diff --git a/atst/app.py b/atst/app.py index 163a7bae..4f7bdbff 100644 --- a/atst/app.py +++ b/atst/app.py @@ -18,6 +18,7 @@ from atst.routes.applications import applications_bp from atst.routes.dev import bp as dev_routes from atst.routes.users import bp as user_routes from atst.routes.errors import make_error_pages +from atst.routes.ccpo import bp as ccpo_routes from atst.domain.authnid.crl import CRLCache, NoOpCRLCache from atst.domain.auth import apply_authentication from atst.domain.authz import Authorization @@ -78,6 +79,7 @@ def make_app(config): app.register_blueprint(task_orders_bp) app.register_blueprint(applications_bp) app.register_blueprint(user_routes) + app.register_blueprint(ccpo_routes) if ENV != "prod": app.register_blueprint(dev_routes) diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index 034d9956..cb39a0bb 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -128,50 +128,6 @@ def logout(): return response -@bp.route("/activity-history") -@user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log") -def activity_history(): - pagination_opts = Paginator.get_pagination_opts(request) - audit_events = AuditLog.get_all_events(pagination_opts) - return render_template("audit_log/audit_log.html", audit_events=audit_events) - - -@bp.route("/ccpo-users") -@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users") -def ccpo_users(): - users = Users.get_ccpo_users() - return render_template("ccpo/users.html", users=users) - - -@bp.route("/ccpo-users/new") -@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user") -def add_new_ccpo_user(): - form = CCPOUserForm() - return render_template("ccpo/add_user.html", form=form) - - -@bp.route("/ccpo-users/new", methods=["POST"]) -@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user") -def submit_add_new_ccpo_user(): - try: - new_user = Users.get_by_dod_id(request.form["dod_id"]) - form = CCPOUserForm(obj=new_user) - except NotFoundError: - new_user = None - form = CCPOUserForm() - - return render_template("ccpo/confirm_user.html", new_user=new_user, form=form) - - -@bp.route("/ccpo-users/confirm-new", methods=["POST"]) -@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user") -def confirm_new_ccpo_user(): - user = Users.get_by_dod_id(request.form["dod_id"]) - Users.update_ccpo_permissions(user, add_perms=True) - flash("ccpo_user_added", user_name=user.full_name) - return redirect(url_for("atst.ccpo_users")) - - @bp.route("/about") def about(): return render_template("about.html") diff --git a/atst/routes/ccpo.py b/atst/routes/ccpo.py new file mode 100644 index 00000000..f3e9d469 --- /dev/null +++ b/atst/routes/ccpo.py @@ -0,0 +1,58 @@ +from flask import Blueprint, render_template, redirect, url_for, request +from atst.domain.users import Users +from atst.domain.audit_log import AuditLog +from atst.domain.common import Paginator +from atst.domain.exceptions import NotFoundError +from atst.domain.authz.decorator import user_can_access_decorator as user_can +from atst.forms.ccpo_user import CCPOUserForm +from atst.models.permissions import Permissions +from atst.utils.context_processors import atat as atat_context_processor +from atst.utils.flash import formatted_flash as flash + + +bp = Blueprint("ccpo", __name__) +bp.context_processor(atat_context_processor) + + +@bp.route("/activity-history") +@user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log") +def activity_history(): + pagination_opts = Paginator.get_pagination_opts(request) + audit_events = AuditLog.get_all_events(pagination_opts) + return render_template("audit_log/audit_log.html", audit_events=audit_events) + + +@bp.route("/ccpo-users") +@user_can(Permissions.VIEW_CCPO_USER, message="view ccpo users") +def ccpo_users(): + users = Users.get_ccpo_users() + return render_template("ccpo/users.html", users=users) + + +@bp.route("/ccpo-users/new") +@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user") +def add_new_ccpo_user(): + form = CCPOUserForm() + return render_template("ccpo/add_user.html", form=form) + + +@bp.route("/ccpo-users/new", methods=["POST"]) +@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user") +def submit_add_new_ccpo_user(): + try: + new_user = Users.get_by_dod_id(request.form["dod_id"]) + form = CCPOUserForm(obj=new_user) + except NotFoundError: + new_user = None + form = CCPOUserForm() + + return render_template("ccpo/confirm_user.html", new_user=new_user, form=form) + + +@bp.route("/ccpo-users/confirm-new", methods=["POST"]) +@user_can(Permissions.CREATE_CCPO_USER, message="create ccpo user") +def confirm_new_ccpo_user(): + user = Users.get_by_dod_id(request.form["dod_id"]) + Users.update_ccpo_permissions(user, add_perms=True) + flash("ccpo_user_added", user_name=user.full_name) + return redirect(url_for("ccpo.ccpo_users")) diff --git a/templates/audit_log/audit_log.html b/templates/audit_log/audit_log.html index 803d70ad..57a6656c 100644 --- a/templates/audit_log/audit_log.html +++ b/templates/audit_log/audit_log.html @@ -4,6 +4,6 @@ {% block content %}
{% include "fragments/audit_events_log.html" %} - {{ Pagination(audit_events, url_for('atst.activity_history'))}} + {{ Pagination(audit_events, url_for('ccpo.activity_history'))}}
{% endblock %} diff --git a/templates/ccpo/add_user.html b/templates/ccpo/add_user.html index 505ab20b..81690e0f 100644 --- a/templates/ccpo/add_user.html +++ b/templates/ccpo/add_user.html @@ -3,7 +3,7 @@ {% from "components/text_input.html" import TextInput %} {% block content %} -
+ {{ form.csrf_token }}

Add new CCPO user

@@ -17,7 +17,7 @@ v-bind:disabled="invalid" class='action-group__action usa-button' value='Next'> - {{ "common.cancel" | translate }} + {{ "common.cancel" | translate }}
diff --git a/templates/ccpo/confirm_user.html b/templates/ccpo/confirm_user.html index 2012fc0f..a20cc3f9 100644 --- a/templates/ccpo/confirm_user.html +++ b/templates/ccpo/confirm_user.html @@ -6,7 +6,7 @@ {% block content %} {% if new_user %} {% call Alert('Confirm new CCPO user') %} - + {{ form.csrf_token }}
@@ -26,7 +26,7 @@ v-bind:disabled="invalid" class='action-group__action usa-button' value='Confirm and Add User'> - {{ "common.cancel" | translate }} + {{ "common.cancel" | translate }}
{% endcall %} @@ -34,7 +34,7 @@ {% call Alert('User not found') %} To add someone as a CCPO user, they must already have an ATAT account.
- + Return to list of CCPO users
diff --git a/templates/ccpo/users.html b/templates/ccpo/users.html index 7e29a1d6..891ceb7a 100644 --- a/templates/ccpo/users.html +++ b/templates/ccpo/users.html @@ -31,7 +31,7 @@ {% if user_can(permissions.CREATE_CCPO_USER) %} - + Add new CCPO user {{ Icon("plus") }} {% endif %} diff --git a/tests/test_access.py b/tests/test_access.py index 29e3a796..b02cf489 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -110,53 +110,53 @@ def post_url_assert_status(client, user_session): return _get_url_assert_status -# atst.activity_history +# ccpo.activity_history def test_atst_activity_history_access(get_url_assert_status): ccpo = user_with(PermissionSets.VIEW_AUDIT_LOG) rando = user_with() - url = url_for("atst.activity_history") + url = url_for("ccpo.activity_history") get_url_assert_status(ccpo, url, 200) get_url_assert_status(rando, url, 404) -# atst.ccpo_users -def test_atst_ccpo_users_access(get_url_assert_status): +# ccpo.ccpo_users +def test_ccpo_ccpo_users_access(get_url_assert_status): ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS) rando = user_with() - url = url_for("atst.ccpo_users") + url = url_for("ccpo.ccpo_users") get_url_assert_status(ccpo, url, 200) get_url_assert_status(rando, url, 404) -# atst.add_new_ccpo_user -def test_atst_add_new_ccpo_user_access(get_url_assert_status): +# ccpo.add_new_ccpo_user +def test_ccpo_add_new_ccpo_user_access(get_url_assert_status): ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS) rando = user_with() - url = url_for("atst.add_new_ccpo_user") + url = url_for("ccpo.add_new_ccpo_user") get_url_assert_status(ccpo, url, 200) get_url_assert_status(rando, url, 404) -# atst.submit_add_new_ccpo_user -def test_atst_submit_add_new_ccpo_user_access(post_url_assert_status): +# ccpo.submit_add_new_ccpo_user +def test_ccpo_submit_add_new_ccpo_user_access(post_url_assert_status): ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS) rando = user_with() - url = url_for("atst.submit_add_new_ccpo_user") + url = url_for("ccpo.submit_add_new_ccpo_user") post_url_assert_status(ccpo, url, 200, data={"dod_id": "1234567890"}) post_url_assert_status(rando, url, 404, data={"dod_id": "1234567890"}) -# atst.confirm_new_ccpo_user -def test_atst_confirm_new_ccpo_user_access(post_url_assert_status): +# ccpo.confirm_new_ccpo_user +def test_ccpo_confirm_new_ccpo_user_access(post_url_assert_status): ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS) rando = user_with() user = UserFactory.create() - url = url_for("atst.confirm_new_ccpo_user") + url = url_for("ccpo.confirm_new_ccpo_user") post_url_assert_status(ccpo, url, 302, data={"dod_id": user.dod_id}) post_url_assert_status(rando, url, 404, data={"dod_id": user.dod_id})