Remove VIEW_{APPLICATION,ENVIRONMENT}_IN_WORKSPACE from some roles

2018-09-10 13:41:48 -04:00 · 2018-09-10 13:41:48 -04:00 · 39a1a5508c
commit 39a1a5508c
parent 89f6c903d1
1 changed files with 49 additions and 0 deletions
--- a/alembic/versions/dea6b8e09d63_remove_view_project_and_environment_.py
+++ b/alembic/versions/dea6b8e09d63_remove_view_project_and_environment_.py
@ -0,0 +1,49 @@
+"""remove view project and environment permissions
+
+Revision ID: dea6b8e09d63
+Revises: ad30159ef19b
+Create Date: 2018-09-10 11:06:00.017222
+
+"""
+from alembic import op
+from sqlalchemy.orm.session import Session
+
+from atst.models.role import Role
+from atst.models.permissions import Permissions
+
+
+# revision identifiers, used by Alembic.
+revision = "dea6b8e09d63"
+down_revision = "ad30159ef19b"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    session = Session(bind=op.get_bind())
+
+    priveleged_role_names = ("owner", "admin", "ccpo")
+    non_priveleged_roles = (
+        session.query(Role).filter(Role.name.notin_(priveleged_role_names)).all()
+    )
+    for role in non_priveleged_roles:
+        role.remove_permission(Permissions.VIEW_APPLICATION_IN_WORKSPACE)
+        role.remove_permission(Permissions.VIEW_ENVIRONMENT_IN_APPLICATION)
+        session.add(role)
+
+    session.commit()
+
+
+def downgrade():
+    session = Session(bind=op.get_bind())
+
+    priveleged_role_names = ("owner", "admin", "ccpo")
+    non_priveleged_roles = (
+        session.query(Role).filter(not Role.name.in_(priveleged_role_names)).all()
+    )
+    for role in non_priveleged_roles:
+        role.add_permission(Permissions.VIEW_APPLICATION_IN_WORKSPACE)
+        role.add_permission(Permissions.VIEW_ENVIRONMENT_IN_APPLICATION)
+        session.add(role)
+
+    session.commit()