Merge pull request #730 from dod-ccpo/archive-portfolio-member

Remove Portfolio User
2019-04-03 13:06:41 -04:00
parent df3ae13b87 83b071bf20
commit 48d9506f96
10 changed files with 153 additions and 5 deletions
--- a/atst/domain/authz/init.py
+++ b/atst/domain/authz/init.py
@@ -1,6 +1,7 @@
 from atst.utils import first_or_none
 from atst.models.permissions import Permissions
 from atst.domain.exceptions import UnauthorizedError
+from atst.models.portfolio_role import Status as PortfolioRoleStatus


 class Authorization(object):
@@ -9,7 +10,7 @@ class Authorization(object):
        port_role = first_or_none(
            lambda pr: pr.portfolio == portfolio, user.portfolio_roles
        )
-        if port_role:
+        if port_role and port_role.status is not PortfolioRoleStatus.DISABLED:
            return permission in port_role.permissions
        else:
            return False
--- a/atst/domain/portfolio_roles.py
+++ b/atst/domain/portfolio_roles.py
@@ -121,6 +121,15 @@ class PortfolioRoles(object):
        )
        return PermissionSets.get_many(perms_set_names)

+    @classmethod
+    def disable(cls, portfolio_role):
+        portfolio_role.status = PortfolioRoleStatus.DISABLED
+
+        db.session.add(portfolio_role)
+        db.session.commit()
+
+        return portfolio_role
+
    @classmethod
    def update(cls, portfolio_role, set_names):
        new_permission_sets = PortfolioRoles._permission_sets_for_names(set_names)
--- a/atst/routes/portfolios/index.py
+++ b/atst/routes/portfolios/index.py
@@ -2,8 +2,6 @@ from datetime import date, timedelta

 from flask import render_template, request as http_request, g, redirect, url_for

-from atst.utils.flash import formatted_flash as flash
-
 from . import portfolios_bp
 from atst.domain.reports import Reports
 from atst.domain.portfolios import Portfolios
@@ -15,6 +13,8 @@ import atst.forms.portfolio_member as member_forms
 from atst.models.permissions import Permissions
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.authz.decorator import user_can_access_decorator as user_can
+from atst.utils.flash import formatted_flash as flash
+from atst.domain.exceptions import UnauthorizedError


@portfolios_bp.route("/portfolios")
@@ -174,3 +174,28 @@ def portfolio_reports(portfolio_id):
        expiration_date=expiration_date,
        remaining_days=remaining_days,
    )
+
+
+@portfolios_bp.route(
+    "/portfolios/<portfolio_id>/members/<user_id>/delete", methods=["POST"]
+)
+@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio members")
+def remove_member(portfolio_id, user_id):
+    if str(g.current_user.id) == user_id:
+        raise UnauthorizedError(
+            g.current_user, "you cant remove yourself from the portfolio"
+        )
+
+    portfolio_role = PortfolioRoles.get(portfolio_id=portfolio_id, user_id=user_id)
+    PortfolioRoles.disable(portfolio_role=portfolio_role)
+
+    flash("portfolio_member_removed", member_name=portfolio_role.user.full_name)
+
+    return redirect(
+        url_for(
+            "portfolios.portfolio_admin",
+            portfolio_id=portfolio_id,
+            _anchor="portfolio-members",
+            fragment="portfolio-members",
+        )
+    )
--- a/atst/utils/flash.py
+++ b/atst/utils/flash.py
@@ -138,6 +138,11 @@ MESSAGES = {
        """,
        "category": "error",
    },
+    "portfolio_member_removed": {
+        "title_template": "Portfolio Member Removed",
+        "message_template": "You have successfully removed {{ member_name }} from the portfolio.",
+        "category": "success",
+    },
 }