Update user's environment role on the team page.
- Includes adjustments to the applications.update_team route - Adds hidden environment ID to the HTML form
This commit is contained in:
dandds
parent
39cc200bf2
commit
0dc0397702
@ -6,6 +6,7 @@ from atst.domain.applications import Applications
|
||||
from atst.domain.application_roles import ApplicationRoles
|
||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.domain.environments import Environments
|
||||
from atst.domain.exceptions import AlreadyExistsError
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.domain.users import Users
|
||||
@ -97,15 +98,25 @@ def update_team(application_id):
|
||||
form = TeamForm(http_request.form)
|
||||
|
||||
if form.validate():
|
||||
for member in form.members:
|
||||
app_role = ApplicationRoles.get(member.data["user_id"], application.id)
|
||||
for member_form in form.members:
|
||||
app_role = ApplicationRoles.get(member_form.user_id.data, application.id)
|
||||
new_perms = [
|
||||
perm
|
||||
for perm in member.data["permission_sets"]
|
||||
for perm in member_form.data["permission_sets"]
|
||||
if perm != PermissionSets.VIEW_APPLICATION
|
||||
]
|
||||
ApplicationRoles.update_permission_sets(app_role, new_perms)
|
||||
flash("updated_application_members_permissions")
|
||||
|
||||
for environment_role_form in member_form.environment_roles:
|
||||
user = Users.get(member_form.user_id.data)
|
||||
environment = Environments.get(
|
||||
environment_role_form.environment_id.data
|
||||
)
|
||||
Environments.update_env_role(
|
||||
environment, user, environment_role_form.role.data
|
||||
)
|
||||
|
||||
flash("updated_application_team_settings", application_name=application.name)
|
||||
|
||||
return redirect(
|
||||
url_for(
|
||||
|
||||
@ -186,10 +186,10 @@ MESSAGES = {
|
||||
""",
|
||||
"category": "success",
|
||||
},
|
||||
"updated_application_members_permissions": {
|
||||
"updated_application_team_settings": {
|
||||
"title_template": translate("flash.success"),
|
||||
"message_template": """
|
||||
<p>{{ "flash.updated_application_members_permissions" | translate }}</p>
|
||||
<p>{{ "flash.updated_application_team_settings" | translate({"application_name": application_name}) }}</p>
|
||||
""",
|
||||
"category": "success",
|
||||
},
|
||||
|
||||
@ -36,57 +36,59 @@
|
||||
)
|
||||
}}
|
||||
</div>
|
||||
{% call ToggleSection(section_name="environments") %}
|
||||
<ul>
|
||||
{% for environment_form in environment_roles_form %}
|
||||
<li class="accordion-table__item__expanded">
|
||||
<environment-role inline-template v-bind:initial-role="'{{ environment_form.role.data }}'">
|
||||
<div>
|
||||
<div class="row">
|
||||
<div class="col col--grow">
|
||||
{{ environment_form.environment_name.data }}
|
||||
</div>
|
||||
<div class="accordion-table__item__expanded-role col col--grow">
|
||||
<div class="right">
|
||||
<span v-html="role">
|
||||
</span>
|
||||
<div class="icon-link" v-on:click="toggle">
|
||||
{{ Icon("edit") }}
|
||||
</div>
|
||||
</div>
|
||||
{% call ToggleSection(section_name="environments") %}
|
||||
<ul>
|
||||
{% for environment_form in environment_roles_form %}
|
||||
<li class="accordion-table__item__expanded">
|
||||
<environment-role inline-template v-bind:initial-role="'{{ environment_form.role.data }}'">
|
||||
<div>
|
||||
<div class="row">
|
||||
<div class="col col--grow">
|
||||
{{ environment_form.environment_name.data }}
|
||||
</div>
|
||||
<div class="accordion-table__item__expanded-role col col--grow">
|
||||
<div class="right">
|
||||
<span v-html="role">
|
||||
</span>
|
||||
<div class="icon-link" v-on:click="toggle">
|
||||
{{ Icon("edit") }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="member-list__role-select" v-show="expanded">
|
||||
{{ environment_form.role.label }}
|
||||
{{ environment_form.role(**{"v-on:change": "radioChange", "class": "member-list____role-select__radio"}) }}
|
||||
<button
|
||||
class="usa-button"
|
||||
type="button"
|
||||
v-on:click="toggle"
|
||||
>
|
||||
{{ "common.close" | translate }}
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</environment-role>
|
||||
</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
<div class="accordion-table__item__action-group">
|
||||
<a class="icon-link">
|
||||
{{ "portfolios.applications.team_settings.add_to_environment" | translate }}
|
||||
{{ Icon("plus") }}
|
||||
</a>
|
||||
<button
|
||||
id="delete-application"
|
||||
type="button"
|
||||
class='usa-button button-danger'
|
||||
>
|
||||
{{ "portfolios.members.archive_button" | translate }}
|
||||
</button>
|
||||
</div>
|
||||
{% endcall %}
|
||||
{{ member_form.user_id() }}
|
||||
</li>
|
||||
<div class="member-list__role-select" v-show="expanded">
|
||||
{{ environment_form.role.label }}
|
||||
{{ environment_form.role(**{"v-on:change": "radioChange", "class": "member-list____role-select__radio"}) }}
|
||||
<button
|
||||
class="usa-button"
|
||||
type="button"
|
||||
v-on:click="toggle"
|
||||
>
|
||||
{{ "common.close" | translate }}
|
||||
</button>
|
||||
{{ environment_form.environment_id() }}
|
||||
</div>
|
||||
</div>
|
||||
</environment-role>
|
||||
</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
<div class="accordion-table__item__action-group">
|
||||
<a class="icon-link">
|
||||
{{ "portfolios.applications.team_settings.add_to_environment" | translate }}
|
||||
{{ Icon("plus") }}
|
||||
</a>
|
||||
<button
|
||||
type="button"
|
||||
class='usa-button button-danger'
|
||||
v-on:click="openModal('{{ delete_modal_id }}')"
|
||||
>
|
||||
{{ "portfolios.members.archive_button" | translate }}
|
||||
</button>
|
||||
</div>
|
||||
{% endcall %}
|
||||
{{ member_form.user_id() }}
|
||||
</li>
|
||||
</toggler>
|
||||
{% endfor %}
|
||||
|
||||
@ -3,6 +3,7 @@ import uuid
|
||||
from flask import url_for
|
||||
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.models import CSPRole
|
||||
|
||||
from tests.factories import *
|
||||
|
||||
@ -17,7 +18,7 @@ def test_application_team(client, user_session):
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_update_team(client, user_session):
|
||||
def test_update_team_permissions(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
@ -91,6 +92,63 @@ def test_update_team_with_non_app_user(client, user_session):
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_update_team_environment_roles(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
app_user = app_role.user
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
env_role = EnvironmentRoleFactory.create(
|
||||
user=app_user, environment=environment, role=CSPRole.NETWORK_ADMIN.value
|
||||
)
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-user_id": app_user.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-environment_roles-0-environment_id": environment.id,
|
||||
"members-0-environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="Need to rebase against master")
|
||||
def test_update_team_revoke_environment_access(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
app_user = app_role.user
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
env_role = EnvironmentRoleFactory.create(
|
||||
user=app_user, environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||
)
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-user_id": app_user.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-environment_roles-0-environment_id": environment.id,
|
||||
"members-0-environment_roles-0-role": "",
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
||||
|
||||
|
||||
def test_create_member(client, user_session):
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create(
|
||||
|
||||
@ -80,7 +80,7 @@ flash:
|
||||
portfolio_home: Go to my portfolio home page
|
||||
success: Success!
|
||||
new_application_member: 'You have successfully invited {user_name} to the team.'
|
||||
updated_application_members_permissions: 'You have successfully updated member permissions.'
|
||||
updated_application_team_settings: 'You have updated the {application_name} team settings.'
|
||||
footer:
|
||||
about_link_text: Joint Enterprise Defense Infrastructure
|
||||
browser_support: JEDI Cloud supported on these web browsers
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user