Merge pull request #1008 from dod-ccpo/add-ccpo-user

Add CCPO user

atst/app.py

@@ -18,6 +18,7 @@ from atst.routes.applications import applications_bp
 from atst.routes.dev import bp as dev_routes
 from atst.routes.users import bp as user_routes
 from atst.routes.errors import make_error_pages
+from atst.routes.ccpo import bp as ccpo_routes
 from atst.domain.authnid.crl import CRLCache, NoOpCRLCache
 from atst.domain.auth import apply_authentication
 from atst.domain.authz import Authorization
@@ -78,6 +79,7 @@ def make_app(config):
     app.register_blueprint(task_orders_bp)
     app.register_blueprint(applications_bp)
     app.register_blueprint(user_routes)
+    app.register_blueprint(ccpo_routes)
 
     if ENV != "prod":
         app.register_blueprint(dev_routes)

atst/domain/permission_sets.py

@@ -64,6 +64,7 @@ ATAT_PERMISSION_SETS = [
         "description": "",
         "permissions": [
             Permissions.VIEW_CCPO_USER,
+            Permissions.CREATE_CCPO_USER,
             Permissions.EDIT_CCPO_USER,
             Permissions.DELETE_CCPO_USER,
         ],

atst/domain/users.py

@@ -87,6 +87,20 @@ class Users(object):
 
         return user
 
+    @classmethod
+    def give_ccpo_perms(cls, user):
+        user.permission_sets = PermissionSets.get_all()
+        db.session.add(user)
+        db.session.commit()
+        return user
+
+    @classmethod
+    def revoke_ccpo_perms(cls, user):
+        user.permission_sets = []
+        db.session.add(user)
+        db.session.commit()
+        return user
+
     @classmethod
     def update_last_login(cls, user):
         user.last_login = datetime.now()

atst/forms/ccpo_user.py

@@ -0,0 +1,13 @@
+from flask_wtf import FlaskForm
+from wtforms.validators import Required, Length
+from wtforms.fields import StringField
+
+from atst.forms.validators import IsNumber
+from atst.utils.localization import translate
+
+
+class CCPOUserForm(FlaskForm):
+    dod_id = StringField(
+        translate("forms.new_member.dod_id_label"),
+        validators=[Required(), Length(min=10, max=10), IsNumber()],
+    )

atst/models/permissions.py

@@ -2,6 +2,7 @@ class Permissions(object):
     # ccpo permissions
     VIEW_AUDIT_LOG = "view_audit_log"
     VIEW_CCPO_USER = "view_ccpo_user"
+    CREATE_CCPO_USER = "create_ccpo_user"
     EDIT_CCPO_USER = "edit_ccpo_user"
     DELETE_CCPO_USER = "delete_ccpo_user"
 

atst/routes/__init__.py

@@ -18,12 +18,7 @@ from werkzeug.exceptions import NotFound
 
 from atst.domain.users import Users
 from atst.domain.authnid import AuthenticationContext
-from atst.domain.audit_log import AuditLog
 from atst.domain.auth import logout as _logout
-from atst.domain.common import Paginator
-from atst.domain.portfolios import Portfolios
-from atst.domain.authz.decorator import user_can_access_decorator as user_can
-from atst.models.permissions import Permissions
 from atst.utils.flash import formatted_flash as flash
 
 
@@ -124,21 +119,6 @@ def logout():
     return response
 
 
-@bp.route("/activity-history")
-@user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log")
-def activity_history():
-    pagination_opts = Paginator.get_pagination_opts(request)
-    audit_events = AuditLog.get_all_events(pagination_opts)
-    return render_template("audit_log/audit_log.html", audit_events=audit_events)
-
-
-@bp.route("/ccpo-users")
-@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
-def ccpo_users():
-    users = Users.get_ccpo_users()
-    return render_template("ccpo/users.html", users=users)
-
-
 @bp.route("/about")
 def about():
     return render_template("about.html")

atst/routes/ccpo.py

@@ -0,0 +1,58 @@
+from flask import Blueprint, render_template, redirect, url_for, request
+from atst.domain.users import Users
+from atst.domain.audit_log import AuditLog
+from atst.domain.common import Paginator
+from atst.domain.exceptions import NotFoundError
+from atst.domain.authz.decorator import user_can_access_decorator as user_can
+from atst.forms.ccpo_user import CCPOUserForm
+from atst.models.permissions import Permissions
+from atst.utils.context_processors import atat as atat_context_processor
+from atst.utils.flash import formatted_flash as flash
+
+
+bp = Blueprint("ccpo", __name__)
+bp.context_processor(atat_context_processor)
+
+
+@bp.route("/activity-history")
+@user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log")
+def activity_history():
+    pagination_opts = Paginator.get_pagination_opts(request)
+    audit_events = AuditLog.get_all_events(pagination_opts)
+    return render_template("audit_log/audit_log.html", audit_events=audit_events)
+
+
+@bp.route("/ccpo-users")
+@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users")
+def users():
+    users = Users.get_ccpo_users()
+    return render_template("ccpo/users.html", users=users)
+
+
+@bp.route("/ccpo-users/new")
+@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user")
+def add_new_user():
+    form = CCPOUserForm()
+    return render_template("ccpo/add_user.html", form=form)
+
+
+@bp.route("/ccpo-users/new", methods=["POST"])
+@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user")
+def submit_new_user():
+    try:
+        new_user = Users.get_by_dod_id(request.form["dod_id"])
+        form = CCPOUserForm(obj=new_user)
+    except NotFoundError:
+        flash("ccpo_user_not_found")
+        return redirect(url_for("ccpo.users"))
+
+    return render_template("ccpo/confirm_user.html", new_user=new_user, form=form)
+
+
+@bp.route("/ccpo-users/confirm-new", methods=["POST"])
+@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user")
+def confirm_new_user():
+    user = Users.get_by_dod_id(request.form["dod_id"])
+    Users.give_ccpo_perms(user)
+    flash("ccpo_user_added", user_name=user.full_name)
+    return redirect(url_for("ccpo.users"))

atst/utils/context_processors.py

@@ -119,3 +119,7 @@ def portfolio():
         "funding_end_date": funding_end_date,
         "funded": funded,
     }
+
+
+def atat():
+    return {"permissions": Permissions, "user_can": user_can_view}

atst/utils/flash.py

@@ -30,6 +30,16 @@ MESSAGES = {
         "message_template": "You have successfully deleted {{ user_name }} from {{ application_name }}",
         "category": "success",
     },
+    "ccpo_user_added": {
+        "title_template": translate("flash.success"),
+        "message_template": "You have successfully given {{ user_name }} CCPO permissions.",
+        "category": "success",
+    },
+    "ccpo_user_not_found": {
+        "title_template": translate("ccpo.form.user_not_found_title"),
+        "message_template": translate("ccpo.form.user_not_found_text"),
+        "category": "info",
+    },
     "environment_added": {
         "title_template": translate("flash.success"),
         "message_template": """

templates/audit_log/audit_log.html

@@ -4,6 +4,6 @@
 {% block content %}
   <div v-cloak>
     {% include "fragments/audit_events_log.html" %}
-    {{ Pagination(audit_events, url_for('atst.activity_history'))}}
+    {{ Pagination(audit_events, url_for('ccpo.activity_history'))}}
   </div>
 {% endblock %}

templates/ccpo/add_user.html

@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+
+{% from "components/text_input.html" import TextInput %}
+
+{% block content %}
+  <form id="add-ccpo-user-form" action="{{ url_for('ccpo.submit_new_user') }}" method="POST">
+    {{ form.csrf_token }}
+    <h1>{{ "ccpo.form.add_user_title" | translate }}</h1>
+    <div class='form-row'>
+      <div class='form-col form-col--two-thirds'>
+        {{ TextInput(form.dod_id, validation='dodId') }}
+      </div>
+      <div class="form-col form-col--third">
+        <div class='action-group'>
+          <input
+              type='submit'
+              v-bind:disabled="invalid"
+              class='action-group__action usa-button'
+              value='{{ "common.next" | translate }}'>
+          <a class='action-group__action icon-link icon-link--default' href="{{ url_for('ccpo.users') }}">{{ "common.cancel" | translate }}</a>
+        </div>
+      </div>
+    </div>
+  </form>
+{% endblock %}

templates/ccpo/confirm_user.html

@@ -0,0 +1,34 @@
+{% extends "base.html" %}
+
+{% from "components/text_input.html" import TextInput %}
+
+{% block content %}
+  {% if new_user %}
+    <h3>{{ 'ccpo.form.confirm_user_title' | translate }}</h3>
+    <form id="add-ccpo-user-form" action="{{ url_for('ccpo.confirm_new_user') }}" method="POST">
+      {{ form.csrf_token }}
+      <input type="hidden" name="dod_id" value="{{ form.dod_id.data }}">
+      <div>
+        <p>
+          {{ "ccpo.form.confirm_user_text" | translate }}
+        </p>
+        <p>
+          {{ new_user.full_name }}
+        </p>
+        <p>
+          {{ new_user.email }}
+        </p>
+      </div>
+      <div class='action-group'>
+        <input
+            type='submit'
+            v-bind:disabled="invalid"
+            class='action-group__action usa-button'
+            value='{{ "ccpo.form.confirm_button" | translate }}'>
+        <a class='action-group__action icon-link icon-link--default' href="{{ url_for('ccpo.users') }}">
+          {{ "common.cancel" | translate }}
+        </a>
+      </div>
+    </form>
+  {% endif %}
+{% endblock %}

templates/ccpo/users.html

@@ -1,27 +1,39 @@
 {% extends "base.html" %}
 
+{% from "components/icon.html" import Icon %}
+
 {% block content %}
-<div class='col'>
-  <div class="h2">
-    CCPO Users
-  </div>
-  <table>
-    <thead>
-      <tr>
-        <th>Name</th>
-        <th>Email</th>
-        <th>DoD ID</th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for user in users %}
+  <div class='col'>
+    <div class="h2">
+      {{ "ccpo.users_title" | translate }}
+    </div>
+
+    {% include "fragments/flash.html" %}
+
+    <table>
+      <thead>
         <tr>
-          <td>{{ user.full_name }}</td>
-          <td>{{ user.email }}</td>
-          <td>{{ user.dod_id }}</td>
+          <th>{{ "common.name" | translate }}</th>
+          <th>{{ "common.email" | translate }}</th>
+          <th>{{ "common.dod_id" | translate }}</th>
         </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-</div>
+      </thead>
+      <tbody>
+        {% for user in users %}
+          <tr>
+            <td>{{ user.full_name }}</td>
+            <td>{{ user.email }}</td>
+            <td>{{ user.dod_id }}</td>
+          </tr>
+        {% endfor %}
+      </tbody>
+    </table>
+  </div>
+
+  {% if user_can(permissions.CREATE_CCPO_USER) %}
+    <a class="icon-link" href="{{ url_for('ccpo.add_new_user')}}">
+      {{ "ccpo.add_user" | translate }} {{ Icon("plus") }}
+    </a>
+  {% endif %}
+
 {% endblock %}

tests/domain/test_users.py

@@ -85,3 +85,17 @@ def test_get_ccpo_users():
     assert ccpo_1 in ccpo_users
     assert ccpo_2 in ccpo_users
     assert rando not in ccpo_users
+
+
+def test_give_ccpo_perms():
+    rando = UserFactory.create()
+    Users.give_ccpo_perms(rando)
+    ccpo_users = Users.get_ccpo_users()
+    assert rando in ccpo_users
+
+
+def test_revoke_ccpo_perms():
+    ccpo = UserFactory.create_ccpo()
+    Users.revoke_ccpo_perms(ccpo)
+    ccpo_users = Users.get_ccpo_users()
+    assert ccpo not in ccpo_users

tests/routes/test_ccpo.py

@@ -0,0 +1,54 @@
+from flask import url_for
+
+from atst.utils.localization import translate
+
+from tests.factories import UserFactory
+
+
+def test_ccpo_users(user_session, client):
+    ccpo = UserFactory.create_ccpo()
+    user_session(ccpo)
+    response = client.get(url_for("ccpo.users"))
+    assert ccpo.email in response.data.decode()
+
+
+def test_submit_new_user(user_session, client):
+    ccpo = UserFactory.create_ccpo()
+    new_user = UserFactory.create()
+    random_dod_id = "1234567890"
+    user_session(ccpo)
+
+    # give new_user CCPO permissions
+    response = client.post(
+        url_for("ccpo.submit_new_user"), data={"dod_id": new_user.dod_id}
+    )
+    assert new_user.email in response.data.decode()
+
+    # give person without ATAT account CCPO permissions
+    response = client.post(
+        url_for("ccpo.submit_new_user"), data={"dod_id": random_dod_id}
+    )
+    assert url_for("ccpo.users") in response.location
+
+
+def test_confirm_new_user(user_session, client):
+    ccpo = UserFactory.create_ccpo()
+    new_user = UserFactory.create()
+    random_dod_id = "1234567890"
+    user_session(ccpo)
+
+    # give new_user CCPO permissions
+    response = client.post(
+        url_for("ccpo.confirm_new_user"),
+        data={"dod_id": new_user.dod_id},
+        follow_redirects=True,
+    )
+    assert new_user.dod_id in response.data.decode()
+
+    # give person with out ATAT account CCPO permissions
+    response = client.post(
+        url_for("ccpo.confirm_new_user"),
+        data={"dod_id": random_dod_id},
+        follow_redirects=True,
+    )
+    assert random_dod_id not in response.data.decode()

tests/test_access.py

@@ -110,26 +110,57 @@ def post_url_assert_status(client, user_session):
     return _get_url_assert_status
 
 
-# atst.activity_history
+# ccpo.activity_history
 def test_atst_activity_history_access(get_url_assert_status):
     ccpo = user_with(PermissionSets.VIEW_AUDIT_LOG)
     rando = user_with()
 
-    url = url_for("atst.activity_history")
+    url = url_for("ccpo.activity_history")
     get_url_assert_status(ccpo, url, 200)
     get_url_assert_status(rando, url, 404)
 
 
-# atst.ccpo_users
-def test_atst_ccpo_users_access(get_url_assert_status):
+# ccpo.users
+def test_ccpo_users_access(get_url_assert_status):
     ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
     rando = user_with()
 
-    url = url_for("atst.ccpo_users")
+    url = url_for("ccpo.users")
     get_url_assert_status(ccpo, url, 200)
     get_url_assert_status(rando, url, 404)
 
 
+# ccpo.add_new_user
+def test_ccpo_add_new_user_access(get_url_assert_status):
+    ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
+    rando = user_with()
+
+    url = url_for("ccpo.add_new_user")
+    get_url_assert_status(ccpo, url, 200)
+    get_url_assert_status(rando, url, 404)
+
+
+# ccpo.submit_new_user
+def test_ccpo_submit_new_user_access(post_url_assert_status):
+    ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
+    rando = user_with()
+
+    url = url_for("ccpo.submit_new_user")
+    post_url_assert_status(ccpo, url, 302, data={"dod_id": "1234567890"})
+    post_url_assert_status(rando, url, 404, data={"dod_id": "1234567890"})
+
+
+# ccpo.confirm_new_user
+def test_ccpo_confirm_new_user_access(post_url_assert_status):
+    ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
+    rando = user_with()
+    user = UserFactory.create()
+
+    url = url_for("ccpo.confirm_new_user")
+    post_url_assert_status(ccpo, url, 302, data={"dod_id": user.dod_id})
+    post_url_assert_status(rando, url, 404, data={"dod_id": user.dod_id})
+
+
 # applications.access_environment
 def test_applications_access_environment_access(get_url_assert_status):
     dev = UserFactory.create()

translations.yaml

@@ -26,6 +26,17 @@ home:
   applications_descrip: ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
   reports_descrip: enim ad minim veniam, quis nostrud exercitation ullamco
   admin_descrip: aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat
+ccpo:
+  users_title: CCPO Users
+  add_user: Add new CCPO user
+  form:
+    add_user_title: Add new CCPO user
+    confirm_user_title: Confirm new CCPO user
+    confirm_user_text: Please confirm that the user details below match the user being given CCPO permissions.
+    confirm_button: Confirm and Add User
+    return_link: Return to list of CCPO users
+    user_not_found_title: User not found
+    user_not_found_text: To add someone as a CCPO user, they must already have an ATAT account.
 common:
   cancel: Cancel
   close: Close
@@ -34,8 +45,12 @@ common:
   delete: Delete
   deactivate: Deactivate
   delete_confirm: 'Please type the word {word} to confirm:'
+  dod_id: DoD ID
   edit: Edit
+  email: Email
   members: Members
+  name: Name
+  next: Next
   'yes': 'Yes'
   'no': 'No'
   response_label: Response required
@@ -45,7 +60,6 @@ common:
   resource_names:
     environments: Environments
   choose_role: Choose a role
-  name: Name
 components:
   date_selector:
     day: Day