remove portfolio_role direct relationship to role
This commit is contained in:
@@ -9,7 +9,6 @@ from atst.models.portfolio_role import (
|
||||
from atst.models.user import User
|
||||
|
||||
from .roles import Roles
|
||||
from .users import Users
|
||||
from .exceptions import NotFoundError
|
||||
|
||||
|
||||
@@ -53,17 +52,6 @@ class PortfolioRoles(object):
|
||||
except NoResultFound:
|
||||
return None
|
||||
|
||||
@classmethod
|
||||
def portfolio_role_permissions(cls, portfolio, user):
|
||||
portfolio_role = PortfolioRoles._get_active_portfolio_role(
|
||||
portfolio.id, user.id
|
||||
)
|
||||
atat_permissions = set(user.atat_role.permissions)
|
||||
portfolio_permissions = (
|
||||
[] if portfolio_role is None else portfolio_role.role.permissions
|
||||
)
|
||||
return set(portfolio_permissions).union(atat_permissions)
|
||||
|
||||
@classmethod
|
||||
def _get_portfolio_role(cls, user, portfolio_id):
|
||||
try:
|
||||
@@ -80,9 +68,7 @@ class PortfolioRoles(object):
|
||||
raise NotFoundError("portfolio role")
|
||||
|
||||
@classmethod
|
||||
def add(cls, user, portfolio_id, role_name, permission_sets=None):
|
||||
role = Roles.get(role_name)
|
||||
|
||||
def add(cls, user, portfolio_id, permission_sets=None):
|
||||
new_portfolio_role = None
|
||||
try:
|
||||
existing_portfolio_role = (
|
||||
@@ -94,13 +80,9 @@ class PortfolioRoles(object):
|
||||
.one()
|
||||
)
|
||||
new_portfolio_role = existing_portfolio_role
|
||||
new_portfolio_role.role = role
|
||||
except NoResultFound:
|
||||
new_portfolio_role = PortfolioRole(
|
||||
user=user,
|
||||
role_id=role.id,
|
||||
portfolio_id=portfolio_id,
|
||||
status=PortfolioRoleStatus.PENDING,
|
||||
user=user, portfolio_id=portfolio_id, status=PortfolioRoleStatus.PENDING
|
||||
)
|
||||
|
||||
if permission_sets:
|
||||
@@ -137,47 +119,6 @@ class PortfolioRoles(object):
|
||||
db.session.commit()
|
||||
return portfolio_role
|
||||
|
||||
@classmethod
|
||||
def add_many(cls, portfolio_id, portfolio_role_dicts):
|
||||
portfolio_roles = []
|
||||
|
||||
for user_dict in portfolio_role_dicts:
|
||||
try:
|
||||
user = Users.get(user_dict["id"])
|
||||
except NoResultFound:
|
||||
default_role = Roles.get("developer")
|
||||
user = User(id=user_dict["id"], atat_role=default_role)
|
||||
|
||||
try:
|
||||
role = Roles.get(user_dict["portfolio_role"])
|
||||
except NoResultFound:
|
||||
raise NotFoundError("role")
|
||||
|
||||
try:
|
||||
existing_portfolio_role = (
|
||||
db.session.query(PortfolioRole)
|
||||
.filter(
|
||||
PortfolioRole.user == user,
|
||||
PortfolioRole.portfolio_id == portfolio_id,
|
||||
)
|
||||
.one()
|
||||
)
|
||||
new_portfolio_role = existing_portfolio_role
|
||||
new_portfolio_role.role = role
|
||||
except NoResultFound:
|
||||
new_portfolio_role = PortfolioRole(
|
||||
user=user, role_id=role.id, portfolio_id=portfolio_id
|
||||
)
|
||||
|
||||
user.portfolio_roles.append(new_portfolio_role)
|
||||
portfolio_roles.append(new_portfolio_role)
|
||||
|
||||
db.session.add(user)
|
||||
|
||||
db.session.commit()
|
||||
|
||||
return portfolio_roles
|
||||
|
||||
@classmethod
|
||||
def enable(cls, portfolio_role):
|
||||
portfolio_role.status = PortfolioRoleStatus.ACTIVE
|
||||
|
@@ -24,7 +24,6 @@ class Portfolios(object):
|
||||
Portfolios._create_portfolio_role(
|
||||
user,
|
||||
portfolio,
|
||||
"owner",
|
||||
status=PortfolioRoleStatus.ACTIVE,
|
||||
permission_sets=perms_sets,
|
||||
)
|
||||
@@ -111,9 +110,7 @@ class Portfolios(object):
|
||||
|
||||
@classmethod
|
||||
def add_member(cls, portfolio, member, role_name, permission_sets=None):
|
||||
portfolio_role = PortfolioRoles.add(
|
||||
member, portfolio.id, role_name, permission_sets
|
||||
)
|
||||
portfolio_role = PortfolioRoles.add(member, portfolio.id, permission_sets)
|
||||
return portfolio_role
|
||||
|
||||
@classmethod
|
||||
@@ -126,20 +123,13 @@ class Portfolios(object):
|
||||
|
||||
@classmethod
|
||||
def _create_portfolio_role(
|
||||
cls,
|
||||
user,
|
||||
portfolio,
|
||||
role_name,
|
||||
status=PortfolioRoleStatus.PENDING,
|
||||
permission_sets=None,
|
||||
cls, user, portfolio, status=PortfolioRoleStatus.PENDING, permission_sets=None
|
||||
):
|
||||
role = Roles.get(role_name)
|
||||
|
||||
if permission_sets is None:
|
||||
permission_sets = []
|
||||
|
||||
portfolio_role = PortfoliosQuery.create_portfolio_role(
|
||||
user, role, portfolio, status=status, permission_sets=permission_sets
|
||||
user, portfolio, status=status, permission_sets=permission_sets
|
||||
)
|
||||
PortfoliosQuery.add_and_commit(portfolio_role)
|
||||
return portfolio_role
|
||||
|
@@ -18,5 +18,5 @@ class PortfoliosQuery(Query):
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def create_portfolio_role(cls, user, role, portfolio, **kwargs):
|
||||
return PortfolioRole(user=user, role=role, portfolio=portfolio, **kwargs)
|
||||
def create_portfolio_role(cls, user, portfolio, **kwargs):
|
||||
return PortfolioRole(user=user, portfolio=portfolio, **kwargs)
|
||||
|
@@ -23,7 +23,9 @@ class Portfolio(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
|
||||
@property
|
||||
def owner(self):
|
||||
def _is_portfolio_owner(portfolio_role):
|
||||
return portfolio_role.role.name == "owner"
|
||||
return "portfolio_poc" in [
|
||||
perms_set.name for perms_set in portfolio_role.permission_sets
|
||||
]
|
||||
|
||||
owner = first_or_none(_is_portfolio_owner, self.roles)
|
||||
return owner.user if owner else None
|
||||
|
@@ -10,7 +10,6 @@ from atst.database import db
|
||||
from atst.models.environment_role import EnvironmentRole
|
||||
from atst.models.application import Application
|
||||
from atst.models.environment import Environment
|
||||
from atst.models.role import Role
|
||||
|
||||
|
||||
MEMBER_STATUSES = {
|
||||
@@ -47,9 +46,6 @@ class PortfolioRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
|
||||
)
|
||||
portfolio = relationship("Portfolio", back_populates="roles")
|
||||
|
||||
role_id = Column(UUID(as_uuid=True), ForeignKey("roles.id"), nullable=False)
|
||||
role = relationship("Role")
|
||||
|
||||
user_id = Column(
|
||||
UUID(as_uuid=True), ForeignKey("users.id"), index=True, nullable=False
|
||||
)
|
||||
@@ -65,19 +61,15 @@ class PortfolioRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
|
||||
]
|
||||
|
||||
def __repr__(self):
|
||||
return "<PortfolioRole(role='{}', portfolio='{}', user_id='{}', id='{}')>".format(
|
||||
self.role.name, self.portfolio.name, self.user_id, self.id
|
||||
return "<PortfolioRole(portfolio='{}', user_id='{}', id='{}', permissions={})>".format(
|
||||
self.portfolio.name, self.user_id, self.id, self.permissions
|
||||
)
|
||||
|
||||
@property
|
||||
def history(self):
|
||||
previous_state = self.get_changes()
|
||||
change_set = {}
|
||||
if "role_id" in previous_state:
|
||||
from_role_id = previous_state["role_id"][0]
|
||||
from_role = db.session.query(Role).filter(Role.id == from_role_id).one()
|
||||
to_role = self.role_name
|
||||
change_set["role"] = [from_role.name, to_role]
|
||||
# TODO: need to update to include permission_sets
|
||||
if "status" in previous_state:
|
||||
from_status = previous_state["status"][0].value
|
||||
to_status = self.status.value
|
||||
@@ -121,10 +113,6 @@ class PortfolioRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
|
||||
def has_dod_id_error(self):
|
||||
return self.latest_invitation and self.latest_invitation.is_rejected_wrong_user
|
||||
|
||||
@property
|
||||
def role_name(self):
|
||||
return self.role.name
|
||||
|
||||
@property
|
||||
def user_name(self):
|
||||
return self.user.full_name
|
||||
|
@@ -64,7 +64,9 @@ def home():
|
||||
elif num_portfolios == 1:
|
||||
portfolio_role = user.portfolio_roles[0]
|
||||
portfolio_id = portfolio_role.portfolio.id
|
||||
is_portfolio_owner = portfolio_role.role.name == "owner"
|
||||
is_portfolio_owner = "portfolio_poc" in [
|
||||
ps.name for ps in portfolio_role.permission_sets
|
||||
]
|
||||
|
||||
if is_portfolio_owner:
|
||||
return redirect(
|
||||
|
@@ -28,7 +28,7 @@ def serialize_portfolio_role(portfolio_role):
|
||||
"name": portfolio_role.user_name,
|
||||
"status": portfolio_role.display_status,
|
||||
"id": portfolio_role.user_id,
|
||||
"role": portfolio_role.role_displayname,
|
||||
"role": "admin",
|
||||
"num_env": portfolio_role.num_environment_roles,
|
||||
"edit_link": url_for(
|
||||
"portfolios.view_member",
|
||||
@@ -115,7 +115,7 @@ def view_member(portfolio_id, member_id):
|
||||
)
|
||||
member = PortfolioRoles.get(portfolio_id, member_id)
|
||||
applications = Applications.get_all(g.current_user, member, portfolio)
|
||||
form = EditMemberForm(portfolio_role=member.role_name)
|
||||
form = EditMemberForm(portfolio_role="admin")
|
||||
editable = g.current_user == member.user
|
||||
can_revoke_access = Portfolios.can_revoke_access_for(portfolio, member)
|
||||
|
||||
|
Reference in New Issue
Block a user