Rewrite function that builds form data for app environment roles form.

- Adds a property to ApplicationRole model so that it knows its related
  EnvironmentRole models.
- Rewrite the form data builder in the routes file so that it loops the
  application members and their environment roles to build the data
  structure.

atst/domain/environments.py

@@ -113,15 +113,6 @@ class Environments(object):
                 environment=environment, user=member, new_role=new_role
             )
 
-    @classmethod
-    def get_members_by_role(cls, env, role):
-        return (
-            db.session.query(EnvironmentRole)
-            .filter(EnvironmentRole.environment_id == env.id)
-            .filter(EnvironmentRole.role == role)
-            .all()
-        )
-
     @classmethod
     def revoke_access(cls, environment, target_user):
         EnvironmentRoles.delete(environment.id, target_user.id)

atst/models/application_role.py

@@ -1,12 +1,14 @@
 from enum import Enum
 from sqlalchemy import Index, ForeignKey, Column, Enum as SQLAEnum, Table
 from sqlalchemy.dialects.postgresql import UUID
-from sqlalchemy.orm import relationship
+from sqlalchemy.orm import object_session, relationship
 from sqlalchemy.event import listen
 
 from atst.utils import first_or_none
 from atst.models import Base, mixins
 from atst.models.mixins.auditable import record_permission_sets_updates
+from atst.models.environment import Environment
+from atst.models.environment_role import EnvironmentRole
 from .types import Id
 
 
@@ -91,6 +93,22 @@ class ApplicationRole(
             "portfolio": self.application.portfolio.name,
         }
 
+    @property
+    def environment_roles(self):
+        if getattr(self, "_environment_roles", None) is None:
+            roles = (
+                object_session(self)
+                .query(EnvironmentRole)
+                .join(Environment, Environment.application_id == self.application_id)
+                .filter(EnvironmentRole.environment_id == Environment.id)
+                .filter(EnvironmentRole.user_id == self.user_id)
+                .all()
+            )
+
+            setattr(self, "_environment_roles", roles)
+
+        return self._environment_roles
+
 
 Index(
     "application_role_user_application",

atst/routes/applications/settings.py

@@ -30,54 +30,54 @@ def get_environments_obj_for_app(application):
     return environments_obj
 
 
-def serialize_members(member_list, role):
-    serialized_list = []
-
-    for member in member_list:
-        serialized_list.append(
-            {
-                "user_id": str(member.user_id),
-                "user_name": member.user.full_name,
-                "role_name": role,
-            }
-        )
-
-    return serialized_list
-
-
-def sort_env_users_by_role(env):
-    users_list = []
-    no_access_users = env.application.users - env.users
-    no_access_list = [
-        {"user_id": str(user.id), "user_name": user.full_name, "role_name": NO_ACCESS}
-        for user in no_access_users
-    ]
-    users_list.append({"role": NO_ACCESS, "members": no_access_list})
-
-    for role in CSPRole:
-        users_list.append(
-            {
-                "role": role.value,
-                "members": serialize_members(
-                    Environments.get_members_by_role(env, role.value), role.value
-                ),
-            }
-        )
-
-    return users_list
-
-
 def data_for_app_env_roles_form(application):
-    data = {"envs": []}
-    for environment in application.environments:
-        data["envs"].append(
-            {
-                "env_id": environment.id,
-                "team_roles": sort_env_users_by_role(environment),
-            }
-        )
+    csp_roles = [role.value for role in CSPRole]
+    csp_roles.insert(0, NO_ACCESS)
+    # dictionary for sorting application members by environments
+    # and roles within those environments
+    environments_dict = {
+        e.id: {role_name: [] for role_name in csp_roles}
+        for e in application.environments
+    }
+    for member in application.members:
+        env_ids = set(environments_dict.keys())
+        for env_role in member.environment_roles:
+            role_members_list = environments_dict[env_role.environment_id][
+                env_role.role
+            ]
+            role_members_list.append(
+                {
+                    "user_id": str(member.user.id),
+                    "user_name": member.user_name,
+                    "role_name": env_role.role,
+                }
+            )
+            env_ids.remove(env_role.environment_id)
 
-    return data
+        # any leftover environment IDs are ones the app member
+        # does not have access to
+        for env_id in env_ids:
+            role_members_list = environments_dict[env_id][NO_ACCESS]
+            role_members_list.append(
+                {
+                    "user_id": str(member.user.id),
+                    "user_name": member.user_name,
+                    "role_name": NO_ACCESS,
+                }
+            )
+
+    # transform the data into the shape the form needs
+    nested_data = [
+        {
+            "env_id": env_id,
+            "team_roles": [
+                {"role": role, "members": members} for role, members in roles.items()
+            ],
+        }
+        for env_id, roles in environments_dict.items()
+    ]
+
+    return {"envs": nested_data}
 
 
 def check_users_are_in_application(user_ids, application):