rename role -> permission_set everywhere

alembic/versions/a19138e386c4_rename_roles_table_to_permission_sets.py

@@ -0,0 +1,28 @@
+"""rename roles table to permission_sets
+
+Revision ID: a19138e386c4
+Revises: 0e71ab219ada
+Create Date: 2019-03-13 10:18:35.770296
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = 'a19138e386c4'
+down_revision = '0e71ab219ada'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.rename_table("roles", "permission_sets")
+    op.rename_table("portfolio_roles_roles", "portfolio_roles_permission_sets")
+    op.alter_column("portfolio_roles_permission_sets", "role_id", new_column_name="permission_set_id")
+
+
+def downgrade():
+    op.rename_table("permission_sets", "roles")
+    op.rename_table("portfolio_roles_permission_sets", "portfolio_roles_roles")
+    op.alter_column("portfolio_roles_permission_sets", "permission_set_id", new_column_name="role_id")

atst/domain/permission_sets.py

@@ -1,7 +1,7 @@
 from sqlalchemy.orm.exc import NoResultFound
 
 from atst.database import db
-from atst.models import Role, Permissions
+from atst.models import PermissionSet, Permissions
 from .exceptions import NotFoundError
 
 
@@ -265,16 +265,16 @@ PORTFOLIO_PERMISSION_SETS = (
 )
 
 
-class Roles(object):
+class PermissionSets(object):
     @classmethod
-    def get(cls, role_name):
+    def get(cls, perms_set_name):
         try:
-            role = db.session.query(Role).filter_by(name=role_name).one()
+            role = db.session.query(PermissionSet).filter_by(name=perms_set_name).one()
         except NoResultFound:
-            raise NotFoundError("role")
+            raise NotFoundError("permission_set")
 
         return role
 
     @classmethod
     def get_all(cls):
-        return db.session.query(Role).all()
+        return db.session.query(PermissionSet).all()

atst/domain/portfolio_roles.py

@@ -8,7 +8,7 @@ from atst.models.portfolio_role import (
 )
 from atst.models.user import User
 
-from .roles import Roles
+from .permission_sets import PermissionSets
 from .exceptions import NotFoundError
 
 
@@ -108,7 +108,9 @@ class PortfolioRoles(object):
         perms_set_names = PortfolioRoles._DEFAULT_PORTFOLIO_PERMS_SETS.union(
             set(set_names)
         )
-        return [Roles.get(perms_set_name) for perms_set_name in perms_set_names]
+        return [
+            PermissionSets.get(perms_set_name) for perms_set_name in perms_set_names
+        ]
 
     @classmethod
     def update(cls, portfolio_role, set_names):

atst/domain/portfolios/portfolios.py

@@ -1,4 +1,4 @@
-from atst.domain.roles import Roles, PORTFOLIO_PERMISSION_SETS
+from atst.domain.permission_sets import PermissionSets, PORTFOLIO_PERMISSION_SETS
 from atst.domain.authz import Authorization
 from atst.models.permissions import Permissions
 from atst.domain.users import Users
@@ -20,7 +20,9 @@ class Portfolios(object):
         portfolio = PortfoliosQuery.create(
             name=name, defense_component=defense_component
         )
-        perms_sets = [Roles.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
+        perms_sets = [
+            PermissionSets.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS
+        ]
         Portfolios._create_portfolio_role(
             user,
             portfolio,

atst/domain/users.py

@@ -4,7 +4,7 @@ from sqlalchemy.exc import IntegrityError
 from atst.database import db
 from atst.models import User
 
-from .roles import Roles
+from .permission_sets import PermissionSets
 from .exceptions import NotFoundError, AlreadyExistsError, UnauthorizedError
 
 
@@ -29,7 +29,7 @@ class Users(object):
 
     @classmethod
     def create(cls, dod_id, atat_role_name=None, **kwargs):
-        atat_role = Roles.get(atat_role_name)
+        atat_role = PermissionSets.get(atat_role_name)
 
         try:
             user = User(dod_id=dod_id, atat_role=atat_role, **kwargs)
@@ -56,7 +56,7 @@ class Users(object):
     def update_role(cls, user_id, atat_role_name):
 
         user = Users.get(user_id)
-        atat_role = Roles.get(atat_role_name)
+        atat_role = PermissionSets.get(atat_role_name)
         user.atat_role = atat_role
 
         db.session.add(user)

atst/forms/data.py

@@ -1,4 +1,4 @@
-from atst.domain.roles import PORTFOLIO_ROLES as PORTFOLIO_ROLE_DEFINITIONS
+from atst.domain.permission_sets import PORTFOLIO_ROLES as PORTFOLIO_ROLE_DEFINITIONS
 from atst.utils.localization import translate, translate_duration
 
 

atst/models/__init__.py

@@ -3,7 +3,7 @@ from sqlalchemy.ext.declarative import declarative_base
 Base = declarative_base()
 
 from .permissions import Permissions
-from .role import Role
+from .permission_set import PermissionSet
 from .user import User
 from .portfolio_role import PortfolioRole
 from .portfolio import Portfolio

atst/models/permission_set.py

@@ -5,8 +5,8 @@ from sqlalchemy.orm.attributes import flag_modified
 from atst.models import Base, types, mixins
 
 
-class Role(Base, mixins.TimestampsMixin):
+class PermissionSet(Base, mixins.TimestampsMixin):
-    __tablename__ = "roles"
+    __tablename__ = "permission_sets"
 
     id = types.Id()
     name = Column(String, index=True, unique=True, nullable=False)
@@ -27,6 +27,6 @@ class Role(Base, mixins.TimestampsMixin):
         flag_modified(self, "permissions")
 
     def __repr__(self):
-        return "<Role(name='{}', description='{}', permissions='{}', id='{}')>".format(
+        return "<PermissionSet(name='{}', description='{}', permissions='{}', id='{}')>".format(
             self.name, self.description, self.permissions, self.id
         )

atst/models/portfolio_role.py

@@ -30,10 +30,10 @@ class Status(Enum):
 
 
 portfolio_roles_roles = Table(
-    "portfolio_roles_roles",
+    "portfolio_roles_permission_sets",
     Base.metadata,
     Column("portfolio_role_id", UUID(as_uuid=True), ForeignKey("portfolio_roles.id")),
-    Column("role_id", UUID(as_uuid=True), ForeignKey("roles.id")),
+    Column("permission_set_id", UUID(as_uuid=True), ForeignKey("permission_sets.id")),
 )
 
 
@@ -52,7 +52,7 @@ class PortfolioRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
 
     status = Column(SQLAEnum(Status, native_enum=False), default=Status.PENDING)
 
-    permission_sets = relationship("Role", secondary=portfolio_roles_roles)
+    permission_sets = relationship("PermissionSet", secondary=portfolio_roles_roles)
 
     @property
     def permissions(self):

atst/models/user.py

@@ -11,9 +11,9 @@ class User(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
 
     id = types.Id()
     username = Column(String)
-    atat_role_id = Column(UUID(as_uuid=True), ForeignKey("roles.id"))
+    atat_role_id = Column(UUID(as_uuid=True), ForeignKey("permission_sets.id"))
 
-    atat_role = relationship("Role")
+    atat_role = relationship("PermissionSet")
     portfolio_roles = relationship("PortfolioRole", backref="user")
 
     email = Column(String, unique=True)

script/remove_sample_data.py

@@ -16,7 +16,7 @@ from atst.models.audit_event import AuditEvent
 from atst.models.environment import Environment
 from atst.models.environment_role import EnvironmentRole
 from atst.models.application import Application
-from atst.models.role import Role
+from atst.models.permission_set import PermissionSet
 from atst.models.user import User
 from atst.models.portfolio_role import PortfolioRole
 from atst.models.portfolio import Portfolio

script/seed_roles.py

@@ -9,23 +9,35 @@ sys.path.append(parent_dir)
 from sqlalchemy.orm.exc import NoResultFound
 from atst.app import make_config, make_app
 from atst.database import db
-from atst.models import Role, Permissions
+from atst.models import PermissionSet, Permissions
-from atst.domain.roles import ATAT_ROLES, PORTFOLIO_ROLES, PORTFOLIO_PERMISSION_SETS
+from atst.domain.permission_sets import (
+    ATAT_ROLES,
+    PORTFOLIO_ROLES,
+    PORTFOLIO_PERMISSION_SETS,
+)
 
 
 def seed_roles():
-    for role_info in ATAT_ROLES + PORTFOLIO_ROLES + PORTFOLIO_PERMISSION_SETS:
+    for permission_set_info in ATAT_ROLES + PORTFOLIO_ROLES + PORTFOLIO_PERMISSION_SETS:
-        role = Role(**role_info)
+        permission_set = PermissionSet(**permission_set_info)
         try:
-            existing_role = db.session.query(Role).filter_by(name=role.name).one()
+            existing_permission_set = (
-            existing_role.description = role.description
+                db.session.query(PermissionSet)
-            existing_role.permissions = role.permissions
+                .filter_by(name=permission_set.name)
-            existing_role.display_name = role.display_name
+                .one()
-            db.session.add(existing_role)
+            )
-            print("Updated existing role {}".format(existing_role.name))
+            existing_permission_set.description = permission_set.description
+            existing_permission_set.permissions = permission_set.permissions
+            existing_permission_set.display_name = permission_set.display_name
+            db.session.add(existing_permission_set)
+            print(
+                "Updated existing permission_set {}".format(
+                    existing_permission_set.name
+                )
+            )
         except NoResultFound:
-            db.session.add(role)
+            db.session.add(permission_set)
-            print("Added new role {}".format(role.name))
+            print("Added new permission_set {}".format(permission_set.name))
 
     db.session.commit()
 

tests/domain/test_audit_log.py

@@ -2,7 +2,7 @@ import pytest
 
 from atst.domain.audit_log import AuditLog
 from atst.domain.exceptions import UnauthorizedError
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
 from tests.factories import (
     UserFactory,

tests/domain/test_authz.py

@@ -2,7 +2,7 @@ import pytest
 
 from tests.factories import TaskOrderFactory, UserFactory, PortfolioRoleFactory
 from atst.domain.authz import Authorization
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.domain.exceptions import UnauthorizedError
 from atst.models.permissions import Permissions
 
@@ -45,8 +45,8 @@ def test_check_is_ko_or_cor(task_order, invalid_user):
 
 
 def test_has_portfolio_permission():
-    role_one = Roles.get("view_portfolio_funding")
+    role_one = PermissionSets.get("view_portfolio_funding")
-    role_two = Roles.get("view_portfolio_reports")
+    role_two = PermissionSets.get("view_portfolio_reports")
     port_role = PortfolioRoleFactory.create(permission_sets=[role_one, role_two])
     different_user = UserFactory.create()
     assert Authorization.has_portfolio_permission(

tests/domain/test_portfolio_roles.py

@@ -1,7 +1,7 @@
 from atst.domain.portfolio_roles import PortfolioRoles
 from atst.domain.users import Users
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 
 from tests.factories import (
     PortfolioFactory,

tests/domain/test_portfolios.py

@@ -6,7 +6,7 @@ from atst.domain.portfolios import Portfolios, PortfolioError
 from atst.domain.portfolio_roles import PortfolioRoles
 from atst.domain.applications import Applications
 from atst.domain.environments import Environments
-from atst.domain.roles import Roles, PORTFOLIO_PERMISSION_SETS
+from atst.domain.permission_sets import PermissionSets, PORTFOLIO_PERMISSION_SETS
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
 
 from tests.factories import UserFactory, PortfolioRoleFactory, PortfolioFactory
@@ -201,7 +201,7 @@ def test_scoped_portfolio_returns_all_applications_for_portfolio_admin(
         )
 
     admin = UserFactory.from_atat_role("default")
-    perm_sets = [Roles.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
+    perm_sets = [PermissionSets.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
     PortfolioRoleFactory.create(
         user=admin, portfolio=portfolio, permission_sets=perm_sets
     )
@@ -263,7 +263,7 @@ def test_get_for_update_information(portfolio, portfolio_owner):
     assert portfolio == owner_ws
 
     admin = UserFactory.create()
-    perm_sets = [Roles.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
+    perm_sets = [PermissionSets.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
     PortfolioRoleFactory.create(
         user=admin, portfolio=portfolio, permission_sets=perm_sets
     )

tests/domain/test_roles.py

@@ -1,18 +1,18 @@
 import pytest
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.domain.exceptions import NotFoundError
 
 
 def test_get_all_roles():
-    roles = Roles.get_all()
+    roles = PermissionSets.get_all()
     assert roles
 
 
 def test_get_existing_role():
-    role = Roles.get("developer")
+    role = PermissionSets.get("developer")
     assert role.name == "developer"
 
 
 def test_get_nonexistent_role():
     with pytest.raises(NotFoundError):
-        Roles.get("nonexistent")
+        PermissionSets.get("nonexistent")

tests/domain/test_task_orders.py

@@ -2,7 +2,7 @@ import pytest
 
 from atst.domain.task_orders import TaskOrders, TaskOrderError, DD254s
 from atst.domain.exceptions import UnauthorizedError
-from atst.domain.roles import Roles, _VIEW_PORTFOLIO_PERMISSION_SETS
+from atst.domain.permission_sets import PermissionSets, _VIEW_PORTFOLIO_PERMISSION_SETS
 from atst.models.attachment import Attachment
 
 from tests.factories import (
@@ -116,7 +116,7 @@ def test_task_order_access():
         user=member,
         portfolio=task_order.portfolio,
         permission_sets=[
-            Roles.get(prms["name"]) for prms in _VIEW_PORTFOLIO_PERMISSION_SETS
+            PermissionSets.get(prms["name"]) for prms in _VIEW_PORTFOLIO_PERMISSION_SETS
         ],
     )
     TaskOrders.add_officer(

tests/factories.py

@@ -12,10 +12,10 @@ from atst.models.environment import Environment
 from atst.models.application import Application
 from atst.models.task_order import TaskOrder
 from atst.models.user import User
-from atst.models.role import Role
+from atst.models.permission_set import PermissionSet
 from atst.models.portfolio import Portfolio
-from atst.domain.roles import (
+from atst.domain.permission_sets import (
-    Roles,
+    PermissionSets,
     PORTFOLIO_ROLES,
     PORTFOLIO_PERMISSION_SETS,
     _VIEW_PORTFOLIO_PERMISSION_SETS,
@@ -70,11 +70,13 @@ def _random_date(year_min, year_max, operation):
 
 
 def base_portfolio_permission_sets():
-    return [Roles.get(prms["name"]) for prms in _VIEW_PORTFOLIO_PERMISSION_SETS]
+    return [
+        PermissionSets.get(prms["name"]) for prms in _VIEW_PORTFOLIO_PERMISSION_SETS
+    ]
 
 
 def get_all_portfolio_permission_sets():
-    return [Roles.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
+    return [PermissionSets.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
 
 
 class Base(factory.alchemy.SQLAlchemyModelFactory):
@@ -91,7 +93,7 @@ class UserFactory(Base):
     email = factory.Faker("email")
     first_name = factory.Faker("first_name")
     last_name = factory.Faker("last_name")
-    atat_role = factory.LazyFunction(lambda: Roles.get("default"))
+    atat_role = factory.LazyFunction(lambda: PermissionSets.get("default"))
     dod_id = factory.LazyFunction(random_dod_id)
     phone_number = factory.LazyFunction(random_phone_number)
     service_branch = factory.LazyFunction(random_service_branch)
@@ -104,7 +106,7 @@ class UserFactory(Base):
 
     @classmethod
     def from_atat_role(cls, atat_role_name, **kwargs):
-        role = Roles.get(atat_role_name)
+        role = PermissionSets.get(atat_role_name)
         return cls.create(atat_role=role, **kwargs)
 
 
@@ -142,7 +144,8 @@ class PortfolioFactory(Base):
             perms_set = None
             if member.get("permissions_sets"):
                 perms_set = [
-                    Roles.get(perm_set) for perm_set in member.get("permission_sets")
+                    PermissionSets.get(perm_set)
+                    for perm_set in member.get("permission_sets")
                 ]
             else:
                 perms_set = []

tests/models/test_portfolio_role.py

@@ -4,9 +4,8 @@ import datetime
 from atst.domain.environments import Environments
 from atst.domain.portfolios import Portfolios
 from atst.domain.applications import Applications
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.models.portfolio_role import Status
-from atst.models.role import Role
 from atst.models.invitation import Status as InvitationStatus
 from atst.models.audit_event import AuditEvent
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
@@ -286,8 +285,8 @@ def test_can_list_all_environments():
 
 
 def test_can_list_all_permissions():
-    role_one = Roles.get("view_portfolio_funding")
+    role_one = PermissionSets.get("view_portfolio_funding")
-    role_two = Roles.get("view_portfolio_reports")
+    role_two = PermissionSets.get("view_portfolio_reports")
     port_role = PortfolioRoleFactory.create(permission_sets=[role_one, role_two])
     expected_perms = role_one.permissions + role_two.permissions
     assert expected_perms == expected_perms

tests/routes/portfolios/test_applications.py

@@ -12,7 +12,7 @@ from tests.factories import (
 
 from atst.domain.applications import Applications
 from atst.domain.portfolios import Portfolios
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
 
 

tests/routes/portfolios/test_members.py

@@ -12,7 +12,7 @@ from atst.domain.portfolio_roles import PortfolioRoles
 from atst.domain.applications import Applications
 from atst.domain.environments import Environments
 from atst.domain.environment_roles import EnvironmentRoles
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.queue import queue
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
 from atst.models.invitation import Status as InvitationStatus
@@ -139,7 +139,7 @@ def test_update_member_portfolio_role(client, user_session):
         follow_redirects=True,
     )
     assert response.status_code == 200
-    edit_funding = Roles.get("edit_portfolio_funding")
+    edit_funding = PermissionSets.get("edit_portfolio_funding")
     assert edit_funding in member.permission_sets
 
 

tests/routes/portfolios/test_task_orders.py

@@ -2,7 +2,7 @@ from flask import url_for
 import pytest
 from datetime import timedelta, date
 
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.domain.task_orders import TaskOrders
 from atst.models.portfolio_role import Status as PortfolioStatus
 from atst.models.invitation import Status as InvitationStatus
@@ -234,8 +234,8 @@ def test_ko_can_view_task_order(client, user_session, portfolio, user):
         user=user,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
     task_order = TaskOrderFactory.create(portfolio=portfolio, contracting_officer=user)
@@ -301,8 +301,8 @@ def test_ko_can_view_ko_review_page(client, user_session):
         user=ko,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
     PortfolioRoleFactory.create(
@@ -310,8 +310,8 @@ def test_ko_can_view_ko_review_page(client, user_session):
         user=cor,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
     task_order = TaskOrderFactory.create(
@@ -378,8 +378,8 @@ def test_cor_redirected_to_build_page(client, user_session, portfolio):
         user=cor,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
     task_order = TaskOrderFactory.create(
@@ -400,8 +400,8 @@ def test_submit_completed_ko_review_page_as_cor(
         user=user,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
 
@@ -448,8 +448,8 @@ def test_submit_completed_ko_review_page_as_ko(
         user=ko,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
 
@@ -492,8 +492,8 @@ def test_so_review_page(app, client, user_session, portfolio):
         user=so,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
     task_order = TaskOrderFactory.create(portfolio=portfolio, security_officer=so)
@@ -533,8 +533,8 @@ def test_submit_so_review(app, client, user_session, portfolio):
         user=so,
         status=PortfolioStatus.ACTIVE,
         permission_sets=[
-            Roles.get("view_portfolio"),
+            PermissionSets.get("view_portfolio"),
-            Roles.get("view_portfolio_funding"),
+            PermissionSets.get("view_portfolio_funding"),
         ],
     )
     task_order = TaskOrderFactory.create(portfolio=portfolio, security_officer=so)

tests/test_auth.py

@@ -4,7 +4,7 @@ import pytest
 from flask import session, url_for
 from .mocks import DOD_SDN_INFO, DOD_SDN, FIXTURE_EMAIL_ADDRESS
 from atst.domain.users import Users
-from atst.domain.roles import Roles
+from atst.domain.permission_sets import PermissionSets
 from atst.domain.exceptions import NotFoundError
 from atst.domain.auth import UNPROTECTED_ROUTES
 from .factories import UserFactory
@@ -48,7 +48,7 @@ def test_successful_login_redirect_ccpo(client, monkeypatch):
     monkeypatch.setattr(
         "atst.domain.authnid.AuthenticationContext.authenticate", lambda *args: True
     )
-    role = Roles.get("ccpo")
+    role = PermissionSets.get("ccpo")
     monkeypatch.setattr(
         "atst.domain.authnid.AuthenticationContext.get_user",
         lambda *args: UserFactory.create(atat_role=role),