From 0ac8c9632b9dcc98c91958e42fb775d0872131a3 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Thu, 4 Apr 2019 09:59:40 -0400
Subject: [PATCH] add application permission sets

---
 atst/domain/permission_sets.py | 55 ++++++++++++++++++++++++++++++++++
 atst/models/permissions.py     |  2 ++
 script/seed_roles.py           | 12 ++++++--
 3 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/atst/domain/permission_sets.py b/atst/domain/permission_sets.py
index 99862742..4d02682a 100644
--- a/atst/domain/permission_sets.py
+++ b/atst/domain/permission_sets.py
@@ -18,6 +18,11 @@ class PermissionSets(object):
     PORTFOLIO_POC = "portfolio_poc"
     VIEW_AUDIT_LOG = "view_audit_log"
 
+    VIEW_APPLICATION = "view_application"
+    EDIT_APPLICATION_ENVIRONMENTS = "edit_application_environments"
+    EDIT_APPLICATION_TEAM = "edit_application_team"
+    DELETE_APPLICATION_ENVIRONMENTS = "delete_application_environments"
+
     @classmethod
     def get(cls, perms_set_name):
         try:
@@ -85,6 +90,8 @@ _PORTFOLIO_APP_MGMT_PERMISSION_SETS = [
             Permissions.CREATE_APPLICATION_MEMBER,
             Permissions.EDIT_ENVIRONMENT,
             Permissions.CREATE_ENVIRONMENT,
+            Permissions.DELETE_ENVIRONMENT,
+            Permissions.ASSIGN_ENVIRONMENT_MEMBER,
         ],
     },
 ]
@@ -167,3 +174,51 @@ PORTFOLIO_PERMISSION_SETS = (
     + _PORTFOLIO_ADMIN_PERMISSION_SETS
     + _PORTFOLIO_POC_PERMISSION_SETS
 )
+
+_APPLICATION_BASIC_PERMISSION_SET = {
+    "name": PermissionSets.VIEW_APPLICATION,
+    "description": "View application data",
+    "display_name": "View applications",
+    "permissions": [
+        Permissions.VIEW_APPLICATION,
+        Permissions.VIEW_APPLICATION_MEMBER,
+        Permissions.VIEW_ENVIRONMENT,
+    ],
+}
+
+# need perm to assign and unassign users to environments
+_APPLICATION_ENVIRONMENTS_PERMISSION_SET = {
+    "name": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
+    "description": "Manage environments for an application",
+    "display_name": "Manage environments",
+    "permissions": [
+        Permissions.EDIT_ENVIRONMENT,
+        Permissions.CREATE_ENVIRONMENT,
+        Permissions.ASSIGN_ENVIRONMENT_MEMBER,
+    ],
+}
+
+_APPLICATION_TEAM_PERMISSION_SET = {
+    "name": PermissionSets.EDIT_APPLICATION_TEAM,
+    "description": "Manage team members for an application",
+    "display_name": "Manage team",
+    "permissions": [
+        Permissions.EDIT_APPLICATION_MEMBER,
+        Permissions.CREATE_APPLICATION_MEMBER,
+        Permissions.ASSIGN_ENVIRONMENT_MEMBER,
+    ],
+}
+
+_APPLICATION_ENVIRONMENT_DELETE_PERMISSION_SET = {
+    "name": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
+    "description": "Delete environments within an application",
+    "display_name": "Delete environments",
+    "permissions": [Permissions.DELETE_ENVIRONMENT],
+}
+
+APPLICATION_PERMISSION_SETS = [
+    _APPLICATION_BASIC_PERMISSION_SET,
+    _APPLICATION_TEAM_PERMISSION_SET,
+    _APPLICATION_ENVIRONMENTS_PERMISSION_SET,
+    _APPLICATION_ENVIRONMENT_DELETE_PERMISSION_SET,
+]
diff --git a/atst/models/permissions.py b/atst/models/permissions.py
index 6f1b52c7..cb03020d 100644
--- a/atst/models/permissions.py
+++ b/atst/models/permissions.py
@@ -14,6 +14,8 @@ class Permissions(object):
     VIEW_ENVIRONMENT = "view_environment"
     EDIT_ENVIRONMENT = "edit_environment"
     CREATE_ENVIRONMENT = "create_environment"
+    DELETE_ENVIRONMENT = "delete_environment"
+    ASSIGN_ENVIRONMENT_MEMBER = "assign_environment_member"
 
     # funding
     VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding"  # TO summary page
diff --git a/script/seed_roles.py b/script/seed_roles.py
index 4340e7a7..9bf6ae3f 100755
--- a/script/seed_roles.py
+++ b/script/seed_roles.py
@@ -9,12 +9,18 @@ sys.path.append(parent_dir)
 from sqlalchemy.orm.exc import NoResultFound
 from atst.app import make_config, make_app
 from atst.database import db
-from atst.models import PermissionSet, Permissions
-from atst.domain.permission_sets import ATAT_PERMISSION_SETS, PORTFOLIO_PERMISSION_SETS
+from atst.models import PermissionSet
+from atst.domain.permission_sets import (
+    ATAT_PERMISSION_SETS,
+    PORTFOLIO_PERMISSION_SETS,
+    APPLICATION_PERMISSION_SETS,
+)
 
 
 def seed_roles():
-    for permission_set_info in ATAT_PERMISSION_SETS + PORTFOLIO_PERMISSION_SETS:
+    for permission_set_info in (
+        ATAT_PERMISSION_SETS + PORTFOLIO_PERMISSION_SETS + APPLICATION_PERMISSION_SETS
+    ):
         permission_set = PermissionSet(**permission_set_info)
         try:
             existing_permission_set = (