Standardize token argument in routes.

- `token` becomes `portfolio_token` in routes.
- Find relevant portfolio from token in `before_request` hook, like
  other routes.

atst/domain/authz/decorator.py

@@ -3,11 +3,6 @@ from functools import wraps
 from flask import g, current_app as app, request
 
 from . import user_can_access
-from atst.domain.portfolios import Portfolios
-from atst.domain.task_orders import TaskOrders
-from atst.domain.applications import Applications
-from atst.domain.environments import Environments
-from atst.domain.invitations import PortfolioInvitations
 from atst.domain.exceptions import UnauthorizedError
 
 
@@ -18,14 +13,6 @@ def check_access(permission, message, override, *args, **kwargs):
         "application": g.application,
     }
 
-    # TODO: We should change the `token` arg in routes to be either
-    # `portfolio_token` or `application_token` and have
-    # atst.utils.context_processors.assign_resources take care of
-    # this.
-    if "token" in kwargs:
-        invite = PortfolioInvitations._get(kwargs["token"])
-        access_args["portfolio"] = invite.role.portfolio
-
     if override is not None and override(g.current_user, **access_args, **kwargs):
         return True
 

atst/routes/portfolios/invitations.py

@@ -19,9 +19,9 @@ def send_invite_email(owner_name, token, new_member_email):
     )
 
 
-@portfolios_bp.route("/portfolios/invitations/<token>", methods=["GET"])
-def accept_invitation(token):
-    invite = PortfolioInvitations.accept(g.current_user, token)
+@portfolios_bp.route("/portfolios/invitations/<portfolio_token>", methods=["GET"])
+def accept_invitation(portfolio_token):
+    invite = PortfolioInvitations.accept(g.current_user, portfolio_token)
 
     for task_order in invite.portfolio.task_orders:
         if g.current_user in task_order.officers:
@@ -35,11 +35,11 @@ def accept_invitation(token):
 
 
 @portfolios_bp.route(
-    "/portfolios/<portfolio_id>/invitations/<token>/revoke", methods=["POST"]
+    "/portfolios/<portfolio_id>/invitations/<portfolio_token>/revoke", methods=["POST"]
 )
 @user_can(Permissions.EDIT_PORTFOLIO_USERS, message="revoke invitation")
-def revoke_invitation(portfolio_id, token):
-    PortfolioInvitations.revoke(token)
+def revoke_invitation(portfolio_id, portfolio_token):
+    PortfolioInvitations.revoke(portfolio_token)
 
     return redirect(
         url_for(
@@ -52,11 +52,11 @@ def revoke_invitation(portfolio_id, token):
 
 
 @portfolios_bp.route(
-    "/portfolios/<portfolio_id>/invitations/<token>/resend", methods=["POST"]
+    "/portfolios/<portfolio_id>/invitations/<portfolio_token>/resend", methods=["POST"]
 )
 @user_can(Permissions.EDIT_PORTFOLIO_USERS, message="resend invitation")
-def resend_invitation(portfolio_id, token):
-    invite = PortfolioInvitations.resend(g.current_user, token)
+def resend_invitation(portfolio_id, portfolio_token):
+    invite = PortfolioInvitations.resend(g.current_user, portfolio_token)
     send_invite_email(g.current_user.full_name, invite.token, invite.email)
     flash("resend_portfolio_invitation", user_name=invite.user_name)
     return redirect(

atst/utils/context_processors.py

@@ -5,7 +5,14 @@ from sqlalchemy.orm.exc import NoResultFound
 
 from atst.database import db
 from atst.domain.authz import Authorization
-from atst.models import Application, Environment, Portfolio, TaskOrder
+from atst.models import (
+    Application,
+    Environment,
+    Portfolio,
+    PortfolioInvitation,
+    PortfolioRole,
+    TaskOrder,
+)
 from atst.models.permissions import Permissions
 from atst.domain.portfolios.scopes import ScopedPortfolio
 
@@ -13,7 +20,18 @@ from atst.domain.portfolios.scopes import ScopedPortfolio
 def get_resources_from_context(view_args):
     query = None
 
-    if "portfolio_id" in view_args:
+    if "portfolio_token" in view_args:
+        query = (
+            db.session.query(Portfolio)
+            .join(PortfolioRole, PortfolioRole.portfolio_id == Portfolio.id)
+            .join(
+                PortfolioInvitation,
+                PortfolioInvitation.portfolio_role_id == PortfolioRole.id,
+            )
+            .filter(PortfolioInvitation.token == view_args["portfolio_token"])
+        )
+
+    elif "portfolio_id" in view_args:
         query = db.session.query(Portfolio).filter(
             Portfolio.id == view_args["portfolio_id"]
         )