From 202f88bae59c05644f8abeca22ff5a04d9fb222f Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Mon, 30 Jul 2018 14:04:05 -0400
Subject: [PATCH] update handlers to user Users repo for managing authorization

---
 atst/app.py                     | 11 +++--------
 atst/domain/roles.py            | 13 +++++++------
 atst/domain/users.py            | 18 ++++++++----------
 atst/handler.py                 | 21 +++++++--------------
 atst/handlers/dev.py            | 12 +++++-------
 atst/handlers/login_redirect.py |  4 ++--
 atst/handlers/request.py        |  1 +
 atst/handlers/request_submit.py |  1 +
 atst/handlers/workspaces.py     |  4 ++--
 tests/conftest.py               |  1 -
 10 files changed, 36 insertions(+), 50 deletions(-)

diff --git a/atst/app.py b/atst/app.py
index 4a76fbda..5ef0e18f 100644
--- a/atst/app.py
+++ b/atst/app.py
@@ -35,7 +35,7 @@ def make_app(config, deps, **kwargs):
             {
                 "sessions": deps["sessions"],
                 "authnid_client": deps["authnid_client"],
-                "authz_client": deps["authz_client"],
+                "db_session": deps["db_session"],
             },
             name="login_redirect",
         ),
@@ -50,7 +50,7 @@ def make_app(config, deps, **kwargs):
         url(
             r"/workspaces",
             Workspaces,
-            {"page": "workspaces", "authz_client": deps["authz_client"]},
+            {"page": "workspaces", "db_session": deps["db_session"]},
             name="workspaces",
         ),
         url(
@@ -136,7 +136,7 @@ def make_app(config, deps, **kwargs):
                 {
                     "action": "login",
                     "sessions": deps["sessions"],
-                    "authz_client": deps["authz_client"],
+                    "db_session": deps["db_session"],
                 },
                 name="dev-login",
             )
@@ -167,11 +167,6 @@ def make_deps(config):
 
     return {
         "db_session": make_db(config),
-        "authz_client": ApiClient(
-            config["default"]["AUTHZ_BASE_URL"],
-            api_version="v1",
-            validate_cert=validate_cert,
-        ),
         "authnid_client": ApiClient(
             config["default"]["AUTHNID_BASE_URL"],
             api_version="v1",
diff --git a/atst/domain/roles.py b/atst/domain/roles.py
index 1b5f66c0..87a36961 100644
--- a/atst/domain/roles.py
+++ b/atst/domain/roles.py
@@ -5,15 +5,16 @@ from .exceptions import NotFoundError
 
 
 class Roles(object):
-    @classmethod
-    def get(cls, role_name):
+    def __init__(self, db_session):
+        self.db_session = db_session
+
+    def get(self, role_name):
         try:
-            role = Role.query.filter_by(name=role_name).one()
+            role = self.db_session.query(Role).filter_by(name=role_name).one()
         except NoResultFound:
             raise NotFoundError("role")
 
         return role
 
-    @classmethod
-    def get_all(cls):
-        return Role.query.all()
+    def get_all(self):
+        return self.db_session.query(Role).all()
diff --git a/atst/domain/users.py b/atst/domain/users.py
index ace13eb5..94e99056 100644
--- a/atst/domain/users.py
+++ b/atst/domain/users.py
@@ -11,18 +11,19 @@ class Users(object):
 
     def __init__(self, db_session):
         self.db_session = db_session
+        self.roles_repo = Roles(db_session)
 
 
     def get(self, user_id):
         try:
-            user = User.query.filter_by(id=user_id).one()
+            user = self.db_session.query(User).filter_by(id=user_id).one()
         except NoResultFound:
             raise NotFoundError("user")
 
         return user
 
     def create(self, user_id, atat_role_name):
-        atat_role = Roles.get(atat_role_name)
+        atat_role = self.roles_repo.get(atat_role_name)
 
         try:
             user = User(id=user_id, atat_role=atat_role)
@@ -34,22 +35,19 @@ class Users(object):
         return user
 
     def get_or_create(self, user_id, *args, **kwargs):
-        created = False
-
         try:
-            user = Users.get(user_id)
+            user = self.get(user_id)
         except NotFoundError:
-            user = Users.create(user_id, *args, **kwargs)
+            user = self.create(user_id, *args, **kwargs)
             self.db_session.add(user)
             self.db_session.commit()
-            created = True
 
-        return user, created
+        return user
 
     def update(self, user_id, atat_role_name):
 
-        user = Users.get(user_id)
-        atat_role = Roles.get(atat_role_name)
+        user = self.get(user_id)
+        atat_role = self.roles_repo.get(atat_role_name)
         user.atat_role = atat_role
 
         self.db_session.add(user)
diff --git a/atst/handler.py b/atst/handler.py
index 3766aa95..bcbcf879 100644
--- a/atst/handler.py
+++ b/atst/handler.py
@@ -1,6 +1,7 @@
 import tornado.web
 from atst.assets import environment
 from atst.sessions import SessionNotFoundError
+from atst.domain.users import Users
 
 helpers = {"assets": environment}
 
@@ -15,26 +16,18 @@ class BaseHandler(tornado.web.RequestHandler):
 
     @tornado.gen.coroutine
     def login(self, user):
-        user_permissions = yield self._get_user_permissions(user["id"])
-        user["atat_permissions"] = user_permissions["atat_permissions"]
-        user["atat_role"] = user_permissions["atat_role"]
+        db_user = yield self._get_user_permissions(user["id"])
+        user["atat_permissions"] = db_user.atat_permissions
+        user["atat_role"] = db_user.atat_role.name
         session_id = self.sessions.start_session(user)
         self.set_secure_cookie("atat", session_id)
         return self.redirect("/home")
 
     @tornado.gen.coroutine
     def _get_user_permissions(self, user_id):
-        response = yield self.authz_client.get(
-            "/users/{}".format(user_id), raise_error=False
-        )
-        if response.code == 404:
-            response = yield self.authz_client.post(
-                "/users", json={"id": user_id, "atat_role": "developer"}
-            )
-            return response.json
-
-        else:
-            return response.json
+        user_repo = Users(self.db_session)
+        user = user_repo.get_or_create(user_id, atat_role_name="developer")
+        return user
 
     def get_current_user(self):
         cookie = self.get_secure_cookie("atat")
diff --git a/atst/handlers/dev.py b/atst/handlers/dev.py
index 878aca11..4394936b 100644
--- a/atst/handlers/dev.py
+++ b/atst/handlers/dev.py
@@ -1,6 +1,7 @@
 import tornado.gen
 
 from atst.handler import BaseHandler
+from atst.domain.users import Users
 
 _DEV_USERS = {
     "sam": {
@@ -9,7 +10,6 @@ _DEV_USERS = {
         "last_name": "Seeceepio",
         "atat_role": "ccpo"
     },
-
     "amanda": {
         "id": "cce17030-4109-4719-b958-ed109dbb87c8",
         "first_name": "Amanda",
@@ -44,10 +44,11 @@ _DEV_USERS = {
 
 class Dev(BaseHandler):
 
-    def initialize(self, action, sessions, authz_client):
+    def initialize(self, action, sessions, db_session):
+        self.db_session = db_session
         self.action = action
         self.sessions = sessions
-        self.authz_client = authz_client
+        self.users_repo = Users(db_session)
 
     @tornado.gen.coroutine
     def get(self):
@@ -58,7 +59,4 @@ class Dev(BaseHandler):
 
     @tornado.gen.coroutine
     def _set_user_permissions(self, user_id, role):
-        response = yield self.authz_client.post(
-            "/users", json={"id": user_id, "atat_role": role}
-        )
-        return response.json
+        return self.users_repo.get_or_create(user_id, atat_role_name=role)
diff --git a/atst/handlers/login_redirect.py b/atst/handlers/login_redirect.py
index 59fb8751..7746e934 100644
--- a/atst/handlers/login_redirect.py
+++ b/atst/handlers/login_redirect.py
@@ -3,10 +3,10 @@ from atst.handler import BaseHandler
 
 
 class LoginRedirect(BaseHandler):
-    def initialize(self, authnid_client, sessions, authz_client):
+    def initialize(self, authnid_client, sessions, db_session):
+        self.db_session = db_session
         self.authnid_client = authnid_client
         self.sessions = sessions
-        self.authz_client = authz_client
 
     @tornado.gen.coroutine
     def get(self):
diff --git a/atst/handlers/request.py b/atst/handlers/request.py
index 1373280a..6918526e 100644
--- a/atst/handlers/request.py
+++ b/atst/handlers/request.py
@@ -22,6 +22,7 @@ def map_request(user, request):
 class Request(BaseHandler):
     def initialize(self, page, db_session):
         self.page = page
+        self.db_session = db_session
         self.requests = Requests(db_session)
 
     @tornado.web.authenticated
diff --git a/atst/handlers/request_submit.py b/atst/handlers/request_submit.py
index ff27803b..116e996a 100644
--- a/atst/handlers/request_submit.py
+++ b/atst/handlers/request_submit.py
@@ -6,6 +6,7 @@ from atst.domain.requests import Requests
 
 class RequestsSubmit(BaseHandler):
     def initialize(self, db_session):
+        self.db_session = db_session
         self.requests_repo = Requests(db_session)
 
     @tornado.web.authenticated
diff --git a/atst/handlers/workspaces.py b/atst/handlers/workspaces.py
index c7e06451..b6fa1dbe 100644
--- a/atst/handlers/workspaces.py
+++ b/atst/handlers/workspaces.py
@@ -12,9 +12,9 @@ mock_workspaces = [
 
 
 class Workspaces(BaseHandler):
-    def initialize(self, page, authz_client):
+    def initialize(self, page, db_session):
         self.page = page
-        self.authz_client = authz_client
+        self.db_session = db_session
 
     @tornado.gen.coroutine
     @tornado.web.authenticated
diff --git a/tests/conftest.py b/tests/conftest.py
index a0ed8550..555e1f79 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -10,7 +10,6 @@ from atst.sessions import DictSessions
 @pytest.fixture
 def app(db):
     TEST_DEPS = {
-        "authz_client": MockAuthzClient("authz"),
         "authnid_client": MockApiClient("authnid"),
         "fundz_client": MockFundzClient("fundz"),
         "sessions": DictSessions(),