Update user's environment role on the team page.
- Includes adjustments to the applications.update_team route - Adds hidden environment ID to the HTML form
This commit is contained in:
dandds
parent
39cc200bf2
commit
0dc0397702
@ -6,6 +6,7 @@ from atst.domain.applications import Applications
|
|||||||
from atst.domain.application_roles import ApplicationRoles
|
from atst.domain.application_roles import ApplicationRoles
|
||||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||||
from atst.domain.environment_roles import EnvironmentRoles
|
from atst.domain.environment_roles import EnvironmentRoles
|
||||||
|
from atst.domain.environments import Environments
|
||||||
from atst.domain.exceptions import AlreadyExistsError
|
from atst.domain.exceptions import AlreadyExistsError
|
||||||
from atst.domain.permission_sets import PermissionSets
|
from atst.domain.permission_sets import PermissionSets
|
||||||
from atst.domain.users import Users
|
from atst.domain.users import Users
|
||||||
@ -97,15 +98,25 @@ def update_team(application_id):
|
|||||||
form = TeamForm(http_request.form)
|
form = TeamForm(http_request.form)
|
||||||
|
|
||||||
if form.validate():
|
if form.validate():
|
||||||
for member in form.members:
|
for member_form in form.members:
|
||||||
app_role = ApplicationRoles.get(member.data["user_id"], application.id)
|
app_role = ApplicationRoles.get(member_form.user_id.data, application.id)
|
||||||
new_perms = [
|
new_perms = [
|
||||||
perm
|
perm
|
||||||
for perm in member.data["permission_sets"]
|
for perm in member_form.data["permission_sets"]
|
||||||
if perm != PermissionSets.VIEW_APPLICATION
|
if perm != PermissionSets.VIEW_APPLICATION
|
||||||
]
|
]
|
||||||
ApplicationRoles.update_permission_sets(app_role, new_perms)
|
ApplicationRoles.update_permission_sets(app_role, new_perms)
|
||||||
flash("updated_application_members_permissions")
|
|
||||||
|
for environment_role_form in member_form.environment_roles:
|
||||||
|
user = Users.get(member_form.user_id.data)
|
||||||
|
environment = Environments.get(
|
||||||
|
environment_role_form.environment_id.data
|
||||||
|
)
|
||||||
|
Environments.update_env_role(
|
||||||
|
environment, user, environment_role_form.role.data
|
||||||
|
)
|
||||||
|
|
||||||
|
flash("updated_application_team_settings", application_name=application.name)
|
||||||
|
|
||||||
return redirect(
|
return redirect(
|
||||||
url_for(
|
url_for(
|
||||||
|
|||||||
@ -186,10 +186,10 @@ MESSAGES = {
|
|||||||
""",
|
""",
|
||||||
"category": "success",
|
"category": "success",
|
||||||
},
|
},
|
||||||
"updated_application_members_permissions": {
|
"updated_application_team_settings": {
|
||||||
"title_template": translate("flash.success"),
|
"title_template": translate("flash.success"),
|
||||||
"message_template": """
|
"message_template": """
|
||||||
<p>{{ "flash.updated_application_members_permissions" | translate }}</p>
|
<p>{{ "flash.updated_application_team_settings" | translate({"application_name": application_name}) }}</p>
|
||||||
""",
|
""",
|
||||||
"category": "success",
|
"category": "success",
|
||||||
},
|
},
|
||||||
|
|||||||
@ -36,57 +36,59 @@
|
|||||||
)
|
)
|
||||||
}}
|
}}
|
||||||
</div>
|
</div>
|
||||||
{% call ToggleSection(section_name="environments") %}
|
</div>
|
||||||
<ul>
|
{% call ToggleSection(section_name="environments") %}
|
||||||
{% for environment_form in environment_roles_form %}
|
<ul>
|
||||||
<li class="accordion-table__item__expanded">
|
{% for environment_form in environment_roles_form %}
|
||||||
<environment-role inline-template v-bind:initial-role="'{{ environment_form.role.data }}'">
|
<li class="accordion-table__item__expanded">
|
||||||
<div>
|
<environment-role inline-template v-bind:initial-role="'{{ environment_form.role.data }}'">
|
||||||
<div class="row">
|
<div>
|
||||||
<div class="col col--grow">
|
<div class="row">
|
||||||
{{ environment_form.environment_name.data }}
|
<div class="col col--grow">
|
||||||
</div>
|
{{ environment_form.environment_name.data }}
|
||||||
<div class="accordion-table__item__expanded-role col col--grow">
|
</div>
|
||||||
<div class="right">
|
<div class="accordion-table__item__expanded-role col col--grow">
|
||||||
<span v-html="role">
|
<div class="right">
|
||||||
</span>
|
<span v-html="role">
|
||||||
<div class="icon-link" v-on:click="toggle">
|
</span>
|
||||||
{{ Icon("edit") }}
|
<div class="icon-link" v-on:click="toggle">
|
||||||
</div>
|
{{ Icon("edit") }}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="member-list__role-select" v-show="expanded">
|
|
||||||
{{ environment_form.role.label }}
|
|
||||||
{{ environment_form.role(**{"v-on:change": "radioChange", "class": "member-list____role-select__radio"}) }}
|
|
||||||
<button
|
|
||||||
class="usa-button"
|
|
||||||
type="button"
|
|
||||||
v-on:click="toggle"
|
|
||||||
>
|
|
||||||
{{ "common.close" | translate }}
|
|
||||||
</button>
|
|
||||||
</div>
|
|
||||||
</div>
|
</div>
|
||||||
</environment-role>
|
<div class="member-list__role-select" v-show="expanded">
|
||||||
</li>
|
{{ environment_form.role.label }}
|
||||||
{% endfor %}
|
{{ environment_form.role(**{"v-on:change": "radioChange", "class": "member-list____role-select__radio"}) }}
|
||||||
</ul>
|
<button
|
||||||
<div class="accordion-table__item__action-group">
|
class="usa-button"
|
||||||
<a class="icon-link">
|
type="button"
|
||||||
{{ "portfolios.applications.team_settings.add_to_environment" | translate }}
|
v-on:click="toggle"
|
||||||
{{ Icon("plus") }}
|
>
|
||||||
</a>
|
{{ "common.close" | translate }}
|
||||||
<button
|
</button>
|
||||||
id="delete-application"
|
{{ environment_form.environment_id() }}
|
||||||
type="button"
|
</div>
|
||||||
class='usa-button button-danger'
|
</div>
|
||||||
>
|
</environment-role>
|
||||||
{{ "portfolios.members.archive_button" | translate }}
|
</li>
|
||||||
</button>
|
{% endfor %}
|
||||||
</div>
|
</ul>
|
||||||
{% endcall %}
|
<div class="accordion-table__item__action-group">
|
||||||
{{ member_form.user_id() }}
|
<a class="icon-link">
|
||||||
</li>
|
{{ "portfolios.applications.team_settings.add_to_environment" | translate }}
|
||||||
|
{{ Icon("plus") }}
|
||||||
|
</a>
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
class='usa-button button-danger'
|
||||||
|
v-on:click="openModal('{{ delete_modal_id }}')"
|
||||||
|
>
|
||||||
|
{{ "portfolios.members.archive_button" | translate }}
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
{% endcall %}
|
||||||
|
{{ member_form.user_id() }}
|
||||||
|
</li>
|
||||||
</toggler>
|
</toggler>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|||||||
@ -3,6 +3,7 @@ import uuid
|
|||||||
from flask import url_for
|
from flask import url_for
|
||||||
|
|
||||||
from atst.domain.permission_sets import PermissionSets
|
from atst.domain.permission_sets import PermissionSets
|
||||||
|
from atst.models import CSPRole
|
||||||
|
|
||||||
from tests.factories import *
|
from tests.factories import *
|
||||||
|
|
||||||
@ -17,7 +18,7 @@ def test_application_team(client, user_session):
|
|||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
def test_update_team(client, user_session):
|
def test_update_team_permissions(client, user_session):
|
||||||
application = ApplicationFactory.create()
|
application = ApplicationFactory.create()
|
||||||
owner = application.portfolio.owner
|
owner = application.portfolio.owner
|
||||||
app_role = ApplicationRoleFactory.create(
|
app_role = ApplicationRoleFactory.create(
|
||||||
@ -91,6 +92,63 @@ def test_update_team_with_non_app_user(client, user_session):
|
|||||||
assert response.status_code == 404
|
assert response.status_code == 404
|
||||||
|
|
||||||
|
|
||||||
|
def test_update_team_environment_roles(client, user_session):
|
||||||
|
application = ApplicationFactory.create()
|
||||||
|
owner = application.portfolio.owner
|
||||||
|
app_role = ApplicationRoleFactory.create(
|
||||||
|
application=application, permission_sets=[]
|
||||||
|
)
|
||||||
|
app_user = app_role.user
|
||||||
|
environment = EnvironmentFactory.create(application=application)
|
||||||
|
env_role = EnvironmentRoleFactory.create(
|
||||||
|
user=app_user, environment=environment, role=CSPRole.NETWORK_ADMIN.value
|
||||||
|
)
|
||||||
|
user_session(owner)
|
||||||
|
response = client.post(
|
||||||
|
url_for("applications.update_team", application_id=application.id),
|
||||||
|
data={
|
||||||
|
"members-0-user_id": app_user.id,
|
||||||
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||||
|
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||||
|
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||||
|
"members-0-environment_roles-0-environment_id": environment.id,
|
||||||
|
"members-0-environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 302
|
||||||
|
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.skip(reason="Need to rebase against master")
|
||||||
|
def test_update_team_revoke_environment_access(client, user_session):
|
||||||
|
application = ApplicationFactory.create()
|
||||||
|
owner = application.portfolio.owner
|
||||||
|
app_role = ApplicationRoleFactory.create(
|
||||||
|
application=application, permission_sets=[]
|
||||||
|
)
|
||||||
|
app_user = app_role.user
|
||||||
|
environment = EnvironmentFactory.create(application=application)
|
||||||
|
env_role = EnvironmentRoleFactory.create(
|
||||||
|
user=app_user, environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||||
|
)
|
||||||
|
user_session(owner)
|
||||||
|
response = client.post(
|
||||||
|
url_for("applications.update_team", application_id=application.id),
|
||||||
|
data={
|
||||||
|
"members-0-user_id": app_user.id,
|
||||||
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||||
|
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||||
|
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||||
|
"members-0-environment_roles-0-environment_id": environment.id,
|
||||||
|
"members-0-environment_roles-0-role": "",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 302
|
||||||
|
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
||||||
|
|
||||||
|
|
||||||
def test_create_member(client, user_session):
|
def test_create_member(client, user_session):
|
||||||
user = UserFactory.create()
|
user = UserFactory.create()
|
||||||
application = ApplicationFactory.create(
|
application = ApplicationFactory.create(
|
||||||
|
|||||||
@ -80,7 +80,7 @@ flash:
|
|||||||
portfolio_home: Go to my portfolio home page
|
portfolio_home: Go to my portfolio home page
|
||||||
success: Success!
|
success: Success!
|
||||||
new_application_member: 'You have successfully invited {user_name} to the team.'
|
new_application_member: 'You have successfully invited {user_name} to the team.'
|
||||||
updated_application_members_permissions: 'You have successfully updated member permissions.'
|
updated_application_team_settings: 'You have updated the {application_name} team settings.'
|
||||||
footer:
|
footer:
|
||||||
about_link_text: Joint Enterprise Defense Infrastructure
|
about_link_text: Joint Enterprise Defense Infrastructure
|
||||||
browser_support: JEDI Cloud supported on these web browsers
|
browser_support: JEDI Cloud supported on these web browsers
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user