diff --git a/atst/domain/environments.py b/atst/domain/environments.py index 16a294fc..9ba60f53 100644 --- a/atst/domain/environments.py +++ b/atst/domain/environments.py @@ -2,7 +2,7 @@ from sqlalchemy.orm.exc import NoResultFound from atst.database import db from atst.models.environment import Environment -from atst.models.environment_role import EnvironmentRole, CSPRole +from atst.models.environment_role import EnvironmentRole from atst.models.project import Project from atst.models.permissions import Permissions from atst.domain.authz import Authorization @@ -27,9 +27,9 @@ class Environments(object): db.session.commit() @classmethod - def add_member(cls, user, environment, member, role=CSPRole.NONSENSE_ROLE): + def add_member(cls, user, environment, member, role=None): environment_user = EnvironmentRole( - user=member, environment=environment, role=role.value + user=member, environment=environment, role=role ) db.session.add(environment_user) db.session.commit() @@ -57,9 +57,9 @@ class Environments(object): return env @classmethod - def update_environment_role(cls, ids_and_roles, workspace_user): + def update_environment_role(cls, user, ids_and_roles, workspace_user): Authorization.check_workspace_permission( - workspace_user.user, + user, workspace_user.workspace, Permissions.ADD_AND_ASSIGN_CSP_ROLES, "assign environment roles", diff --git a/atst/domain/projects.py b/atst/domain/projects.py index 94ad6a39..cac6d4fa 100644 --- a/atst/domain/projects.py +++ b/atst/domain/projects.py @@ -51,9 +51,9 @@ class Projects(object): ) @classmethod - def get_all(cls, workspace_user, workspace): + def get_all(cls, user, workspace_user, workspace): Authorization.check_workspace_permission( - workspace_user.user, + user, workspace, Permissions.VIEW_APPLICATION_IN_WORKSPACE, "view project in workspace", diff --git a/atst/models/environment_role.py b/atst/models/environment_role.py index f396d9cd..bbfe0710 100644 --- a/atst/models/environment_role.py +++ b/atst/models/environment_role.py @@ -26,18 +26,6 @@ class EnvironmentRole(Base, mixins.TimestampsMixin): user_id = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=False) user = relationship("User", backref="environment_roles") - @classmethod - def get(cls, user_id, environment_id): - existing_env_role = ( - db.session.query(EnvironmentRole) - .filter( - EnvironmentRole.user_id == user_id, - EnvironmentRole.environment_id == environment_id, - ) - .one_or_none() - ) - return existing_env_role - Index( "environments_role_user_environment", diff --git a/atst/routes/workspaces.py b/atst/routes/workspaces.py index 12a21573..021159d8 100644 --- a/atst/routes/workspaces.py +++ b/atst/routes/workspaces.py @@ -216,7 +216,7 @@ def view_member(workspace_id, member_id): "edit this workspace user", ) member = WorkspaceUsers.get(workspace_id, member_id) - projects = Projects.get_all(member, workspace) + projects = Projects.get_all(g.current_user, member, workspace) form = EditMemberForm(workspace_role=member.role, environment_role="") return render_template( "workspaces/members/edit.html", @@ -259,7 +259,7 @@ def update_member(workspace_id, member_id): ) new_role_name = member.role_displayname - Environments.update_environment_role(ids_and_roles, member) + Environments.update_environment_role(g.current_user, ids_and_roles, member) return redirect( url_for( diff --git a/tests/domain/test_environments.py b/tests/domain/test_environments.py new file mode 100644 index 00000000..d4ddce37 --- /dev/null +++ b/tests/domain/test_environments.py @@ -0,0 +1,45 @@ +import pytest +from uuid import uuid4 + +from atst.domain.environments import Environments +from atst.domain.environment_roles import EnvironmentRoles +from atst.domain.projects import Projects +from atst.domain.workspaces import Workspaces +from atst.domain.workspace_users import WorkspaceUsers +from atst.domain.exceptions import NotFoundError + +from tests.factories import RequestFactory, UserFactory + + +def test_update_environment_roles(): + owner = UserFactory.create() + developer_data = { + "dod_id": "1234567890", + "first_name": "Test", + "last_name": "User", + "email": "test.user@mail.com", + "workspace_role": "developer", + } + + workspace = Workspaces.create(RequestFactory.create(creator=owner)) + workspace_user = Workspaces.create_member(owner, workspace, developer_data) + project = Projects.create( + owner, workspace, "my test project", "It's mine.", ["dev", "staging", "prod"] + ) + + dev_env = project.environments[0] + staging_env = project.environments[1] + Environments.add_member(owner, dev_env, workspace_user.user, role="devops") + Environments.add_member(owner, staging_env, workspace_user.user, role="developer") + + new_ids_and_roles = [ + {"id": dev_env.id, "role": "billing_admin"}, + {"id": staging_env.id, "role": "developer"}, + ] + + Environments.update_environment_role(owner, new_ids_and_roles, workspace_user) + new_dev_env_role = EnvironmentRoles.get(workspace_user.user.id, dev_env.id) + staging_env_role = EnvironmentRoles.get(workspace_user.user.id, staging_env.id) + + assert new_dev_env_role.role == "billing_admin" + assert staging_env_role.role == "developer"