From a0bccc64a95d690acd3b3fd61f334fbe271a9ca2 Mon Sep 17 00:00:00 2001 From: graham-dds Date: Mon, 28 Oct 2019 13:14:39 -0400 Subject: [PATCH 1/4] Disable PortfolioRole when revoking an invite --- atst/domain/invitations.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/atst/domain/invitations.py b/atst/domain/invitations.py index 663d2201..4b89917a 100644 --- a/atst/domain/invitations.py +++ b/atst/domain/invitations.py @@ -138,6 +138,12 @@ class PortfolioInvitations(BaseInvitations): model = PortfolioInvitation role_domain_class = PortfolioRoles + @classmethod + def revoke(cls, token): + invite = super().revoke(token) + PortfolioRoles.disable(invite.role) + return invite + class ApplicationInvitations(BaseInvitations): model = ApplicationInvitation From ccaabcaab019e502253dc51e11bdeb713e56f1c1 Mon Sep 17 00:00:00 2001 From: graham-dds Date: Mon, 28 Oct 2019 13:15:42 -0400 Subject: [PATCH 2/4] Add revoke invitation logic to port. admin route --- atst/routes/portfolios/admin.py | 15 +++++++++++---- tests/domain/test_invitations.py | 2 +- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/atst/routes/portfolios/admin.py b/atst/routes/portfolios/admin.py index 3a2171d7..a17d23b2 100644 --- a/atst/routes/portfolios/admin.py +++ b/atst/routes/portfolios/admin.py @@ -3,6 +3,8 @@ from flask import render_template, request as http_request, g, redirect, url_for from . import portfolios_bp from atst.domain.portfolios import Portfolios from atst.domain.portfolio_roles import PortfolioRoles +from atst.models.portfolio_role import Status as PortfolioRoleStatus +from atst.domain.invitations import PortfolioInvitations from atst.domain.permission_sets import PermissionSets from atst.domain.audit_log import AuditLog from atst.domain.common import Paginator @@ -183,10 +185,15 @@ def remove_member(portfolio_id, portfolio_role_id): raise UnauthorizedError( g.current_user, "you can't delete the portfolios PPoC from the portfolio" ) - - # TODO: should this cascade and disable any application and environment - # roles they might have? - PortfolioRoles.disable(portfolio_role=portfolio_role) + if ( + portfolio_role.latest_invitation + and portfolio_role.status == PortfolioRoleStatus.PENDING + ): + PortfolioInvitations.revoke(portfolio_role.latest_invitation.token) + else: + # TODO: should this cascade and disable any application and environment + # roles they might have? + PortfolioRoles.disable(portfolio_role=portfolio_role) flash("portfolio_member_removed", member_name=portfolio_role.full_name) diff --git a/tests/domain/test_invitations.py b/tests/domain/test_invitations.py index 24d0c166..4d8073be 100644 --- a/tests/domain/test_invitations.py +++ b/tests/domain/test_invitations.py @@ -134,7 +134,7 @@ def test_revoke_invitation(): assert invite.is_pending PortfolioInvitations.revoke(invite.token) assert invite.is_revoked - assert invite.role.status == PortfolioRoleStatus.PENDING + assert invite.role.status == PortfolioRoleStatus.DISABLED def test_resend_invitation(session): From eb22d5ec1e49f35ba9cac0eb9a8876d226eac08e Mon Sep 17 00:00:00 2001 From: graham-dds Date: Mon, 28 Oct 2019 13:27:57 -0400 Subject: [PATCH 3/4] Invitation revoking & role disabling to base class --- atst/domain/invitations.py | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/atst/domain/invitations.py b/atst/domain/invitations.py index 4b89917a..069be936 100644 --- a/atst/domain/invitations.py +++ b/atst/domain/invitations.py @@ -114,7 +114,9 @@ class BaseInvitations(object): @classmethod def revoke(cls, token): invite = cls._get(token) - return cls._update_status(invite, InvitationStatus.REVOKED) + invite = cls._update_status(invite, InvitationStatus.REVOKED) + cls.role_domain_class.disable(invite.role) + return invite @classmethod def resend(cls, inviter, token, user_info=None): @@ -138,19 +140,7 @@ class PortfolioInvitations(BaseInvitations): model = PortfolioInvitation role_domain_class = PortfolioRoles - @classmethod - def revoke(cls, token): - invite = super().revoke(token) - PortfolioRoles.disable(invite.role) - return invite - class ApplicationInvitations(BaseInvitations): model = ApplicationInvitation role_domain_class = ApplicationRoles - - @classmethod - def revoke(cls, token): - invite = super().revoke(token) - ApplicationRoles.disable(invite.role) - return invite From 5526356938eb3f33d2d6e9c9c34f677190212202 Mon Sep 17 00:00:00 2001 From: graham-dds Date: Mon, 28 Oct 2019 14:01:54 -0400 Subject: [PATCH 4/4] remove TODO from admin.py --- atst/routes/portfolios/admin.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/atst/routes/portfolios/admin.py b/atst/routes/portfolios/admin.py index a17d23b2..187ca714 100644 --- a/atst/routes/portfolios/admin.py +++ b/atst/routes/portfolios/admin.py @@ -185,14 +185,13 @@ def remove_member(portfolio_id, portfolio_role_id): raise UnauthorizedError( g.current_user, "you can't delete the portfolios PPoC from the portfolio" ) + if ( portfolio_role.latest_invitation and portfolio_role.status == PortfolioRoleStatus.PENDING ): PortfolioInvitations.revoke(portfolio_role.latest_invitation.token) else: - # TODO: should this cascade and disable any application and environment - # roles they might have? PortfolioRoles.disable(portfolio_role=portfolio_role) flash("portfolio_member_removed", member_name=portfolio_role.full_name)