pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1008 from dod-ccpo/add-ccpo-user

Browse Source 
Add CCPO user
This commit is contained in:
leigh-mil
2019-08-09 14:15:40 -04:00
committed by GitHub
parent 93c39fd7e7 14327e9a8b
commit 0777bd3369
17 changed files with 315 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
atst/app.py
View File

@@ -18,6 +18,7 @@ from atst.routes.applications import applications_bp
from atst.routes.dev import bp as dev_routes from atst.routes.dev import bp as dev_routes
from atst.routes.users import bp as user_routes from atst.routes.users import bp as user_routes
from atst.routes.errors import make_error_pages from atst.routes.errors import make_error_pages
from atst.routes.ccpo import bp as ccpo_routes
from atst.domain.authnid.crl import CRLCache, NoOpCRLCache from atst.domain.authnid.crl import CRLCache, NoOpCRLCache
from atst.domain.auth import apply_authentication from atst.domain.auth import apply_authentication
from atst.domain.authz import Authorization from atst.domain.authz import Authorization
@@ -78,6 +79,7 @@ def make_app(config):
app.register_blueprint(task_orders_bp) app.register_blueprint(task_orders_bp)
app.register_blueprint(applications_bp) app.register_blueprint(applications_bp)
app.register_blueprint(user_routes) app.register_blueprint(user_routes)
app.register_blueprint(ccpo_routes)
if ENV != "prod": if ENV != "prod":
app.register_blueprint(dev_routes) app.register_blueprint(dev_routes)

1
atst/domain/permission_sets.py
View File

@@ -64,6 +64,7 @@ ATAT_PERMISSION_SETS = [
"description": "", "description": "",
"permissions": [ "permissions": [
Permissions.VIEW_CCPO_USER, Permissions.VIEW_CCPO_USER,
Permissions.CREATE_CCPO_USER,
Permissions.EDIT_CCPO_USER, Permissions.EDIT_CCPO_USER,
Permissions.DELETE_CCPO_USER, Permissions.DELETE_CCPO_USER,
], ],

14
atst/domain/users.py
View File

@@ -87,6 +87,20 @@ class Users(object):
return user return user
@classmethod
def give_ccpo_perms(cls, user):
user.permission_sets = PermissionSets.get_all()
db.session.add(user)
db.session.commit()
return user
@classmethod
def revoke_ccpo_perms(cls, user):
user.permission_sets = []
db.session.add(user)
db.session.commit()
return user
@classmethod @classmethod
def update_last_login(cls, user): def update_last_login(cls, user):
user.last_login = datetime.now() user.last_login = datetime.now()

13
atst/forms/ccpo_user.py Normal file
View File

@@ -0,0 +1,13 @@
from flask_wtf import FlaskForm
from wtforms.validators import Required, Length
from wtforms.fields import StringField
from atst.forms.validators import IsNumber
from atst.utils.localization import translate
class CCPOUserForm(FlaskForm):
dod_id = StringField(
translate("forms.new_member.dod_id_label"),
validators=[Required(), Length(min=10, max=10), IsNumber()],
)

1
atst/models/permissions.py
View File

@@ -2,6 +2,7 @@ class Permissions(object):
# ccpo permissions # ccpo permissions
VIEW_AUDIT_LOG = "view_audit_log" VIEW_AUDIT_LOG = "view_audit_log"
VIEW_CCPO_USER = "view_ccpo_user" VIEW_CCPO_USER = "view_ccpo_user"
CREATE_CCPO_USER = "create_ccpo_user"
EDIT_CCPO_USER = "edit_ccpo_user" EDIT_CCPO_USER = "edit_ccpo_user"
DELETE_CCPO_USER = "delete_ccpo_user" DELETE_CCPO_USER = "delete_ccpo_user"

20
atst/routes/__init__.py
View File

@@ -18,12 +18,7 @@ from werkzeug.exceptions import NotFound
from atst.domain.users import Users from atst.domain.users import Users
from atst.domain.authnid import AuthenticationContext from atst.domain.authnid import AuthenticationContext
from atst.domain.audit_log import AuditLog
from atst.domain.auth import logout as _logout from atst.domain.auth import logout as _logout
from atst.domain.common import Paginator
from atst.domain.portfolios import Portfolios
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
from atst.utils.flash import formatted_flash as flash from atst.utils.flash import formatted_flash as flash
@@ -124,21 +119,6 @@ def logout():
return response return response
@bp.route("/activity-history")
@user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log")
def activity_history():
pagination_opts = Paginator.get_pagination_opts(request)
audit_events = AuditLog.get_all_events(pagination_opts)
return render_template("audit_log/audit_log.html", audit_events=audit_events)
@bp.route("/ccpo-users")
@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
def ccpo_users():
users = Users.get_ccpo_users()
return render_template("ccpo/users.html", users=users)
@bp.route("/about") @bp.route("/about")
def about(): def about():
return render_template("about.html") return render_template("about.html")

58
atst/routes/ccpo.py Normal file
View File

@@ -0,0 +1,58 @@
from flask import Blueprint, render_template, redirect, url_for, request
from atst.domain.users import Users
from atst.domain.audit_log import AuditLog
from atst.domain.common import Paginator
from atst.domain.exceptions import NotFoundError
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.forms.ccpo_user import CCPOUserForm
from atst.models.permissions import Permissions
from atst.utils.context_processors import atat as atat_context_processor
from atst.utils.flash import formatted_flash as flash
bp = Blueprint("ccpo", __name__)
bp.context_processor(atat_context_processor)
@bp.route("/activity-history")
@user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log")
def activity_history():
pagination_opts = Paginator.get_pagination_opts(request)
audit_events = AuditLog.get_all_events(pagination_opts)
return render_template("audit_log/audit_log.html", audit_events=audit_events)
@bp.route("/ccpo-users")
@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
def users():
users = Users.get_ccpo_users()
return render_template("ccpo/users.html", users=users)
@bp.route("/ccpo-users/new")
@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user")
def add_new_user():
form = CCPOUserForm()
return render_template("ccpo/add_user.html", form=form)
@bp.route("/ccpo-users/new", methods=["POST"])
@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user")
def submit_new_user():
try:
new_user = Users.get_by_dod_id(request.form["dod_id"])
form = CCPOUserForm(obj=new_user)
except NotFoundError:
flash("ccpo_user_not_found")
return redirect(url_for("ccpo.users"))
return render_template("ccpo/confirm_user.html", new_user=new_user, form=form)
@bp.route("/ccpo-users/confirm-new", methods=["POST"])
@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user")
def confirm_new_user():
user = Users.get_by_dod_id(request.form["dod_id"])
Users.give_ccpo_perms(user)
flash("ccpo_user_added", user_name=user.full_name)
return redirect(url_for("ccpo.users"))

4
atst/utils/context_processors.py
View File

@@ -119,3 +119,7 @@ def portfolio():
"funding_end_date": funding_end_date, "funding_end_date": funding_end_date,
"funded": funded, "funded": funded,
} }
def atat():
return {"permissions": Permissions, "user_can": user_can_view}

10
atst/utils/flash.py
View File

@@ -30,6 +30,16 @@ MESSAGES = {
"message_template": "You have successfully deleted {{ user_name }} from {{ application_name }}", "message_template": "You have successfully deleted {{ user_name }} from {{ application_name }}",
"category": "success", "category": "success",
}, },
"ccpo_user_added": {
"title_template": translate("flash.success"),
"message_template": "You have successfully given {{ user_name }} CCPO permissions.",
"category": "success",
},
"ccpo_user_not_found": {
"title_template": translate("ccpo.form.user_not_found_title"),
"message_template": translate("ccpo.form.user_not_found_text"),
"category": "info",
},
"environment_added": { "environment_added": {
"title_template": translate("flash.success"), "title_template": translate("flash.success"),
"message_template": """ "message_template": """

2
templates/audit_log/audit_log.html
View File

@@ -4,6 +4,6 @@
{% block content %} {% block content %}
<div v-cloak> <div v-cloak>
{% include "fragments/audit_events_log.html" %} {% include "fragments/audit_events_log.html" %}
{{ Pagination(audit_events, url_for('atst.activity_history'))}} {{ Pagination(audit_events, url_for('ccpo.activity_history'))}}
</div> </div>
{% endblock %} {% endblock %}

25
templates/ccpo/add_user.html Normal file
View File

@@ -0,0 +1,25 @@
{% extends "base.html" %}
{% from "components/text_input.html" import TextInput %}
{% block content %}
<form id="add-ccpo-user-form" action="{{ url_for('ccpo.submit_new_user') }}" method="POST">
{{ form.csrf_token }}
<h1>{{ "ccpo.form.add_user_title" | translate }}</h1>
<div class='form-row'>
<div class='form-col form-col--two-thirds'>
{{ TextInput(form.dod_id, validation='dodId') }}
</div>
<div class="form-col form-col--third">
<div class='action-group'>
<input
type='submit'
v-bind:disabled="invalid"
class='action-group__action usa-button'
value='{{ "common.next" | translate }}'>
<a class='action-group__action icon-link icon-link--default' href="{{ url_for('ccpo.users') }}">{{ "common.cancel" | translate }}</a>
</div>
</div>
</div>
</form>
{% endblock %}

34
templates/ccpo/confirm_user.html Normal file
View File

@@ -0,0 +1,34 @@
{% extends "base.html" %}
{% from "components/text_input.html" import TextInput %}
{% block content %}
{% if new_user %}
<h3>{{ 'ccpo.form.confirm_user_title' | translate }}</h3>
<form id="add-ccpo-user-form" action="{{ url_for('ccpo.confirm_new_user') }}" method="POST">
{{ form.csrf_token }}
<input type="hidden" name="dod_id" value="{{ form.dod_id.data }}">
<div>
<p>
{{ "ccpo.form.confirm_user_text" | translate }}
</p>
<p>
{{ new_user.full_name }}
</p>
<p>
{{ new_user.email }}
</p>
</div>
<div class='action-group'>
<input
type='submit'
v-bind:disabled="invalid"
class='action-group__action usa-button'
value='{{ "ccpo.form.confirm_button" | translate }}'>
<a class='action-group__action icon-link icon-link--default' href="{{ url_for('ccpo.users') }}">
{{ "common.cancel" | translate }}
</a>
</div>
</form>
{% endif %}
{% endblock %}

54
templates/ccpo/users.html
View File

@@ -1,27 +1,39 @@
{% extends "base.html" %} {% extends "base.html" %}
{% from "components/icon.html" import Icon %}
{% block content %} {% block content %}
<div class='col'> <div class='col'>
<div class="h2"> <div class="h2">
CCPO Users {{ "ccpo.users_title" | translate }}
</div> </div>
<table>
<thead> {% include "fragments/flash.html" %}
<tr>
<th>Name</th> <table>
<th>Email</th> <thead>
<th>DoD ID</th>
</tr>
</thead>
<tbody>
{% for user in users %}
<tr> <tr>
<td>{{ user.full_name }}</td> <th>{{ "common.name" | translate }}</th>
<td>{{ user.email }}</td> <th>{{ "common.email" | translate }}</th>
<td>{{ user.dod_id }}</td> <th>{{ "common.dod_id" | translate }}</th>
</tr> </tr>
{% endfor %} </thead>
</tbody> <tbody>
</table> {% for user in users %}
</div> <tr>
<td>{{ user.full_name }}</td>
<td>{{ user.email }}</td>
<td>{{ user.dod_id }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% if user_can(permissions.CREATE_CCPO_USER) %}
<a class="icon-link" href="{{ url_for('ccpo.add_new_user')}}">
{{ "ccpo.add_user" | translate }} {{ Icon("plus") }}
</a>
{% endif %}
{% endblock %} {% endblock %}

14
tests/domain/test_users.py
View File

@@ -85,3 +85,17 @@ def test_get_ccpo_users():
assert ccpo_1 in ccpo_users assert ccpo_1 in ccpo_users
assert ccpo_2 in ccpo_users assert ccpo_2 in ccpo_users
assert rando not in ccpo_users assert rando not in ccpo_users
def test_give_ccpo_perms():
rando = UserFactory.create()
Users.give_ccpo_perms(rando)
ccpo_users = Users.get_ccpo_users()
assert rando in ccpo_users
def test_revoke_ccpo_perms():
ccpo = UserFactory.create_ccpo()
Users.revoke_ccpo_perms(ccpo)
ccpo_users = Users.get_ccpo_users()
assert ccpo not in ccpo_users

54
tests/routes/test_ccpo.py Normal file
View File

@@ -0,0 +1,54 @@
from flask import url_for
from atst.utils.localization import translate
from tests.factories import UserFactory
def test_ccpo_users(user_session, client):
ccpo = UserFactory.create_ccpo()
user_session(ccpo)
response = client.get(url_for("ccpo.users"))
assert ccpo.email in response.data.decode()
def test_submit_new_user(user_session, client):
ccpo = UserFactory.create_ccpo()
new_user = UserFactory.create()
random_dod_id = "1234567890"
user_session(ccpo)
# give new_user CCPO permissions
response = client.post(
url_for("ccpo.submit_new_user"), data={"dod_id": new_user.dod_id}
)
assert new_user.email in response.data.decode()
# give person without ATAT account CCPO permissions
response = client.post(
url_for("ccpo.submit_new_user"), data={"dod_id": random_dod_id}
)
assert url_for("ccpo.users") in response.location
def test_confirm_new_user(user_session, client):
ccpo = UserFactory.create_ccpo()
new_user = UserFactory.create()
random_dod_id = "1234567890"
user_session(ccpo)
# give new_user CCPO permissions
response = client.post(
url_for("ccpo.confirm_new_user"),
data={"dod_id": new_user.dod_id},
follow_redirects=True,
)
assert new_user.dod_id in response.data.decode()
# give person with out ATAT account CCPO permissions
response = client.post(
url_for("ccpo.confirm_new_user"),
data={"dod_id": random_dod_id},
follow_redirects=True,
)
assert random_dod_id not in response.data.decode()

41
tests/test_access.py
View File

@@ -110,26 +110,57 @@ def post_url_assert_status(client, user_session):
return _get_url_assert_status return _get_url_assert_status
# atst.activity_history # ccpo.activity_history
def test_atst_activity_history_access(get_url_assert_status): def test_atst_activity_history_access(get_url_assert_status):
ccpo = user_with(PermissionSets.VIEW_AUDIT_LOG) ccpo = user_with(PermissionSets.VIEW_AUDIT_LOG)
rando = user_with() rando = user_with()
url = url_for("atst.activity_history") url = url_for("ccpo.activity_history")
get_url_assert_status(ccpo, url, 200) get_url_assert_status(ccpo, url, 200)
get_url_assert_status(rando, url, 404) get_url_assert_status(rando, url, 404)
# atst.ccpo_users # ccpo.users
def test_atst_ccpo_users_access(get_url_assert_status): def test_ccpo_users_access(get_url_assert_status):
ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS) ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
rando = user_with() rando = user_with()
url = url_for("atst.ccpo_users") url = url_for("ccpo.users")
get_url_assert_status(ccpo, url, 200) get_url_assert_status(ccpo, url, 200)
get_url_assert_status(rando, url, 404) get_url_assert_status(rando, url, 404)
# ccpo.add_new_user
def test_ccpo_add_new_user_access(get_url_assert_status):
ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
rando = user_with()
url = url_for("ccpo.add_new_user")
get_url_assert_status(ccpo, url, 200)
get_url_assert_status(rando, url, 404)
# ccpo.submit_new_user
def test_ccpo_submit_new_user_access(post_url_assert_status):
ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
rando = user_with()
url = url_for("ccpo.submit_new_user")
post_url_assert_status(ccpo, url, 302, data={"dod_id": "1234567890"})
post_url_assert_status(rando, url, 404, data={"dod_id": "1234567890"})
# ccpo.confirm_new_user
def test_ccpo_confirm_new_user_access(post_url_assert_status):
ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
rando = user_with()
user = UserFactory.create()
url = url_for("ccpo.confirm_new_user")
post_url_assert_status(ccpo, url, 302, data={"dod_id": user.dod_id})
post_url_assert_status(rando, url, 404, data={"dod_id": user.dod_id})
# applications.access_environment # applications.access_environment
def test_applications_access_environment_access(get_url_assert_status): def test_applications_access_environment_access(get_url_assert_status):
dev = UserFactory.create() dev = UserFactory.create()

16
translations.yaml
View File

@@ -26,6 +26,17 @@ home:
applications_descrip: ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod applications_descrip: ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
reports_descrip: enim ad minim veniam, quis nostrud exercitation ullamco reports_descrip: enim ad minim veniam, quis nostrud exercitation ullamco
admin_descrip: aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat admin_descrip: aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat
ccpo:
users_title: CCPO Users
add_user: Add new CCPO user
form:
add_user_title: Add new CCPO user
confirm_user_title: Confirm new CCPO user
confirm_user_text: Please confirm that the user details below match the user being given CCPO permissions.
confirm_button: Confirm and Add User
return_link: Return to list of CCPO users
user_not_found_title: User not found
user_not_found_text: To add someone as a CCPO user, they must already have an ATAT account.
common: common:
cancel: Cancel cancel: Cancel
close: Close close: Close
@@ -34,8 +45,12 @@ common:
delete: Delete delete: Delete
deactivate: Deactivate deactivate: Deactivate
delete_confirm: 'Please type the word {word} to confirm:' delete_confirm: 'Please type the word {word} to confirm:'
dod_id: DoD ID
edit: Edit edit: Edit
email: Email
members: Members members: Members
name: Name
next: Next
'yes': 'Yes' 'yes': 'Yes'
'no': 'No' 'no': 'No'
response_label: Response required response_label: Response required
@@ -45,7 +60,6 @@ common:
resource_names: resource_names:
environments: Environments environments: Environments
choose_role: Choose a role choose_role: Choose a role
name: Name
components: components:
date_selector: date_selector:
day: Day day: Day