Merge pull request #775 from dod-ccpo/portfolio-route-cleanup
Portfolio route cleanup
This commit is contained in:
dandds
GitHub
commit
383177a87e
@ -233,6 +233,8 @@ def remove_member(portfolio_id, user_id):
|
||||
)
|
||||
|
||||
portfolio_role = PortfolioRoles.get(portfolio_id=portfolio_id, user_id=user_id)
|
||||
# TODO: should this cascade and disable any application and environment
|
||||
# roles they might have?
|
||||
PortfolioRoles.disable(portfolio_role=portfolio_role)
|
||||
|
||||
flash("portfolio_member_removed", member_name=portfolio_role.user.full_name)
|
||||
|
||||
@ -48,7 +48,14 @@ def accept_invitation(token):
|
||||
def revoke_invitation(portfolio_id, token):
|
||||
Invitations.revoke(token)
|
||||
|
||||
return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id))
|
||||
return redirect(
|
||||
url_for(
|
||||
"portfolios.portfolio_admin",
|
||||
portfolio_id=portfolio_id,
|
||||
_anchor="portfolio-members",
|
||||
fragment="portfolio-members",
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
@portfolios_bp.route(
|
||||
@ -59,4 +66,11 @@ def resend_invitation(portfolio_id, token):
|
||||
invite = Invitations.resend(g.current_user, token)
|
||||
send_invite_email(g.current_user.full_name, invite.token, invite.email)
|
||||
flash("resend_portfolio_invitation", user_name=invite.user_name)
|
||||
return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id))
|
||||
return redirect(
|
||||
url_for(
|
||||
"portfolios.portfolio_admin",
|
||||
portfolio_id=portfolio_id,
|
||||
fragment="portfolio-members",
|
||||
_anchor="portfolio-members",
|
||||
)
|
||||
)
|
||||
|
||||
@ -1,17 +1,10 @@
|
||||
import re
|
||||
|
||||
from flask import render_template, request as http_request, g, redirect, url_for
|
||||
|
||||
from . import portfolios_bp
|
||||
from atst.domain.exceptions import AlreadyExistsError
|
||||
from atst.domain.applications import Applications
|
||||
from atst.domain.portfolios import Portfolios
|
||||
from atst.domain.portfolio_roles import PortfolioRoles, MEMBER_STATUS_CHOICES
|
||||
from atst.domain.environments import Environments
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.services.invitation import Invitation as InvitationService
|
||||
import atst.forms.portfolio_member as member_forms
|
||||
from atst.forms.data import ENVIRONMENT_ROLES, ENV_ROLE_MODAL_DESCRIPTION
|
||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||
from atst.models.permissions import Permissions
|
||||
|
||||
@ -33,43 +26,6 @@ def serialize_portfolio_role(portfolio_role):
|
||||
}
|
||||
|
||||
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/members")
|
||||
@user_can(Permissions.VIEW_PORTFOLIO_USERS, message="view portfolio members")
|
||||
def portfolio_members(portfolio_id):
|
||||
portfolio = Portfolios.get_for_update(portfolio_id)
|
||||
members_list = [serialize_portfolio_role(k) for k in portfolio.members]
|
||||
|
||||
return render_template(
|
||||
"portfolios/members/index.html",
|
||||
status_choices=MEMBER_STATUS_CHOICES,
|
||||
members=members_list,
|
||||
)
|
||||
|
||||
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/applications/<application_id>/members")
|
||||
@user_can(Permissions.VIEW_APPLICATION_MEMBER, message="view application members")
|
||||
def application_members(portfolio_id, application_id):
|
||||
portfolio = Portfolios.get_for_update(portfolio_id)
|
||||
application = Applications.get(application_id, portfolio_id=portfolio_id)
|
||||
# TODO: this should show only members that have env roles in this application
|
||||
members_list = [serialize_portfolio_role(k) for k in portfolio.members]
|
||||
|
||||
return render_template(
|
||||
"portfolios/applications/members.html",
|
||||
application=application,
|
||||
members=members_list,
|
||||
)
|
||||
|
||||
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/members/new")
|
||||
@user_can(
|
||||
Permissions.CREATE_PORTFOLIO_USERS, message="view create new portfolio member form"
|
||||
)
|
||||
def new_member(portfolio_id):
|
||||
form = member_forms.NewForm()
|
||||
return render_template("portfolios/members/new.html", form=form)
|
||||
|
||||
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/members/new", methods=["POST"])
|
||||
@user_can(Permissions.CREATE_PORTFOLIO_USERS, message="create new portfolio member")
|
||||
def create_member(portfolio_id):
|
||||
@ -86,84 +42,19 @@ def create_member(portfolio_id):
|
||||
|
||||
flash("new_portfolio_member", new_member=member, portfolio=portfolio)
|
||||
|
||||
return redirect(
|
||||
url_for(
|
||||
"portfolios.portfolio_admin",
|
||||
portfolio_id=portfolio_id,
|
||||
fragment="portfolio-members",
|
||||
_anchor="portfolio-members",
|
||||
)
|
||||
)
|
||||
except AlreadyExistsError:
|
||||
return render_template(
|
||||
"error.html", message="There was an error processing your request."
|
||||
)
|
||||
else:
|
||||
return render_template("portfolios/members/new.html", form=form)
|
||||
pass
|
||||
# TODO: flash error message
|
||||
|
||||
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/members/<member_id>/member_edit")
|
||||
@user_can(Permissions.VIEW_PORTFOLIO_USERS, message="view portfolio member")
|
||||
def view_member(portfolio_id, member_id):
|
||||
portfolio = Portfolios.get(g.current_user, portfolio_id)
|
||||
member = PortfolioRoles.get(portfolio_id, member_id)
|
||||
applications = Applications.get_all(portfolio)
|
||||
form = member_forms.EditForm(portfolio_role="admin")
|
||||
editable = g.current_user == member.user
|
||||
can_revoke_access = Portfolios.can_revoke_access_for(portfolio, member)
|
||||
|
||||
if member.has_dod_id_error:
|
||||
flash("portfolio_member_dod_id_error")
|
||||
|
||||
return render_template(
|
||||
"portfolios/members/edit.html",
|
||||
member=member,
|
||||
applications=applications,
|
||||
form=form,
|
||||
choices=ENVIRONMENT_ROLES,
|
||||
env_role_modal_description=ENV_ROLE_MODAL_DESCRIPTION,
|
||||
EnvironmentRoles=EnvironmentRoles,
|
||||
editable=editable,
|
||||
can_revoke_access=can_revoke_access,
|
||||
)
|
||||
|
||||
|
||||
# TODO: check if member_id is consistent with other routes here;
|
||||
# user ID vs portfolio role ID
|
||||
@portfolios_bp.route(
|
||||
"/portfolios/<portfolio_id>/members/<member_id>/member_edit", methods=["POST"]
|
||||
)
|
||||
@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio member")
|
||||
def update_member(portfolio_id, member_id):
|
||||
member = PortfolioRoles.get(portfolio_id, member_id)
|
||||
|
||||
ids_and_roles = []
|
||||
form_dict = http_request.form.to_dict()
|
||||
for entry in form_dict:
|
||||
if re.match("env_", entry):
|
||||
env_id = entry[4:]
|
||||
env_role = form_dict[entry] or None
|
||||
ids_and_roles.append({"id": env_id, "role": env_role})
|
||||
|
||||
form = member_forms.EditForm(http_request.form)
|
||||
if form.validate():
|
||||
member = Portfolios.update_member(member, form.data["permission_sets"])
|
||||
updated_roles = Environments.update_environment_roles(member, ids_and_roles)
|
||||
if updated_roles:
|
||||
flash("environment_access_changed")
|
||||
|
||||
return redirect(
|
||||
url_for("portfolios.portfolio_members", portfolio_id=portfolio_id)
|
||||
return redirect(
|
||||
url_for(
|
||||
"portfolios.portfolio_admin",
|
||||
portfolio_id=portfolio_id,
|
||||
fragment="portfolio-members",
|
||||
_anchor="portfolio-members",
|
||||
)
|
||||
else:
|
||||
return render_template("portfolios/members/edit.html", form=form, member=member)
|
||||
|
||||
|
||||
@portfolios_bp.route(
|
||||
"/portfolios/<portfolio_id>/members/<member_id>/revoke_access", methods=["POST"]
|
||||
)
|
||||
@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="revoke portfolio access")
|
||||
def revoke_access(portfolio_id, member_id):
|
||||
revoked_role = Portfolios.revoke_access(portfolio_id, member_id)
|
||||
flash("revoked_portfolio_access", member_name=revoked_role.user.full_name)
|
||||
return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id))
|
||||
)
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
{% extends "audit_log/events/_base.html" %}
|
||||
|
||||
{% block content %}
|
||||
{% endblock %}
|
||||
@ -1,4 +0,0 @@
|
||||
{% extends "audit_log/events/_base.html" %}
|
||||
|
||||
{% block content %}
|
||||
{% endblock %}
|
||||
@ -1,5 +0,0 @@
|
||||
{% extends "audit_log/events/_base.html" %}
|
||||
|
||||
{% block content %}
|
||||
on Request <code>{{ event.request_id }}</code> ({{ event.request.displayname }})
|
||||
{% endblock %}
|
||||
@ -1,4 +0,0 @@
|
||||
{% extends "audit_log/events/_base.html" %}
|
||||
|
||||
{% block content %}
|
||||
{% endblock %}
|
||||
@ -1,17 +0,0 @@
|
||||
{% from "components/icon.html" import Icon %}
|
||||
|
||||
<p>
|
||||
{{ "fragments.pending_ccpo_acceptance_alert.paragraph_1" | translate }}
|
||||
</p>
|
||||
|
||||
<p>
|
||||
{{ "fragments.pending_ccpo_acceptance_alert.paragraph_2" | translate }}
|
||||
</p>
|
||||
|
||||
<div class='alert__actions'>
|
||||
<a href='/help' class='icon-link'>
|
||||
{{ Icon('help') }}
|
||||
{{ "fragments.pending_ccpo_acceptance_alert.learn_more_link_text" | translate }}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
<p>
|
||||
{{ "fragments.pending_ccpo_approval_modal.paragraph_1" | translate }}
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
{{ "fragments.pending_ccpo_approval_modal.paragraph_2" | translate }}
|
||||
</p>
|
||||
@ -1,16 +0,0 @@
|
||||
{% from "components/icon.html" import Icon %}
|
||||
|
||||
<p>
|
||||
{{ "fragments.pending_financial_verification.paragraph_1" | translate }}
|
||||
</p>
|
||||
<p>
|
||||
{{ "fragments.pending_financial_verification.paragraph_2" | translate }}
|
||||
</p>
|
||||
|
||||
<div class='alert__actions'>
|
||||
<a href='/help' class='icon-link'>
|
||||
{{ Icon('help') }}
|
||||
{{ "fragments.pending_financial_verification.learn_more_link_text" | translate }}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -1,216 +0,0 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% from "components/icon.html" import Icon %}
|
||||
{% from "components/modal.html" import Modal %}
|
||||
{% from "components/selector.html" import Selector %}
|
||||
{% from "components/options_input.html" import OptionsInput %}
|
||||
{% from "components/confirmation_button.html" import ConfirmationButton %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
{% include "fragments/flash.html" %}
|
||||
|
||||
<form method="POST" action="{{ url_for('portfolios.update_member', portfolio_id=portfolio.id, member_id=member.user_id) }}" autocomplete="false">
|
||||
{{ form.csrf_token }}
|
||||
|
||||
<div class='member-edit'>
|
||||
<div class="subheading">Edit Portfolio Member</div>
|
||||
<div class="panel">
|
||||
<div class='member-card'>
|
||||
<div class='member-card__header'>
|
||||
<h1 class='member-card__heading'>{{ member.user.full_name }}</h1>
|
||||
|
||||
<div class="usa-input member-card__input">
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{{ "portfolios.members.permissions.app_mgmt" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.funding" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.reporting" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.portfolio_mgmt" | translate }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<td>
|
||||
{{ form.perms_app_mgmt() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_funding() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_reporting() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_portfolio_mgmt() }}
|
||||
</td>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class='member-card__details'>
|
||||
<dl>
|
||||
<div>
|
||||
<dt>DOD ID:</dt>
|
||||
<dd>{{ member.user.dod_id }}</dd>
|
||||
</div>
|
||||
<div>
|
||||
<dt>Email:</dt>
|
||||
<dd>{{ member.user.email }}</dd>
|
||||
</div>
|
||||
</dl>
|
||||
{% if editable %}
|
||||
<a href='{{ url_for("users.user") }}' class='icon-link'>edit account details</a>
|
||||
{% endif %}
|
||||
<div>
|
||||
{% if member.latest_invitation.is_revokable %}
|
||||
{{ ConfirmationButton(
|
||||
"Revoke Invitation",
|
||||
url_for("portfolios.revoke_invitation", portfolio_id=portfolio.id, token=member.latest_invitation.token),
|
||||
) }}
|
||||
{% endif %}
|
||||
{% if member.can_resend_invitation %}
|
||||
{{ ConfirmationButton (
|
||||
"Resend Invitation",
|
||||
url_for("portfolios.resend_invitation", portfolio_id=portfolio.id, token=member.latest_invitation.token),
|
||||
confirm_msg="Are you sure? This will send an email to invite the user to join this portfolio."
|
||||
)}}
|
||||
{% endif %}
|
||||
{% if can_revoke_access %}
|
||||
{{ ConfirmationButton (
|
||||
"Remove Portfolio Access",
|
||||
url_for("portfolios.revoke_access", portfolio_id=portfolio.id, member_id=member.id),
|
||||
confirm_msg="Are you sure? This will remove this user from the portfolio.",
|
||||
)}}
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="manage-access">
|
||||
<div class="subheading">Manage Access</div>
|
||||
<div class="subtitle">Grant access to an environment</div>
|
||||
</div>
|
||||
|
||||
<div class='search-bar'>
|
||||
<div class='usa-input search-input'>
|
||||
<label for='application-search'>Search by application name</label>
|
||||
<input type='search' id='application-search' name='application-search' placeholder="Search by application name"/>
|
||||
<button type="submit">
|
||||
<span class="hide">Search</span>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% for application in applications %}
|
||||
{% set revoke_modal_name = (application.id|string) + 'RevokeModal' %}
|
||||
<edit-application-roles inline-template name="{{ application.name }}" id="{{ application.id }}">
|
||||
<div is='toggler' default-visible class='block-list application-list-item'>
|
||||
<template slot-scope='props'>
|
||||
<header class='block-list__header'>
|
||||
<button v-on:click='props.toggle' class='icon-link icon-link--large icon-link--default spend-table__application__toggler'>
|
||||
<template v-if='props.isVisible'>{{ Icon('caret_down') }}</template>
|
||||
<template v-else>{{ Icon('caret_right') }}</template>
|
||||
<h3 class="block-list__title">{{ application.name }}</h3>
|
||||
</button>
|
||||
<span><a v-on:click="openModal('{{ revoke_modal_name }}')" class="icon-link icon-link--danger">revoke all access</a></span>
|
||||
</header>
|
||||
{% call Modal(name=revoke_modal_name, dismissable=False) %}
|
||||
<div>
|
||||
<h1>Revoke Access</h1>
|
||||
<p>
|
||||
Confirming will revoke access for {{ member.user.full_name }} to any environments associated with {{ application.name }}.
|
||||
</p>
|
||||
<div class='action-group'>
|
||||
<a v-on:click="doRevoke(); closeModal('{{ revoke_modal_name }}')" class='action-group__action usa-button'>Confirm</a>
|
||||
<a class='action-group__action icon-link icon-link--danger' v-on:click="closeModal('{{ revoke_modal_name }}'); cancel();">Cancel</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endcall %}
|
||||
<ul v-show='props.isVisible'>
|
||||
{% for env in application.environments %}
|
||||
|
||||
{% set role = EnvironmentRoles.get(member.user_id, env.id).role %}
|
||||
{% set env_modal_name = (env.id|string) + 'RolesModal' %}
|
||||
|
||||
<li class='block-list__item'>
|
||||
<edit-environment-role inline-template initial-data='{{ role or "" }}' v-bind:choices='{{ choices | tojson }}' v-bind:application-id="'{{ application.id }}'">
|
||||
<div class='application-list-item__environment'>
|
||||
<span class='application-list-item__environment__link'>
|
||||
{{ env.name }}
|
||||
</span>
|
||||
|
||||
<div class='application-list-item__environment__actions'>
|
||||
<span v-bind:class="label_class" v-html:on=displayName></span>
|
||||
<button v-on:click="openModal('{{env_modal_name}}')" type="button" class="icon-link">set role</button>
|
||||
{% call Modal(name=env_modal_name, dismissable=False) %}
|
||||
<div class='block-list'>
|
||||
<div class='block-list__header'>
|
||||
<div>
|
||||
{% if env_role_modal_description %}
|
||||
<h1>{{ env_role_modal_description.header }}</h1>
|
||||
<p>{{ env_role_modal_description.body | safe }}</p>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
<ul>
|
||||
{% for choice in choices %}
|
||||
<li class='block-list__item block-list__item--selectable'>
|
||||
<input
|
||||
name='radio_input_{{ env.id }}'
|
||||
v-on:change.prevent='change'
|
||||
type='radio'
|
||||
id="env_{{ env.id }}_{{ choice[0] }}"
|
||||
value='{{ choice[0] }}'
|
||||
:checked="new_role === '{{ choice[0]}}'"
|
||||
/>
|
||||
<label for="env_{{ env.id }}_{{ choice[0] }}">
|
||||
{% if choice[1].description %}
|
||||
<dl>
|
||||
<dt>{{ choice[1].name }}</dt>
|
||||
<dd>{{ choice[1].description }}</dd>
|
||||
</dl>
|
||||
{% else %}
|
||||
{{ choice[1].name }}
|
||||
{% endif %}
|
||||
</label>
|
||||
</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
<input type='hidden' name='env_{{ env.id }}' v-bind:value='newRole'/>
|
||||
<div class='block-list__footer'>
|
||||
<div class='action-group'>
|
||||
<a v-on:click="closeModal('{{env_modal_name}}')" class='action-group__action usa-button'>Select Access Role</a>
|
||||
<a class='action-group__action icon-link icon-link--danger' v-on:click="closeModal('{{env_modal_name}}'); cancel();" value="{{ value if value == role else role }}" >Cancel</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endcall %}
|
||||
</div>
|
||||
</div>
|
||||
</edit-environment-role>
|
||||
</li>
|
||||
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</template>
|
||||
</div>
|
||||
</edit-application-roles>
|
||||
{% endfor %}
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class='action-group'>
|
||||
<button class='action-group__action usa-button usa-button-big'>
|
||||
{% if is_new_member %}Create{% else %}Save{% endif %}
|
||||
</button>
|
||||
<a href='{{ url_for("portfolios.portfolio_members", portfolio_id=portfolio.id) }}' class='action-group__action icon-link'>
|
||||
{{ Icon('x') }}
|
||||
<span>Cancel</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
{% endblock %}
|
||||
@ -1,112 +0,0 @@
|
||||
{% extends "portfolios/base.html" %}
|
||||
|
||||
{% from "components/empty_state.html" import EmptyState %}
|
||||
{% from "components/icon.html" import Icon %}
|
||||
|
||||
{% set secondary_breadcrumb = 'Portfolio Team Management' %}
|
||||
|
||||
{% block portfolio_content %}
|
||||
|
||||
{% if not portfolio.members %}
|
||||
|
||||
{% set user_can_invite = user_can(permissions.CREATE_PORTFOLIO_USERS) %}
|
||||
|
||||
{{ EmptyState(
|
||||
'There are currently no members in this Portfolio.',
|
||||
action_label='Invite a new Member' if user_can_invite else None,
|
||||
action_href='/members/new' if user_can_invite else None,
|
||||
sub_message=None if user_can_invite else 'Please contact your JEDI Cloud portfolio administrator to invite new members.',
|
||||
icon='avatar'
|
||||
) }}
|
||||
|
||||
|
||||
{% else %}
|
||||
|
||||
{% include "fragments/flash.html" %}
|
||||
|
||||
<members-list
|
||||
inline-template
|
||||
id="search-template"
|
||||
class='member-list'
|
||||
v-bind:members='{{ members | tojson}}'
|
||||
v-bind:status_choices='{{ status_choices | tojson}}'>
|
||||
<div>
|
||||
<form class='search-bar' @submit.prevent>
|
||||
<div class='usa-input search-input'>
|
||||
<label for='members-search'>Search members by name</label>
|
||||
<input v-model='searchValue' type='search' id='members-search' name='members-search' placeholder="Search by name"/>
|
||||
<button type="button"></button>
|
||||
</div>
|
||||
|
||||
<div class="search-bar__filters">
|
||||
<div class='usa-input'>
|
||||
<label for='filter-status'>Filter members by status</label>
|
||||
<select v-model="status" id="filter-status" name="filter-status">
|
||||
<option value="" selected disabled>Filter by status</option>
|
||||
<option value="all">View All</option>
|
||||
{% for status in status_choices %}
|
||||
<option value='{{ status.name }}'>{{ status.display_name }}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<div class='responsive-table-wrapper panel'>
|
||||
<table v-cloak v-if='searchedList && searchedList.length'>
|
||||
<thead>
|
||||
<tr>
|
||||
<th v-for="col in getColumns()" @click="updateSort(col.displayName)" :width="col.width" :class="col.class" scope="col">
|
||||
!{ col.displayName }
|
||||
<span class="sorting-direction" v-if="col.displayName === sortInfo.columnName && sortInfo.isAscending">
|
||||
{{ Icon("caret_down") }}
|
||||
</span>
|
||||
<span class="sorting-direction" v-if="col.displayName === sortInfo.columnName && !sortInfo.isAscending">
|
||||
{{ Icon("caret_up") }}
|
||||
</span>
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<tr v-for='member in searchedList'>
|
||||
<td>
|
||||
<a :href="member.edit_link" class="icon-link icon-link--large" v-html="member.name"></a>
|
||||
</td>
|
||||
<td class="table-cell--align-center" v-if='member.num_env'>
|
||||
<span v-html="member.num_env"></span>
|
||||
</td>
|
||||
<td class='table-cell--shrink' v-else>
|
||||
<span class="label label--info">No Environment Access</span>
|
||||
</td>
|
||||
<td v-html="member.status"></td>
|
||||
<td v-html="member.role"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="add-member-link" colspan=4>
|
||||
<a class="icon-link" href="{{ url_for('portfolios.new_member', portfolio_id=portfolio.id) }}">
|
||||
Add A New Member
|
||||
{{ Icon('plus', classes='icon--circle') }}
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<div v-else>
|
||||
{{ EmptyState(
|
||||
'No members found.',
|
||||
action_label=None,
|
||||
action_href=None,
|
||||
sub_message='Please try a different search.',
|
||||
icon=None
|
||||
) }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</members-list>
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% endblock %}
|
||||
|
||||
@ -1,66 +0,0 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% from "components/icon.html" import Icon %}
|
||||
{% from "components/text_input.html" import TextInput %}
|
||||
{% from "components/options_input.html" import OptionsInput %}
|
||||
{% from "components/selector.html" import Selector %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
<form method="POST" action="{{ url_for('portfolios.create_member', portfolio_id=portfolio.id) }}" autocomplete="false">
|
||||
{{ form.csrf_token }}
|
||||
|
||||
<div class="panel">
|
||||
|
||||
<div class="panel__heading">
|
||||
<h1>New Member</h1>
|
||||
<div class="subtitle"><h2>Account Details</h2></div>
|
||||
</div>
|
||||
|
||||
<div class="panel__content">
|
||||
{{ TextInput(form.first_name) }}
|
||||
{{ TextInput(form.last_name) }}
|
||||
{{ TextInput(form.email,placeholder='jane@mail.mil', validation='email') }}
|
||||
{{ TextInput(form.dod_id,placeholder='10-digit number on the back of the CAC', validation='dodId') }}
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{{ "portfolios.members.permissions.app_mgmt" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.funding" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.reporting" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.portfolio_mgmt" | translate }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<td>
|
||||
{{ form.perms_app_mgmt() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_funding() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_reporting() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_portfolio_mgmt() }}
|
||||
</td>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class='action-group'>
|
||||
<button class="usa-button usa-button-big usa-button-primary" tabindex="0">Add User</button>
|
||||
<a href='{{ url_for("portfolios.portfolio_members", portfolio_id=portfolio.id) }}' class='action-group__action icon-link'>
|
||||
{{ Icon('x') }}
|
||||
<span>Cancel</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
|
||||
</form>
|
||||
|
||||
|
||||
|
||||
|
||||
{% endblock %}
|
||||
@ -1,12 +0,0 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
<main class="usa-section usa-content">
|
||||
|
||||
<h1>Users</h1>
|
||||
|
||||
</main>
|
||||
|
||||
{% endblock %}
|
||||
|
||||
@ -245,16 +245,6 @@ def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
|
||||
assert response.status_code == 404
|
||||
assert time_updated == other_application.time_updated
|
||||
|
||||
# user can't view application members
|
||||
response = client.get(
|
||||
url_for(
|
||||
"portfolios.application_members",
|
||||
portfolio_id=portfolio.id,
|
||||
application_id=other_application.id,
|
||||
)
|
||||
)
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def create_environment(user):
|
||||
portfolio = PortfolioFactory.create()
|
||||
|
||||
@ -1,21 +1,8 @@
|
||||
import pytest
|
||||
from flask import url_for
|
||||
|
||||
from tests.factories import (
|
||||
UserFactory,
|
||||
PortfolioFactory,
|
||||
PortfolioRoleFactory,
|
||||
InvitationFactory,
|
||||
)
|
||||
from atst.domain.portfolios import Portfolios
|
||||
from atst.domain.portfolio_roles import PortfolioRoles
|
||||
from atst.domain.applications import Applications
|
||||
from atst.domain.environments import Environments
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from tests.factories import UserFactory, PortfolioFactory
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.queue import queue
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
from atst.models.invitation import Status as InvitationStatus
|
||||
|
||||
_DEFAULT_PERMS_FORM_DATA = {
|
||||
"perms_app_mgmt": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
|
||||
@ -25,65 +12,19 @@ _DEFAULT_PERMS_FORM_DATA = {
|
||||
}
|
||||
|
||||
|
||||
def create_portfolio_and_invite_user(
|
||||
ws_role="developer",
|
||||
ws_status=PortfolioRoleStatus.PENDING,
|
||||
invite_status=InvitationStatus.PENDING,
|
||||
):
|
||||
owner = UserFactory.create()
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
if ws_role != "owner":
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoleFactory.create(
|
||||
user=user, portfolio=portfolio, status=ws_status
|
||||
)
|
||||
InvitationFactory.create(
|
||||
inviter=portfolio.owner,
|
||||
user=user,
|
||||
portfolio_role=member,
|
||||
email=member.user.email,
|
||||
status=invite_status,
|
||||
)
|
||||
return (portfolio, member)
|
||||
else:
|
||||
return (portfolio, portfolio.members[0])
|
||||
|
||||
|
||||
def test_user_with_permission_has_add_member_link(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user_session(portfolio.owner)
|
||||
response = client.get("/portfolios/{}/members".format(portfolio.id))
|
||||
response = client.get(
|
||||
url_for("portfolios.portfolio_admin", portfolio_id=portfolio.id)
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert (
|
||||
'href="/portfolios/{}/members/new"'.format(portfolio.id).encode()
|
||||
url_for("portfolios.create_member", portfolio_id=portfolio.id).encode()
|
||||
in response.data
|
||||
)
|
||||
|
||||
|
||||
def test_user_without_permission_has_no_add_member_link(client, user_session):
|
||||
user = UserFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
Portfolios._create_portfolio_role(user, portfolio)
|
||||
user_session(user)
|
||||
response = client.get("/portfolios/{}/members".format(portfolio.id))
|
||||
assert (
|
||||
'href="/portfolios/{}/members/new"'.format(portfolio.id).encode()
|
||||
not in response.data
|
||||
)
|
||||
|
||||
|
||||
def test_permissions_for_view_member(client, user_session):
|
||||
user = UserFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
Portfolios._create_portfolio_role(user, portfolio)
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
user_session(user)
|
||||
response = client.get(
|
||||
url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id)
|
||||
)
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_create_member(client, user_session):
|
||||
user = UserFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
@ -110,221 +51,3 @@ def test_create_member(client, user_session):
|
||||
assert len(queue.get_queue()) == queue_length + 1
|
||||
portfolio_role = user.portfolio_roles[0]
|
||||
assert len(portfolio_role.permission_sets) == 5
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="permission set display not implemented")
|
||||
def test_view_member_shows_role(client, user_session):
|
||||
user = UserFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
Portfolios._create_portfolio_role(user, portfolio)
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
user_session(portfolio.owner)
|
||||
response = client.get(
|
||||
url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id)
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert "initial-choice='developer'".encode() in response.data
|
||||
|
||||
|
||||
def test_update_member_portfolio_role(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
user_session(portfolio.owner)
|
||||
response = client.post(
|
||||
url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
||||
),
|
||||
data={
|
||||
**_DEFAULT_PERMS_FORM_DATA,
|
||||
"perms_funding": PermissionSets.EDIT_PORTFOLIO_FUNDING,
|
||||
},
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
edit_funding = PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_FUNDING)
|
||||
assert edit_funding in member.permission_sets
|
||||
|
||||
|
||||
def test_update_member_portfolio_role_with_no_data(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
user_session(portfolio.owner)
|
||||
original_perms_len = len(member.permission_sets)
|
||||
response = client.post(
|
||||
url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
||||
),
|
||||
data={},
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert len(member.permission_sets) == original_perms_len
|
||||
|
||||
|
||||
def test_update_member_environment_role(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
application = Applications.create(
|
||||
portfolio,
|
||||
"Snazzy Application",
|
||||
"A new application for me and my friends",
|
||||
{"env1", "env2"},
|
||||
)
|
||||
env1_id = application.environments[0].id
|
||||
env2_id = application.environments[1].id
|
||||
for env in application.environments:
|
||||
Environments.add_member(env, user, "developer")
|
||||
user_session(portfolio.owner)
|
||||
response = client.post(
|
||||
url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
||||
),
|
||||
data={
|
||||
"env_" + str(env1_id): "security_auditor",
|
||||
"env_" + str(env2_id): "devops",
|
||||
**_DEFAULT_PERMS_FORM_DATA,
|
||||
},
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert b"role updated successfully" not in response.data
|
||||
assert b"access successfully changed" in response.data
|
||||
assert EnvironmentRoles.get(user.id, env1_id).role == "security_auditor"
|
||||
assert EnvironmentRoles.get(user.id, env2_id).role == "devops"
|
||||
|
||||
|
||||
def test_update_member_environment_role_with_no_data(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
application = Applications.create(
|
||||
portfolio,
|
||||
"Snazzy Application",
|
||||
"A new application for me and my friends",
|
||||
{"env1"},
|
||||
)
|
||||
env1_id = application.environments[0].id
|
||||
for env in application.environments:
|
||||
Environments.add_member(env, user, "developer")
|
||||
user_session(portfolio.owner)
|
||||
response = client.post(
|
||||
url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
||||
),
|
||||
data={"env_" + str(env1_id): None, "env_" + str(env1_id): ""},
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert b"access successfully changed" not in response.data
|
||||
assert EnvironmentRoles.get(user.id, env1_id).role == "developer"
|
||||
|
||||
|
||||
def test_revoke_active_member_access(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoleFactory.create(
|
||||
portfolio=portfolio, user=user, status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
Applications.create(
|
||||
portfolio,
|
||||
"Snazzy Application",
|
||||
"A new application for me and my friends",
|
||||
{"env1"},
|
||||
)
|
||||
user_session(portfolio.owner)
|
||||
response = client.post(
|
||||
url_for(
|
||||
"portfolios.revoke_access", portfolio_id=portfolio.id, member_id=member.id
|
||||
)
|
||||
)
|
||||
assert response.status_code == 302
|
||||
assert PortfolioRoles.get_by_id(member.id).num_environment_roles == 0
|
||||
|
||||
|
||||
def test_does_not_show_any_buttons_if_owner(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user_session(portfolio.owner)
|
||||
response = client.get(
|
||||
url_for(
|
||||
"portfolios.view_member",
|
||||
portfolio_id=portfolio.id,
|
||||
member_id=portfolio.owner.id,
|
||||
)
|
||||
)
|
||||
assert "Remove Portfolio Access" not in response.data.decode()
|
||||
assert "Resend Invitation" not in response.data.decode()
|
||||
assert "Revoke Invitation" not in response.data.decode()
|
||||
|
||||
|
||||
def test_only_shows_revoke_access_button_if_active(client, user_session):
|
||||
portfolio, member = create_portfolio_and_invite_user(
|
||||
ws_status=PortfolioRoleStatus.ACTIVE, invite_status=InvitationStatus.ACCEPTED
|
||||
)
|
||||
user_session(portfolio.owner)
|
||||
response = client.get(
|
||||
url_for(
|
||||
"portfolios.view_member",
|
||||
portfolio_id=portfolio.id,
|
||||
member_id=member.user.id,
|
||||
)
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert "Remove Portfolio Access" in response.data.decode()
|
||||
assert "Revoke Invitation" not in response.data.decode()
|
||||
assert "Resend Invitation" not in response.data.decode()
|
||||
|
||||
|
||||
def test_only_shows_revoke_invite_button_if_pending(client, user_session):
|
||||
portfolio, member = create_portfolio_and_invite_user(
|
||||
ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.PENDING
|
||||
)
|
||||
user_session(portfolio.owner)
|
||||
# member = next((memb for memb in portfolio.members if memb != portfolio.owner), None)
|
||||
response = client.get(
|
||||
url_for(
|
||||
"portfolios.view_member",
|
||||
portfolio_id=portfolio.id,
|
||||
member_id=member.user.id,
|
||||
)
|
||||
)
|
||||
assert "Revoke Invitation" in response.data.decode()
|
||||
assert "Remove Portfolio Access" not in response.data.decode()
|
||||
assert "Resend Invitation" not in response.data.decode()
|
||||
|
||||
|
||||
def test_only_shows_resend_button_if_expired(client, user_session):
|
||||
portfolio, member = create_portfolio_and_invite_user(
|
||||
ws_status=PortfolioRoleStatus.PENDING,
|
||||
invite_status=InvitationStatus.REJECTED_EXPIRED,
|
||||
)
|
||||
user_session(portfolio.owner)
|
||||
response = client.get(
|
||||
url_for(
|
||||
"portfolios.view_member",
|
||||
portfolio_id=portfolio.id,
|
||||
member_id=member.user.id,
|
||||
)
|
||||
)
|
||||
assert "Resend Invitation" in response.data.decode()
|
||||
assert "Revoke Invitation" not in response.data.decode()
|
||||
assert "Remove Portfolio Access" not in response.data.decode()
|
||||
|
||||
|
||||
def test_only_shows_resend_button_if_revoked(client, user_session):
|
||||
portfolio, member = create_portfolio_and_invite_user(
|
||||
ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.REVOKED
|
||||
)
|
||||
user_session(portfolio.owner)
|
||||
response = client.get(
|
||||
url_for(
|
||||
"portfolios.view_member",
|
||||
portfolio_id=portfolio.id,
|
||||
member_id=member.user.id,
|
||||
)
|
||||
)
|
||||
assert "Resend Invitation" in response.data.decode()
|
||||
assert "Remove Portfolio Access" not in response.data.decode()
|
||||
assert "Revoke Invitation" not in response.data.decode()
|
||||
|
||||
@ -154,30 +154,6 @@ def test_portfolios_access_environment_access(get_url_assert_status):
|
||||
get_url_assert_status(ccpo, url, 404)
|
||||
|
||||
|
||||
# portfolios.application_members
|
||||
def test_portfolios_application_members_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT)
|
||||
owner = user_with()
|
||||
app_dev = user_with()
|
||||
rando = user_with()
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
applications=[{"name": "Mos Eisley", "description": "Where Han shot first"}],
|
||||
)
|
||||
app = portfolio.applications[0]
|
||||
ApplicationRoleFactory.create(application=app, user=app_dev)
|
||||
|
||||
url = url_for(
|
||||
"portfolios.application_members",
|
||||
portfolio_id=portfolio.id,
|
||||
application_id=app.id,
|
||||
)
|
||||
get_url_assert_status(ccpo, url, 200)
|
||||
get_url_assert_status(owner, url, 200)
|
||||
get_url_assert_status(app_dev, url, 200)
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.create_application
|
||||
def test_portfolios_create_application_access(post_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)
|
||||
@ -199,8 +175,8 @@ def test_portfolios_create_member_access(post_url_assert_status):
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
|
||||
url = url_for("portfolios.create_member", portfolio_id=portfolio.id)
|
||||
post_url_assert_status(ccpo, url, 200)
|
||||
post_url_assert_status(owner, url, 200)
|
||||
post_url_assert_status(ccpo, url, 302)
|
||||
post_url_assert_status(owner, url, 302)
|
||||
post_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
@ -327,19 +303,6 @@ def test_portfolios_new_application_access(get_url_assert_status):
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.new_member
|
||||
def test_portfolios_new_member_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)
|
||||
owner = user_with()
|
||||
rando = user_with()
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
|
||||
url = url_for("portfolios.new_member", portfolio_id=portfolio.id)
|
||||
get_url_assert_status(ccpo, url, 200)
|
||||
get_url_assert_status(owner, url, 200)
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.portfolio_admin
|
||||
def test_portfolios_portfolio_admin_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_ADMIN)
|
||||
@ -379,19 +342,6 @@ def test_portfolios_portfolio_funding_access(get_url_assert_status):
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.portfolio_members
|
||||
def test_portfolios_portfolio_members_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_ADMIN)
|
||||
owner = user_with()
|
||||
rando = user_with()
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
|
||||
url = url_for("portfolios.portfolio_members", portfolio_id=portfolio.id)
|
||||
get_url_assert_status(ccpo, url, 200)
|
||||
get_url_assert_status(owner, url, 200)
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.portfolio_reports
|
||||
def test_portfolios_portfolio_reports_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_REPORTS)
|
||||
@ -449,25 +399,6 @@ def test_portfolios_resend_invite_access(post_url_assert_status):
|
||||
post_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.revoke_access
|
||||
def test_portfolios_revoke_access_access(post_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)
|
||||
owner = user_with()
|
||||
rando = user_with()
|
||||
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
|
||||
for user, status in [(ccpo, 302), (owner, 302), (rando, 404)]:
|
||||
prt_member = user_with()
|
||||
prr = PortfolioRoleFactory.create(
|
||||
user=prt_member, portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
url = url_for(
|
||||
"portfolios.revoke_access", portfolio_id=portfolio.id, member_id=prr.id
|
||||
)
|
||||
post_url_assert_status(user, url, status)
|
||||
|
||||
|
||||
# portfolios.revoke_invitation
|
||||
def test_portfolios_revoke_invitation_access(post_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)
|
||||
@ -605,42 +536,6 @@ def test_portfolios_update_application_access(post_url_assert_status):
|
||||
post_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.update_member
|
||||
def test_portfolios_update_member_access(post_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)
|
||||
owner = user_with()
|
||||
rando = user_with()
|
||||
prt_member = user_with()
|
||||
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
PortfolioRoleFactory.create(user=prt_member, portfolio=portfolio)
|
||||
|
||||
url = url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=prt_member.id
|
||||
)
|
||||
post_url_assert_status(owner, url, 200)
|
||||
post_url_assert_status(ccpo, url, 200)
|
||||
post_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.view_member
|
||||
def test_portfolios_view_member_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_ADMIN)
|
||||
owner = user_with()
|
||||
rando = user_with()
|
||||
prt_member = user_with()
|
||||
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
PortfolioRoleFactory.create(user=prt_member, portfolio=portfolio)
|
||||
|
||||
url = url_for(
|
||||
"portfolios.view_member", portfolio_id=portfolio.id, member_id=prt_member.id
|
||||
)
|
||||
get_url_assert_status(owner, url, 200)
|
||||
get_url_assert_status(ccpo, url, 200)
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.view_task_order
|
||||
def test_portfolios_view_task_order_access(get_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_FUNDING)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user