @@ def has_required_permissions(
         )
 
 
+class IncidentTaskCreateEditPermission(BasePermission):
+    """
+    Permissions dependency to apply incident edit permissions to task-based requests.
+    """
+
+    def has_required_permissions(self, request: Request) -> bool:
+        incident_id = None
+        # for task creation, retrieve the incident id from the payload
+        if request.method == "POST" and hasattr(request, "_body"):
+            try:
+                body = json.loads(request._body.decode())
+                incident_id = body["incident"]["id"]
+            except (json.JSONDecodeError, KeyError, AttributeError):
+                log.error(
+                    "Encountered create_task request without expected incident ID. Cannot properly ascertain incident permissions."
+                )
+                return False
+        else:  # otherwise, retrieve via the task id
+            pk = PrimaryKeyModel(id=request.path_params["task_id"])
+            current_task = task_service.get(db_session=request.state.db, task_id=pk.id)
+            if not current_task or not current_task.incident:
+                return False
+            incident_id = current_task.incident.id
+
+        # minimal object with the attributes required for IncidentViewPermission
+        incident_request = type(
+            "IncidentRequest",
+            (),
+            {
+                "path_params": {**request.path_params, "incident_id": incident_id},
+                "state": request.state,
+            },
+        )()
+
+        # copy necessary request attributes
+        for attr in ["headers", "method", "url", "query_params"]:
+            if hasattr(request, attr):
+                setattr(incident_request, attr, getattr(request, attr))
+
+        return any_permission(
+            permissions=[IncidentEditPermission],
+            request=incident_request,
+        )
+
+
 class IncidentReporterPermission(BasePermission):
     def has_required_permissions(
         self,

src/dispatch/case/flows.py

@@ -184,19 +184,19 @@ def case_remove_participant_flow(
     )
 
     # we also try to remove the user from the Slack conversation
-    try:
-        slack_conversation_plugin = plugin_service.get_active_instance(
-            db_session=db_session, project_id=case.project.id, plugin_type="conversation"
-        )
+    slack_conversation_plugin = plugin_service.get_active_instance(
+        db_session=db_session, project_id=case.project.id, plugin_type="conversation"
+    )
 
-        if not slack_conversation_plugin:
-            log.warning(f"{user_email} not updated. No conversation plugin enabled.")
-            return
+    if not slack_conversation_plugin:
+        log.warning(f"{user_email} not updated. No conversation plugin enabled.")
+        return
 
-        if not case.conversation:
-            log.warning("No conversation enabled for this case.")
-            return
+    if not case.conversation:
+        log.warning("No conversation enabled for this case.")
+        return
 
+    try:
         slack_conversation_plugin.instance.remove_user(
             conversation_id=case.conversation.channel_id,
             user_email=user_email

src/dispatch/incident/flows.py

@@ -1178,19 +1178,19 @@ def incident_remove_participant_flow(
     )
 
     # we also try to remove the user from the Slack conversation
-    try:
-        slack_conversation_plugin = plugin_service.get_active_instance(
-            db_session=db_session, project_id=incident.project.id, plugin_type="conversation"
-        )
+    slack_conversation_plugin = plugin_service.get_active_instance(
+        db_session=db_session, project_id=incident.project.id, plugin_type="conversation"
+    )
 
-        if not slack_conversation_plugin:
-            log.warning(f"{user_email} not updated. No conversation plugin enabled.")
-            return
+    if not slack_conversation_plugin:
+        log.warning(f"{user_email} not updated. No conversation plugin enabled.")
+        return
 
-        if not incident.conversation:
-            log.warning("No conversation enabled for this incident.")
-            return
+    if not incident.conversation:
+        log.warning("No conversation enabled for this incident.")
+        return
 
+    try:
         slack_conversation_plugin.instance.remove_user(
             conversation_id=incident.conversation.channel_id,
             user_email=user_email

src/dispatch/plugins/dispatch_slack/case/interactive.py

@@ -469,7 +469,23 @@ def engage(
         return
 
     engagement = form_data[DefaultBlockIds.description_input]
-    user = client.users_lookupByEmail(email=user_email)
+
+    try:
+        user = client.users_lookupByEmail(email=user_email)
+    except SlackApiError as e:
+        if e.response.get("error") == SlackAPIErrorCode.USERS_NOT_FOUND:
+            log.warning(
+                f"Failed to find Slack user for email {user_email}. "
+                "User may have been deactivated or never had Slack access."
+            )
+            client.chat_postMessage(
+                text=f"Unable to engage user {user_email} - user not found in Slack workspace.",
+                channel=case.conversation.channel_id,
+                thread_ts=case.conversation.thread_id if case.has_thread else None,
+            )
+            return
+        else:
+            raise
 
     result = client.chat_postMessage(
         text="Engaging user...",
@@ -1983,9 +1999,19 @@ def edit_button_click(
     ack()
     case = case_service.get(db_session=db_session, case_id=int(context["subject"].id))
 
-    assignee_initial_user = client.users_lookupByEmail(email=case.assignee.individual.email)[
-        "user"
-    ]["id"]
+    try:
+        assignee_initial_user = client.users_lookupByEmail(email=case.assignee.individual.email)[
+            "user"
+        ]["id"]
+    except SlackApiError as e:
+        if e.response.get("error") == SlackAPIErrorCode.USERS_NOT_FOUND:
+            log.warning(
+                f"Assignee {case.assignee.individual.email} not found in Slack workspace. "
+                "Using None for initial assignee selection."
+            )
+            assignee_initial_user = None
+        else:
+            raise
 
     blocks = [
         title_input(initial_value=case.title),

src/dispatch/plugins/dispatch_slack/plugin.py

@@ -390,13 +390,48 @@ def set_description(self, conversation_id: str, description: str):
         return set_conversation_description(client, conversation_id, description)
 
     def remove_user(self, conversation_id: str, user_email: str):
-        """Removes a user from a conversation."""
+        """Removes a user from a conversation.
+
+        Args:
+            conversation_id: The Slack conversation/channel ID
+            user_email: The email address of the user to remove
+
+        Returns:
+            The API response if successful, None if user not found
+
+        Raises:
+            SlackApiError: For non-recoverable Slack API errors
+        """
         client = create_slack_client(self.configuration)
-        user_id = resolve_user(client, user_email).get("id")
-        if user_id:
-            return remove_member_from_channel(
-                client=client, conversation_id=conversation_id, user_id=user_id
-            )
+
+        try:
+            user_info = resolve_user(client, user_email)
+            user_id = user_info.get("id")
+
+            if user_id:
+                return remove_member_from_channel(
+                    client=client, conversation_id=conversation_id, user_id=user_id
+                )
+            else:
+                logger.warning(
+                    "Cannot remove user %s from conversation %s: "
+                    "User ID not found in resolve_user response",
+                    user_email, conversation_id
+                )
+                return None
+
+        except SlackApiError as e:
+            if e.response.get("error") == SlackAPIErrorCode.USERS_NOT_FOUND:
+                logger.warning(
+                    "User %s not found in Slack workspace. "
+                    "Cannot remove from conversation %s. "
+                    "User may have been deactivated or never had Slack access.",
+                    user_email, conversation_id
+                )
+                return None
+            else:
+                # Re-raise for other Slack API errors
+                raise
 
     def add_bookmark(self, conversation_id: str, weblink: str, title: str):
         """Adds a bookmark to the conversation."""

src/dispatch/task/views.py

@@ -1,8 +1,9 @@
 import json
-from fastapi import APIRouter, HTTPException, Query, status
+from fastapi import APIRouter, HTTPException, Query, status, Depends
 
 
 from dispatch.auth.service import CurrentUser
+from dispatch.auth.permissions import PermissionsDependency, IncidentTaskCreateEditPermission
 from dispatch.common.utils.views import create_pydantic_include
 from dispatch.database.core import DbSession
 from dispatch.database.service import CommonParameters, search_filter_sort_paginate
@@ -43,7 +44,12 @@ def get_tasks(common: CommonParameters, include: list[str] = Query([], alias="in
     return json.loads(TaskPagination(**pagination).json())
 
 
-@router.post("", response_model=TaskRead, tags=["tasks"])
+@router.post(
+    "",
+    response_model=TaskRead,
+    tags=["tasks"],
+    dependencies=[Depends(PermissionsDependency([IncidentTaskCreateEditPermission]))],
+)
 def create_task(
     db_session: DbSession,
     task_in: TaskCreate,
@@ -64,11 +70,12 @@ def create_task(
     return task
 
 
-@router.post("/ticket/{task_id}", tags=["tasks"])
-def create_ticket(
-    db_session: DbSession,
-    task_id: PrimaryKey,
-):
+@router.post(
+    "/ticket/{task_id}",
+    tags=["tasks"],
+    dependencies=[Depends(PermissionsDependency([IncidentTaskCreateEditPermission]))],
+)
+def create_ticket(db_session: DbSession, task_id: PrimaryKey, current_user: CurrentUser):
     """Creates a ticket for an existing task."""
     task = get(db_session=db_session, task_id=task_id)
     if not task:
@@ -79,8 +86,15 @@ def create_ticket(
     return create_task_ticket(task=task, db_session=db_session)
 
 
-@router.put("/{task_id}", response_model=TaskRead, tags=["tasks"])
-def update_task(db_session: DbSession, task_id: PrimaryKey, task_in: TaskUpdate):
+@router.put(
+    "/{task_id}",
+    response_model=TaskRead,
+    tags=["tasks"],
+    dependencies=[Depends(PermissionsDependency([IncidentTaskCreateEditPermission]))],
+)
+def update_task(
+    db_session: DbSession, task_id: PrimaryKey, task_in: TaskUpdate, current_user: CurrentUser
+):
     """Updates an existing task."""
     task = get(db_session=db_session, task_id=task_id)
     if not task:
@@ -104,8 +118,13 @@ def update_task(db_session: DbSession, task_id: PrimaryKey, task_in: TaskUpdate)
     return task
 
 
-@router.delete("/{task_id}", response_model=None, tags=["tasks"])
-def delete_task(db_session: DbSession, task_id: PrimaryKey):
+@router.delete(
+    "/{task_id}",
+    response_model=None,
+    tags=["tasks"],
+    dependencies=[Depends(PermissionsDependency([IncidentTaskCreateEditPermission]))],
+)
+def delete_task(db_session: DbSession, task_id: PrimaryKey, current_user: CurrentUser):
     """Deletes an existing task."""
     task = get(db_session=db_session, task_id=task_id)
     if not task: