Merge pull request #822 from dod-ccpo/app-members-edit

App members edit
2019-05-17 14:08:06 -04:00
parent 241ac3611f 8bb1e5beba
commit 01a935f257
22 changed files with 363 additions and 117 deletions
--- a/tests/routes/applications/test_settings.py
+++ b/tests/routes/applications/test_settings.py
@@ -18,11 +18,11 @@ from atst.domain.environments import Environments
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.portfolios import Portfolios
 from atst.domain.exceptions import NotFoundError
-
 from atst.models.environment_role import CSPRole
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
 from atst.forms.application import EditEnvironmentForm
 from atst.forms.app_settings import AppEnvRolesForm
+from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS

 from tests.utils import captured_templates

@@ -166,7 +166,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
                    "env_id": env.id,
                    "team_roles": [
                        {
-                            "role": "no_access",
+                            "role": NO_ACCESS,
                            "members": [
                                {
                                    "user_id": str(app_role.user_id),
@@ -309,7 +309,7 @@ def test_update_team_env_roles(client, user_session):
        "envs-0-team_roles-1-members-1-user_id": env_role_2.user.id,
        "envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value,
        "envs-0-team_roles-1-members-2-user_id": env_role_3.user.id,
-        "envs-0-team_roles-1-members-2-role_name": "no_access",
+        "envs-0-team_roles-1-members-2-role_name": NO_ACCESS,
    }

    user_session(application.portfolio.owner)
--- a/tests/routes/applications/test_team.py
+++ b/tests/routes/applications/test_team.py
@@ -3,6 +3,8 @@ import uuid
 from flask import url_for

 from atst.domain.permission_sets import PermissionSets
+from atst.models import CSPRole
+from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS

 from tests.factories import *

@@ -17,7 +19,7 @@ def test_application_team(client, user_session):
    assert response.status_code == 200


-def test_update_team(client, user_session):
+def test_update_team_permissions(client, user_session):
    application = ApplicationFactory.create()
    owner = application.portfolio.owner
    app_role = ApplicationRoleFactory.create(
@@ -91,6 +93,63 @@ def test_update_team_with_non_app_user(client, user_session):
    assert response.status_code == 404


+def test_update_team_environment_roles(client, user_session):
+    application = ApplicationFactory.create()
+    owner = application.portfolio.owner
+    app_role = ApplicationRoleFactory.create(
+        application=application, permission_sets=[]
+    )
+    app_user = app_role.user
+    environment = EnvironmentFactory.create(application=application)
+    env_role = EnvironmentRoleFactory.create(
+        user=app_user, environment=environment, role=CSPRole.NETWORK_ADMIN.value
+    )
+    user_session(owner)
+    response = client.post(
+        url_for("applications.update_team", application_id=application.id),
+        data={
+            "members-0-user_id": app_user.id,
+            "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
+            "members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
+            "members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
+            "members-0-environment_roles-0-environment_id": environment.id,
+            "members-0-environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
+        },
+    )
+
+    assert response.status_code == 302
+    assert env_role.role == CSPRole.TECHNICAL_READ.value
+
+
+def test_update_team_revoke_environment_access(client, user_session, db, session):
+    application = ApplicationFactory.create()
+    owner = application.portfolio.owner
+    app_role = ApplicationRoleFactory.create(
+        application=application, permission_sets=[]
+    )
+    app_user = app_role.user
+    environment = EnvironmentFactory.create(application=application)
+    env_role = EnvironmentRoleFactory.create(
+        user=app_user, environment=environment, role=CSPRole.BASIC_ACCESS.value
+    )
+    user_session(owner)
+    response = client.post(
+        url_for("applications.update_team", application_id=application.id),
+        data={
+            "members-0-user_id": app_user.id,
+            "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
+            "members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
+            "members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
+            "members-0-environment_roles-0-environment_id": environment.id,
+            "members-0-environment_roles-0-role": NO_ACCESS,
+        },
+    )
+
+    assert response.status_code == 302
+    env_role_exists = db.exists().where(EnvironmentRole.id == env_role.id)
+    assert not session.query(env_role_exists).scalar()
+
+
 def test_create_member(client, user_session):
    user = UserFactory.create()
    application = ApplicationFactory.create(