Consolidate WorkspaceUser into WorkspaceRole

This commit is contained in:
richard-dds 2018-11-02 15:24:25 -04:00
parent d78c6de386
commit 3765a73dc1
16 changed files with 127 additions and 173 deletions

View File

@ -1,4 +1,4 @@
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.models.permissions import Permissions
from atst.domain.exceptions import UnauthorizedError
@ -6,7 +6,7 @@ from atst.domain.exceptions import UnauthorizedError
class Authorization(object):
@classmethod
def has_workspace_permission(cls, user, workspace, permission):
return permission in WorkspaceUsers.workspace_user_permissions(workspace, user)
return permission in WorkspaceRoles.workspace_role_permissions(workspace, user)
@classmethod
def has_atat_permission(cls, user, permission):

View File

@ -58,7 +58,7 @@ class Environments(object):
return env
@classmethod
def update_environment_roles(cls, user, workspace, workspace_user, ids_and_roles):
def update_environment_roles(cls, user, workspace, workspace_role, ids_and_roles):
Authorization.check_workspace_permission(
user,
workspace,
@ -71,16 +71,16 @@ class Environments(object):
environment = Environments.get(id_and_role["id"])
if new_role is None:
EnvironmentRoles.delete(workspace_user.user.id, environment.id)
EnvironmentRoles.delete(workspace_role.user.id, environment.id)
else:
env_role = EnvironmentRoles.get(
workspace_user.user.id, id_and_role["id"]
workspace_role.user.id, id_and_role["id"]
)
if env_role:
env_role.role = new_role
else:
env_role = EnvironmentRole(
user=workspace_user.user, environment=environment, role=new_role
user=workspace_role.user, environment=environment, role=new_role
)
db.session.add(env_role)

View File

@ -3,7 +3,7 @@ from sqlalchemy.orm.exc import NoResultFound
from atst.database import db
from atst.models.invitation import Invitation, Status as InvitationStatus
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from .exceptions import NotFoundError
@ -83,7 +83,7 @@ class Invitations(object):
elif invite.is_pending:
Invitations._update_status(invite, InvitationStatus.ACCEPTED)
WorkspaceUsers.enable(invite.workspace_role)
WorkspaceRoles.enable(invite.workspace_role)
return invite
@classmethod

View File

@ -48,7 +48,7 @@ class Projects(object):
)
@classmethod
def get_all(cls, user, workspace_user, workspace):
def get_all(cls, user, workspace_role, workspace):
Authorization.check_workspace_permission(
user,
workspace,

View File

@ -2,7 +2,6 @@ from sqlalchemy.orm.exc import NoResultFound
from atst.database import db
from atst.models.workspace_role import WorkspaceRole, Status as WorkspaceRoleStatus
from atst.models.workspace_user import WorkspaceUser
from atst.models.user import User
from .roles import Roles
@ -10,14 +9,9 @@ from .users import Users
from .exceptions import NotFoundError
class WorkspaceUsers(object):
class WorkspaceRoles(object):
@classmethod
def get(cls, workspace_id, user_id):
try:
user = Users.get(user_id)
except NoResultFound:
raise NotFoundError("user")
try:
workspace_role = (
db.session.query(WorkspaceRole)
@ -28,7 +22,7 @@ class WorkspaceUsers(object):
except NoResultFound:
workspace_role = None
return WorkspaceUser(user, workspace_role)
return workspace_role
@classmethod
def _get_active_workspace_role(cls, workspace_id, user_id):
@ -44,8 +38,8 @@ class WorkspaceUsers(object):
return None
@classmethod
def workspace_user_permissions(cls, workspace, user):
workspace_role = WorkspaceUsers._get_active_workspace_role(
def workspace_role_permissions(cls, workspace, user):
workspace_role = WorkspaceRoles._get_active_workspace_role(
workspace.id, user.id
)
atat_permissions = set(user.atat_role.permissions)
@ -94,23 +88,23 @@ class WorkspaceUsers(object):
db.session.add(user)
db.session.commit()
return WorkspaceUser(user, new_workspace_role)
return new_workspace_role
@classmethod
def update_role(cls, member, workspace_id, role_name):
new_role = Roles.get(role_name)
workspace_role = WorkspaceUsers._get_workspace_role(member.user, workspace_id)
workspace_role = WorkspaceRoles._get_workspace_role(member.user, workspace_id)
workspace_role.role = new_role
db.session.add(workspace_role)
db.session.commit()
return WorkspaceUser(member.user, workspace_role)
return workspace_role
@classmethod
def add_many(cls, workspace_id, workspace_user_dicts):
workspace_users = []
def add_many(cls, workspace_id, workspace_role_dicts):
workspace_roles = []
for user_dict in workspace_user_dicts:
for user_dict in workspace_role_dicts:
try:
user = Users.get(user_dict["id"])
except NoResultFound:
@ -139,14 +133,13 @@ class WorkspaceUsers(object):
)
user.workspace_roles.append(new_workspace_role)
workspace_user = WorkspaceUser(user, new_workspace_role)
workspace_users.append(workspace_user)
workspace_roles.append(new_workspace_role)
db.session.add(user)
db.session.commit()
return workspace_users
return workspace_roles
@classmethod
def enable(cls, workspace_role):

View File

@ -2,7 +2,7 @@ from atst.domain.roles import Roles
from atst.domain.authz import Authorization
from atst.models.permissions import Permissions
from atst.domain.users import Users
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.models.workspace_role import Status as WorkspaceRoleStatus
from .query import WorkspacesQuery
@ -95,8 +95,8 @@ class Workspaces(object):
@classmethod
def add_member(cls, workspace, member, role_name):
workspace_user = WorkspaceUsers.add(member, workspace.id, role_name)
return workspace_user
workspace_role = WorkspaceRoles.add(member, workspace.id, role_name)
return workspace_role
@classmethod
def update_member(cls, user, workspace, member, role_name):
@ -107,7 +107,7 @@ class Workspaces(object):
"edit workspace member",
)
return WorkspaceUsers.update_role(member, workspace.id, role_name)
return WorkspaceRoles.update_role(member, workspace.id, role_name)
@classmethod
def _create_workspace_role(

View File

@ -4,7 +4,6 @@ from sqlalchemy.orm import relationship
from atst.models import Base
from atst.models.types import Id
from atst.models import mixins
from atst.models.workspace_user import WorkspaceUser
from atst.utils import first_or_none
@ -39,7 +38,7 @@ class Workspace(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
@property
def members(self):
return [WorkspaceUser(role.user, role) for role in self.roles]
return self.roles
@property
def displayname(self):

View File

@ -6,6 +6,11 @@ from sqlalchemy.orm import relationship
from atst.models import Base, mixins
from .types import Id
from atst.database import db
from atst.models.environment_role import EnvironmentRole
from atst.models.project import Project
from atst.models.environment import Environment
class Status(Enum):
ACTIVE = "active"
@ -61,6 +66,46 @@ class WorkspaceRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
def has_dod_id_error(self):
return self.latest_invitation and self.latest_invitation.is_rejected_wrong_user
@property
def role_name(self):
return self.role.name
@property
def user_name(self):
return self.user.full_name
@property
def role_displayname(self):
return self.role.display_name
@property
def num_environment_roles(self):
return (
db.session.query(EnvironmentRole)
.join(EnvironmentRole.environment)
.join(Environment.project)
.join(Project.workspace)
.filter(Project.workspace_id == self.workspace_id)
.filter(EnvironmentRole.user_id == self.user_id)
.count()
)
@property
def environment_roles(self):
return (
db.session.query(EnvironmentRole)
.join(EnvironmentRole.environment)
.join(Environment.project)
.join(Project.workspace)
.filter(Project.workspace_id == self.workspace_id)
.filter(EnvironmentRole.user_id == self.user_id)
.all()
)
@property
def has_environment_roles(self):
return self.num_environment_roles > 0
Index(
"workspace_role_user_workspace",

View File

@ -1,75 +0,0 @@
from atst.database import db
from atst.models.environment_role import EnvironmentRole
from atst.models.project import Project
from atst.models.environment import Environment
class WorkspaceUser(object):
def __init__(self, user, workspace_role):
self.user = user
self.workspace_role = workspace_role
@property
def workspace(self):
return self.workspace_role.workspace
@property
def workspace_id(self):
return self.workspace_role.workspace_id
@property
def user_id(self):
return self.user.id
@property
def user_name(self):
return self.user.full_name
@property
def role(self):
return self.workspace_role.role.name
@property
def role_displayname(self):
return self.workspace_role.role.display_name
@property
def status(self):
return self.workspace_role.display_status
@property
def has_dod_id_error(self):
return self.workspace_role.has_dod_id_error
@property
def num_environment_roles(self):
return (
db.session.query(EnvironmentRole)
.join(EnvironmentRole.environment)
.join(Environment.project)
.join(Project.workspace)
.filter(Project.workspace_id == self.workspace_id)
.filter(EnvironmentRole.user_id == self.user_id)
.count()
)
@property
def environment_roles(self):
return (
db.session.query(EnvironmentRole)
.join(EnvironmentRole.environment)
.join(Environment.project)
.join(Project.workspace)
.filter(Project.workspace_id == self.workspace_id)
.filter(EnvironmentRole.user_id == self.user_id)
.all()
)
@property
def has_environment_roles(self):
return self.num_environment_roles > 0
def __repr__(self):
return "<WorkspaceUser(user='{}', role='{}', workspace='{}', num_environment_roles='{}')>".format(
self.user_name, self.role, self.workspace.name, self.num_environment_roles
)

View File

@ -14,7 +14,7 @@ from atst.domain.exceptions import UnauthorizedError, AlreadyExistsError
from atst.domain.projects import Projects
from atst.domain.reports import Reports
from atst.domain.workspaces import Workspaces
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.domain.environments import Environments
from atst.domain.environment_roles import EnvironmentRoles
from atst.forms.project import NewProjectForm, ProjectForm
@ -109,7 +109,7 @@ def workspace_members(workspace_id):
members_list = [
{
"name": k.user_name,
"status": k.status,
"status": k.display_status,
"id": k.user_id,
"role": k.role_displayname,
"num_env": k.num_environment_roles,
@ -258,9 +258,7 @@ def create_member(workspace_id):
if form.validate():
try:
new_member = Workspaces.create_member(g.current_user, workspace, form.data)
invite = Invitations.create(
new_member.workspace_role, g.current_user, new_member.user
)
invite = Invitations.create(new_member, g.current_user, new_member.user)
send_invite_email(
g.current_user.full_name, invite.token, new_member.user.email
)
@ -291,7 +289,7 @@ def view_member(workspace_id, member_id):
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id)
member = WorkspaceRoles.get(workspace_id, member_id)
projects = Projects.get_all(g.current_user, member, workspace)
form = EditMemberForm(workspace_role=member.role)
editable = g.current_user == member.user
@ -319,7 +317,7 @@ def update_member(workspace_id, member_id):
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id)
member = WorkspaceRoles.get(workspace_id, member_id)
ids_and_roles = []
form_dict = http_request.form.to_dict()

View File

@ -11,7 +11,7 @@ from atst.domain.users import Users
from atst.domain.requests import Requests
from atst.domain.workspaces import Workspaces
from atst.domain.projects import Projects
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.domain.exceptions import AlreadyExistsError
from tests.factories import RequestFactory, TaskOrderFactory
from atst.routes.dev import _DEV_USERS as DEV_USERS
@ -74,9 +74,9 @@ def seed_db():
workspace = Workspaces.create(
request, name="{}'s workspace".format(user.first_name)
)
for workspace_user in WORKSPACE_USERS:
ws_user = Workspaces.create_member(user, workspace, workspace_user)
WorkspaceUsers.enable(ws_user.workspace_role)
for workspace_role in WORKSPACE_USERS:
ws_user = Workspaces.create_member(user, workspace, workspace_role)
WorkspaceRoles.enable(ws_user.workspace_role)
Projects.create(
user,

View File

@ -1,6 +1,6 @@
from atst.domain.environments import Environments
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from tests.factories import UserFactory, WorkspaceFactory
@ -37,12 +37,12 @@ def test_update_environment_roles():
{"id": staging_env.id, "role": "developer"},
]
workspace_user = workspace.members[0]
workspace_role = workspace.members[0]
Environments.update_environment_roles(
owner, workspace, workspace_user, new_ids_and_roles
owner, workspace, workspace_role, new_ids_and_roles
)
new_dev_env_role = EnvironmentRoles.get(workspace_user.user.id, dev_env.id)
staging_env_role = EnvironmentRoles.get(workspace_user.user.id, staging_env.id)
new_dev_env_role = EnvironmentRoles.get(workspace_role.user.id, dev_env.id)
staging_env_role = EnvironmentRoles.get(workspace_role.user.id, staging_env.id)
assert new_dev_env_role.role == "billing_admin"
assert staging_env_role.role == "developer"
@ -88,12 +88,12 @@ def test_remove_environment_role():
{"id": now_none, "role": None},
]
workspace_user = WorkspaceUsers.get(workspace.id, developer.id)
workspace_role = WorkspaceRoles.get(workspace.id, developer.id)
Environments.update_environment_roles(
owner, workspace, workspace_user, new_environment_roles
owner, workspace, workspace_role, new_environment_roles
)
assert workspace_user.num_environment_roles == 2
assert workspace_role.num_environment_roles == 2
assert EnvironmentRoles.get(developer.id, now_ba).role == "billing_auditor"
assert EnvironmentRoles.get(developer.id, now_none) is None
assert EnvironmentRoles.get(developer.id, still_fa).role == "financial_auditor"

View File

@ -1,4 +1,4 @@
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.domain.users import Users
from atst.models.workspace_role import Status as WorkspaceRoleStatus
from atst.domain.roles import Roles
@ -11,40 +11,34 @@ from tests.factories import (
)
def test_can_create_new_workspace_user():
def test_can_create_new_workspace_role():
workspace = WorkspaceFactory.create()
new_user = UserFactory.create()
workspace_user_dicts = [{"id": new_user.id, "workspace_role": "owner"}]
workspace_users = WorkspaceUsers.add_many(workspace.id, workspace_user_dicts)
workspace_role_dicts = [{"id": new_user.id, "workspace_role": "owner"}]
workspace_roles = WorkspaceRoles.add_many(workspace.id, workspace_role_dicts)
assert workspace_users[0].user.id == new_user.id
assert workspace_users[0].user.atat_role.name == new_user.atat_role.name
assert (
workspace_users[0].workspace_role.role.name
== new_user.workspace_roles[0].role.name
)
assert workspace_roles[0].user_id == new_user.id
assert workspace_roles[0].user.atat_role.name == new_user.atat_role.name
assert workspace_roles[0].role.name == new_user.workspace_roles[0].role.name
def test_can_update_existing_workspace_user():
def test_can_update_existing_workspace_role():
workspace = WorkspaceFactory.create()
new_user = UserFactory.create()
WorkspaceUsers.add_many(
WorkspaceRoles.add_many(
workspace.id, [{"id": new_user.id, "workspace_role": "owner"}]
)
workspace_users = WorkspaceUsers.add_many(
workspace_roles = WorkspaceRoles.add_many(
workspace.id, [{"id": new_user.id, "workspace_role": "developer"}]
)
assert workspace_users[0].user.atat_role.name == new_user.atat_role.name
assert (
workspace_users[0].workspace_role.role.name
== new_user.workspace_roles[0].role.name
)
assert workspace_roles[0].user.atat_role.name == new_user.atat_role.name
assert workspace_roles[0].role.name == new_user.workspace_roles[0].role.name
def test_workspace_user_permissions():
def test_workspace_role_permissions():
workspace_one = WorkspaceFactory.create()
workspace_two = WorkspaceFactory.create()
new_user = UserFactory.create()
@ -61,5 +55,5 @@ def test_workspace_user_permissions():
status=WorkspaceRoleStatus.PENDING,
)
assert WorkspaceUsers.workspace_user_permissions(workspace_one, new_user)
assert not WorkspaceUsers.workspace_user_permissions(workspace_two, new_user)
assert WorkspaceRoles.workspace_role_permissions(workspace_one, new_user)
assert not WorkspaceRoles.workspace_role_permissions(workspace_two, new_user)

View File

@ -3,7 +3,7 @@ from uuid import uuid4
from atst.domain.exceptions import NotFoundError, UnauthorizedError
from atst.domain.workspaces import Workspaces
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.domain.projects import Projects
from atst.domain.environments import Environments
from atst.models.workspace_role import Status as WorkspaceRoleStatus
@ -75,13 +75,13 @@ def test_get_for_update_projects_allows_owner(workspace, workspace_owner):
def test_get_for_update_projects_blocks_developer(workspace):
developer = UserFactory.create()
WorkspaceUsers.add(developer, workspace.id, "developer")
WorkspaceRoles.add(developer, workspace.id, "developer")
with pytest.raises(UnauthorizedError):
Workspaces.get_for_update_projects(developer, workspace.id)
def test_can_create_workspace_user(workspace, workspace_owner):
def test_can_create_workspace_role(workspace, workspace_owner):
user_data = {
"first_name": "New",
"last_name": "User",
@ -111,7 +111,7 @@ def test_can_add_existing_user_to_workspace(workspace, workspace_owner):
assert not new_member.user.provisional
def test_need_permission_to_create_workspace_user(workspace, workspace_owner):
def test_need_permission_to_create_workspace_role(workspace, workspace_owner):
random_user = UserFactory.create()
user_data = {
@ -126,7 +126,7 @@ def test_need_permission_to_create_workspace_user(workspace, workspace_owner):
Workspaces.create_member(random_user, workspace, user_data)
def test_update_workspace_user_role(workspace, workspace_owner):
def test_update_workspace_role_role(workspace, workspace_owner):
user_data = {
"first_name": "New",
"last_name": "User",
@ -141,10 +141,10 @@ def test_update_workspace_user_role(workspace, workspace_owner):
workspace_owner, workspace, member, role_name
)
assert updated_member.workspace == workspace
assert updated_member.role == role_name
assert updated_member.role_name == role_name
def test_need_permission_to_update_workspace_user_role(workspace, workspace_owner):
def test_need_permission_to_update_workspace_role_role(workspace, workspace_owner):
random_user = UserFactory.create()
user_data = {
"first_name": "New",

View File

@ -3,7 +3,7 @@ import datetime
from atst.domain.environments import Environments
from atst.domain.workspaces import Workspaces
from atst.domain.projects import Projects
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.models.workspace_role import Status
from atst.models.invitation import Status as InvitationStatus
from tests.factories import (
@ -25,9 +25,9 @@ def test_has_no_environment_roles():
}
workspace = Workspaces.create(RequestFactory.create(creator=owner))
workspace_user = Workspaces.create_member(owner, workspace, developer_data)
workspace_role = Workspaces.create_member(owner, workspace, developer_data)
assert not workspace_user.has_environment_roles
assert not workspace_role.has_environment_roles
def test_has_environment_roles():
@ -41,12 +41,12 @@ def test_has_environment_roles():
}
workspace = Workspaces.create(RequestFactory.create(creator=owner))
workspace_user = Workspaces.create_member(owner, workspace, developer_data)
workspace_role = Workspaces.create_member(owner, workspace, developer_data)
project = Projects.create(
owner, workspace, "my test project", "It's mine.", ["dev", "staging", "prod"]
)
Environments.add_member(project.environments[0], workspace_user.user, "developer")
assert workspace_user.has_environment_roles
Environments.add_member(project.environments[0], workspace_role.user, "developer")
assert workspace_role.has_environment_roles
def test_role_displayname():
@ -60,9 +60,9 @@ def test_role_displayname():
}
workspace = Workspaces.create(RequestFactory.create(creator=owner))
workspace_user = Workspaces.create_member(owner, workspace, developer_data)
workspace_role = Workspaces.create_member(owner, workspace, developer_data)
assert workspace_user.role_displayname == "Developer"
assert workspace_role.role_displayname == "Developer"
def test_status_when_member_is_active():

View File

@ -8,11 +8,11 @@ from tests.factories import (
InvitationFactory,
)
from atst.domain.workspaces import Workspaces
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.workspace_roles import WorkspaceRoles
from atst.domain.projects import Projects
from atst.domain.environments import Environments
from atst.domain.environment_roles import EnvironmentRoles
from atst.models.workspace_user import WorkspaceUser
from atst.models.workspace_role import WorkspaceRole
from atst.models.workspace_role import Status as WorkspaceRoleStatus
from atst.models.invitation import Status as InvitationStatus
from atst.queue import queue
@ -202,7 +202,7 @@ def test_permissions_for_view_member(client, user_session):
user = UserFactory.create()
workspace = WorkspaceFactory.create()
Workspaces._create_workspace_role(user, workspace, "developer")
member = WorkspaceUsers.add(user, workspace.id, "developer")
member = WorkspaceRoles.add(user, workspace.id, "developer")
user_session(user)
response = client.post(
url_for("workspaces.view_member", workspace_id=workspace.id, member_id=user.id),
@ -214,7 +214,7 @@ def test_permissions_for_view_member(client, user_session):
def test_update_member_workspace_role(client, user_session):
workspace = WorkspaceFactory.create()
user = UserFactory.create()
member = WorkspaceUsers.add(user, workspace.id, "developer")
member = WorkspaceRoles.add(user, workspace.id, "developer")
user_session(workspace.owner)
response = client.post(
url_for(
@ -224,13 +224,13 @@ def test_update_member_workspace_role(client, user_session):
follow_redirects=True,
)
assert response.status_code == 200
assert member.role == "security_auditor"
assert member.role_name == "security_auditor"
def test_update_member_workspace_role_with_no_data(client, user_session):
workspace = WorkspaceFactory.create()
user = UserFactory.create()
member = WorkspaceUsers.add(user, workspace.id, "developer")
member = WorkspaceRoles.add(user, workspace.id, "developer")
user_session(workspace.owner)
response = client.post(
url_for(
@ -240,13 +240,13 @@ def test_update_member_workspace_role_with_no_data(client, user_session):
follow_redirects=True,
)
assert response.status_code == 200
assert member.role == "developer"
assert member.role_name == "developer"
def test_update_member_environment_role(client, user_session):
workspace = WorkspaceFactory.create()
user = UserFactory.create()
member = WorkspaceUsers.add(user, workspace.id, "developer")
member = WorkspaceRoles.add(user, workspace.id, "developer")
project = Projects.create(
workspace.owner,
workspace,
@ -278,7 +278,7 @@ def test_update_member_environment_role(client, user_session):
def test_update_member_environment_role_with_no_data(client, user_session):
workspace = WorkspaceFactory.create()
user = UserFactory.create()
member = WorkspaceUsers.add(user, workspace.id, "developer")
member = WorkspaceRoles.add(user, workspace.id, "developer")
project = Projects.create(
workspace.owner,
workspace,