diff --git a/atst/domain/applications.py b/atst/domain/applications.py index d12da2af..30884c59 100644 --- a/atst/domain/applications.py +++ b/atst/domain/applications.py @@ -8,7 +8,7 @@ from atst.models.environment_role import EnvironmentRole class Applications(object): @classmethod - def create(cls, user, portfolio, name, description, environment_names): + def create(cls, portfolio, name, description, environment_names): application = Application( portfolio=portfolio, name=name, description=description ) @@ -20,7 +20,7 @@ class Applications(object): return application @classmethod - def get(cls, user, portfolio, application_id): + def get(cls, application_id): try: application = ( db.session.query(Application).filter_by(id=application_id).one() @@ -42,7 +42,7 @@ class Applications(object): ) @classmethod - def get_all(cls, user, portfolio_role, portfolio): + def get_all(cls, portfolio): try: applications = ( db.session.query(Application).filter_by(portfolio_id=portfolio.id).all() @@ -53,7 +53,7 @@ class Applications(object): return applications @classmethod - def update(cls, user, portfolio, application, new_data): + def update(cls, application, new_data): if "name" in new_data: application.name = new_data["name"] if "description" in new_data: diff --git a/atst/domain/audit_log.py b/atst/domain/audit_log.py index 76668111..8fa6e517 100644 --- a/atst/domain/audit_log.py +++ b/atst/domain/audit_log.py @@ -34,11 +34,11 @@ class AuditLog(object): return cls._log(resource=resource, action=action, portfolio=portfolio) @classmethod - def get_all_events(cls, user, pagination_opts=None): + def get_all_events(cls, pagination_opts=None): return AuditEventQuery.get_all(pagination_opts) @classmethod - def get_portfolio_events(cls, user, portfolio, pagination_opts=None): + def get_portfolio_events(cls, portfolio, pagination_opts=None): return AuditEventQuery.get_ws_events(portfolio.id, pagination_opts) @classmethod diff --git a/atst/domain/authz/decorator.py b/atst/domain/authz/decorator.py index f75c36ac..fb46241f 100644 --- a/atst/domain/authz/decorator.py +++ b/atst/domain/authz/decorator.py @@ -10,7 +10,7 @@ from atst.domain.task_orders import TaskOrders def evaluate_exceptions(user, permission, exceptions, **kwargs): return ( True - if True in [exc(g.current_user, permission, **kwargs) for exc in exceptions] + if True in [exc(user, permission, **kwargs) for exc in exceptions] else False ) @@ -26,7 +26,7 @@ def user_can_access_decorator(permission, message=None, exceptions=None): g.current_user, kwargs["portfolio_id"] ) elif "task_order_id" in kwargs: - task_order = TaskOrders.get(g.current_user, kwargs["task_order_id"]) + task_order = TaskOrders.get(kwargs["task_order_id"]) access_args["portfolio"] = task_order.portfolio if exceptions and evaluate_exceptions( diff --git a/atst/domain/environments.py b/atst/domain/environments.py index 9aa6579e..9b0fa9b5 100644 --- a/atst/domain/environments.py +++ b/atst/domain/environments.py @@ -58,7 +58,7 @@ class Environments(object): return env @classmethod - def update_environment_roles(cls, user, portfolio, portfolio_role, ids_and_roles): + def update_environment_roles(cls, portfolio_role, ids_and_roles): updated = False for id_and_role in ids_and_roles: @@ -92,5 +92,5 @@ class Environments(object): return updated @classmethod - def revoke_access(cls, user, environment, target_user): + def revoke_access(cls, environment, target_user): EnvironmentRoles.delete(environment.id, target_user.id) diff --git a/atst/domain/invitations.py b/atst/domain/invitations.py index 4afa2529..c4d51248 100644 --- a/atst/domain/invitations.py +++ b/atst/domain/invitations.py @@ -116,7 +116,7 @@ class Invitations(object): return portfolio_role.latest_invitation @classmethod - def resend(cls, user, portfolio_id, token): + def resend(cls, user, token): previous_invitation = Invitations._get(token) Invitations._update_status(previous_invitation, InvitationStatus.REVOKED) diff --git a/atst/domain/portfolios/portfolios.py b/atst/domain/portfolios/portfolios.py index 79e0f92a..49e5b005 100644 --- a/atst/domain/portfolios/portfolios.py +++ b/atst/domain/portfolios/portfolios.py @@ -36,25 +36,7 @@ class Portfolios(object): return ScopedPortfolio(user, portfolio) @classmethod - def get_for_update_applications(cls, user, portfolio_id): - portfolio = PortfoliosQuery.get(portfolio_id) - - return portfolio - - @classmethod - def get_for_update_information(cls, user, portfolio_id): - portfolio = PortfoliosQuery.get(portfolio_id) - - return portfolio - - @classmethod - def get_for_update_member(cls, user, portfolio_id): - portfolio = PortfoliosQuery.get(portfolio_id) - - return portfolio - - @classmethod - def get_with_members(cls, user, portfolio_id): + def get_for_update(cls, portfolio_id): portfolio = PortfoliosQuery.get(portfolio_id) return portfolio @@ -68,7 +50,7 @@ class Portfolios(object): return portfolios @classmethod - def create_member(cls, user, portfolio, data): + def create_member(cls, portfolio, data): new_user = Users.get_or_create_by_dod_id( data["dod_id"], first_name=data["first_name"], @@ -87,7 +69,7 @@ class Portfolios(object): return portfolio_role @classmethod - def update_member(cls, user, portfolio, member, permission_sets): + def update_member(cls, member, permission_sets): return PortfolioRoles.update(member, permission_sets) @classmethod @@ -118,7 +100,7 @@ class Portfolios(object): ) @classmethod - def revoke_access(cls, user, portfolio_id, portfolio_role_id): + def revoke_access(cls, portfolio_id, portfolio_role_id): portfolio = PortfoliosQuery.get(portfolio_id) portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id) @@ -127,7 +109,7 @@ class Portfolios(object): portfolio_role.status = PortfolioRoleStatus.DISABLED for environment in portfolio.all_environments: - Environments.revoke_access(user, environment, portfolio_role.user) + Environments.revoke_access(environment, portfolio_role.user) PortfoliosQuery.add_and_commit(portfolio_role) return portfolio_role diff --git a/atst/domain/task_orders.py b/atst/domain/task_orders.py index fe96f090..98b86a77 100644 --- a/atst/domain/task_orders.py +++ b/atst/domain/task_orders.py @@ -52,7 +52,7 @@ class TaskOrders(object): UNCLASSIFIED_FUNDING = ["performance_length", "csp_estimate", "clin_01", "clin_03"] @classmethod - def get(cls, user, task_order_id): + def get(cls, task_order_id): try: task_order = db.session.query(TaskOrder).filter_by(id=task_order_id).one() @@ -70,7 +70,7 @@ class TaskOrders(object): return task_order @classmethod - def update(cls, user, task_order, **kwargs): + def update(cls, task_order, **kwargs): for key, value in kwargs.items(): setattr(task_order, key, value) @@ -135,7 +135,7 @@ class TaskOrders(object): ] @classmethod - def add_officer(cls, user, task_order, officer_type, officer_data): + def add_officer(cls, task_order, officer_type, officer_data): if officer_type in TaskOrders.OFFICERS: portfolio = task_order.portfolio @@ -152,7 +152,6 @@ class TaskOrders(object): portfolio_user = existing_member.user else: member = Portfolios.create_member( - user, portfolio, { **officer_data, diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index 71e3881c..2f1ad3c2 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -148,7 +148,7 @@ def logout(): @user_can(Permissions.VIEW_AUDIT_LOG, message="view activity log") def activity_history(): pagination_opts = Paginator.get_pagination_opts(request) - audit_events = AuditLog.get_all_events(g.current_user, pagination_opts) + audit_events = AuditLog.get_all_events(pagination_opts) return render_template("audit_log/audit_log.html", audit_events=audit_events) diff --git a/atst/routes/portfolios/applications.py b/atst/routes/portfolios/applications.py index 6e97963d..c4665078 100644 --- a/atst/routes/portfolios/applications.py +++ b/atst/routes/portfolios/applications.py @@ -27,7 +27,7 @@ def portfolio_applications(portfolio_id): @portfolios_bp.route("/portfolios//applications/new") @user_can(Permissions.CREATE_APPLICATION) def new_application(portfolio_id): - portfolio = Portfolios.get_for_update_applications(g.current_user, portfolio_id) + portfolio = Portfolios.get_for_update(portfolio_id) form = NewApplicationForm() return render_template( "portfolios/applications/new.html", portfolio=portfolio, form=form @@ -37,13 +37,12 @@ def new_application(portfolio_id): @portfolios_bp.route("/portfolios//applications/new", methods=["POST"]) @user_can(Permissions.CREATE_APPLICATION) def create_application(portfolio_id): - portfolio = Portfolios.get_for_update_applications(g.current_user, portfolio_id) + portfolio = Portfolios.get_for_update(portfolio_id) form = NewApplicationForm(http_request.form) if form.validate(): application_data = form.data Applications.create( - g.current_user, portfolio, application_data["name"], application_data["description"], @@ -61,8 +60,8 @@ def create_application(portfolio_id): @portfolios_bp.route("/portfolios//applications//edit") @user_can(Permissions.EDIT_APPLICATION) def edit_application(portfolio_id, application_id): - portfolio = Portfolios.get_for_update_applications(g.current_user, portfolio_id) - application = Applications.get(g.current_user, portfolio, application_id) + portfolio = Portfolios.get_for_update(portfolio_id) + application = Applications.get(application_id) form = ApplicationForm(name=application.name, description=application.description) return render_template( @@ -78,12 +77,12 @@ def edit_application(portfolio_id, application_id): ) @user_can(Permissions.EDIT_APPLICATION) def update_application(portfolio_id, application_id): - portfolio = Portfolios.get_for_update_applications(g.current_user, portfolio_id) - application = Applications.get(g.current_user, portfolio, application_id) + portfolio = Portfolios.get_for_update(portfolio_id) + application = Applications.get(application_id) form = ApplicationForm(http_request.form) if form.validate(): application_data = form.data - Applications.update(g.current_user, portfolio, application, application_data) + Applications.update(application, application_data) return redirect( url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id) diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py index bb90786f..f6d04ef7 100644 --- a/atst/routes/portfolios/index.py +++ b/atst/routes/portfolios/index.py @@ -40,12 +40,10 @@ def serialize_member(member): @portfolios_bp.route("/portfolios//admin") @user_can(Permissions.VIEW_PORTFOLIO_ADMIN) def portfolio_admin(portfolio_id): - portfolio = Portfolios.get_for_update_information(g.current_user, portfolio_id) + portfolio = Portfolios.get_for_update(portfolio_id) form = PortfolioForm(data={"name": portfolio.name}) pagination_opts = Paginator.get_pagination_opts(http_request) - audit_events = AuditLog.get_portfolio_events( - g.current_user, portfolio, pagination_opts - ) + audit_events = AuditLog.get_portfolio_events(portfolio, pagination_opts) members_data = [serialize_member(member) for member in portfolio.members] return render_template( "portfolios/admin.html", @@ -60,7 +58,7 @@ def portfolio_admin(portfolio_id): @portfolios_bp.route("/portfolios//edit", methods=["POST"]) @user_can(Permissions.EDIT_PORTFOLIO_NAME) def edit_portfolio(portfolio_id): - portfolio = Portfolios.get_for_update_information(g.current_user, portfolio_id) + portfolio = Portfolios.get_for_update(portfolio_id) form = PortfolioForm(http_request.form) if form.validate(): Portfolios.update(portfolio, form.data) diff --git a/atst/routes/portfolios/invitations.py b/atst/routes/portfolios/invitations.py index d50d42c4..95bc3007 100644 --- a/atst/routes/portfolios/invitations.py +++ b/atst/routes/portfolios/invitations.py @@ -47,7 +47,7 @@ def accept_invitation(token): ) @user_can(Permissions.EDIT_PORTFOLIO_USERS) def revoke_invitation(portfolio_id, token): - portfolio = Portfolios.get_for_update_member(g.current_user, portfolio_id) + portfolio = Portfolios.get_for_update(portfolio_id) Invitations.revoke(token) return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio.id)) @@ -58,7 +58,7 @@ def revoke_invitation(portfolio_id, token): ) @user_can(Permissions.EDIT_PORTFOLIO_USERS) def resend_invitation(portfolio_id, token): - invite = Invitations.resend(g.current_user, portfolio_id, token) + invite = Invitations.resend(g.current_user, token) send_invite_email(g.current_user.full_name, invite.token, invite.email) flash("resend_portfolio_invitation", user_name=invite.user_name) return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id)) diff --git a/atst/routes/portfolios/members.py b/atst/routes/portfolios/members.py index 05100ed4..e9d854e8 100644 --- a/atst/routes/portfolios/members.py +++ b/atst/routes/portfolios/members.py @@ -36,7 +36,7 @@ def serialize_portfolio_role(portfolio_role): @portfolios_bp.route("/portfolios//members") @user_can(Permissions.VIEW_PORTFOLIO_USERS) def portfolio_members(portfolio_id): - portfolio = Portfolios.get_with_members(g.current_user, portfolio_id) + portfolio = Portfolios.get_for_update(portfolio_id) members_list = [serialize_portfolio_role(k) for k in portfolio.members] return render_template( @@ -50,8 +50,8 @@ def portfolio_members(portfolio_id): @portfolios_bp.route("/portfolios//applications//members") @user_can(Permissions.VIEW_APPLICATION_MEMBER) def application_members(portfolio_id, application_id): - portfolio = Portfolios.get_with_members(g.current_user, portfolio_id) - application = Applications.get(g.current_user, portfolio, application_id) + portfolio = Portfolios.get_for_update(portfolio_id) + application = Applications.get(application_id) # TODO: this should show only members that have env roles in this application members_list = [serialize_portfolio_role(k) for k in portfolio.members] @@ -81,7 +81,7 @@ def create_member(portfolio_id): if form.validate(): try: - member = Portfolios.create_member(g.current_user, portfolio, form.data) + member = Portfolios.create_member(portfolio, form.data) invite_service = InvitationService( g.current_user, member, form.data.get("email") ) @@ -107,7 +107,7 @@ def create_member(portfolio_id): def view_member(portfolio_id, member_id): portfolio = Portfolios.get(g.current_user, portfolio_id) member = PortfolioRoles.get(portfolio_id, member_id) - applications = Applications.get_all(g.current_user, member, portfolio) + applications = Applications.get_all(portfolio) form = member_forms.EditForm(portfolio_role="admin") editable = g.current_user == member.user can_revoke_access = Portfolios.can_revoke_access_for(portfolio, member) @@ -147,12 +147,8 @@ def update_member(portfolio_id, member_id): form = member_forms.EditForm(http_request.form) if form.validate(): - member = Portfolios.update_member( - g.current_user, portfolio, member, form.data["permission_sets"] - ) - updated_roles = Environments.update_environment_roles( - g.current_user, portfolio, member, ids_and_roles - ) + member = Portfolios.update_member(member, form.data["permission_sets"]) + updated_roles = Environments.update_environment_roles(member, ids_and_roles) if updated_roles: flash("environment_access_changed") @@ -173,6 +169,6 @@ def update_member(portfolio_id, member_id): ) @user_can(Permissions.EDIT_PORTFOLIO_USERS) def revoke_access(portfolio_id, member_id): - revoked_role = Portfolios.revoke_access(g.current_user, portfolio_id, member_id) + revoked_role = Portfolios.revoke_access(portfolio_id, member_id) flash("revoked_portfolio_access", member_name=revoked_role.user.full_name) return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id)) diff --git a/atst/routes/portfolios/task_orders.py b/atst/routes/portfolios/task_orders.py index 0bf262bc..7f1c749c 100644 --- a/atst/routes/portfolios/task_orders.py +++ b/atst/routes/portfolios/task_orders.py @@ -72,7 +72,7 @@ def portfolio_funding(portfolio_id): @user_can(Permissions.VIEW_TASK_ORDER_DETAILS) def view_task_order(portfolio_id, task_order_id): portfolio = Portfolios.get(g.current_user, portfolio_id) - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) to_form_complete = TaskOrders.all_sections_complete(task_order) dd_254_complete = DD254s.is_complete(task_order.dd_254) return render_template( @@ -90,7 +90,7 @@ def view_task_order(portfolio_id, task_order_id): def wrap_check_is_ko_or_cor(user, _perm, task_order_id=None, **_kwargs): - task_order = TaskOrders.get(user, task_order_id) + task_order = TaskOrders.get(task_order_id) Authorization.check_is_ko_or_cor(user, task_order) return True @@ -99,7 +99,7 @@ def wrap_check_is_ko_or_cor(user, _perm, task_order_id=None, **_kwargs): @portfolios_bp.route("/portfolios//task_order//review") @user_can(None, exceptions=[wrap_check_is_ko_or_cor]) def ko_review(portfolio_id, task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) portfolio = Portfolios.get(g.current_user, portfolio_id) if TaskOrders.all_sections_complete(task_order): @@ -118,7 +118,7 @@ def ko_review(portfolio_id, task_order_id): methods=["POST"], ) @user_can(Permissions.EDIT_TASK_ORDER_DETAILS) -def resend_invite(portfolio_id, task_order_id, form=None): +def resend_invite(portfolio_id, task_order_id): invite_type = http_request.args.get("invite_type") if invite_type not in OFFICER_INVITATIONS: @@ -126,7 +126,7 @@ def resend_invite(portfolio_id, task_order_id, form=None): invite_type_info = OFFICER_INVITATIONS[invite_type] - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) portfolio = Portfolios.get(g.current_user, portfolio_id) officer = getattr(task_order, invite_type_info["role"]) @@ -177,12 +177,12 @@ def resend_invite(portfolio_id, task_order_id, form=None): ) @user_can(None, exceptions=[wrap_check_is_ko_or_cor]) def submit_ko_review(portfolio_id, task_order_id, form=None): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) form_data = {**http_request.form, **http_request.files} form = KOReviewForm(form_data) if form.validate(): - TaskOrders.update(user=g.current_user, task_order=task_order, **form.data) + TaskOrders.update(task_order=task_order, **form.data) if Authorization.is_ko(g.current_user, task_order) and TaskOrders.can_ko_sign( task_order ): @@ -212,7 +212,7 @@ def submit_ko_review(portfolio_id, task_order_id, form=None): @user_can(Permissions.EDIT_TASK_ORDER_DETAILS) def task_order_invitations(portfolio_id, task_order_id): portfolio = Portfolios.get(g.current_user, portfolio_id) - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) form = EditTaskOrderOfficersForm(obj=task_order) if TaskOrders.all_sections_complete(task_order): @@ -233,7 +233,7 @@ def task_order_invitations(portfolio_id, task_order_id): @user_can(Permissions.EDIT_TASK_ORDER_DETAILS) def edit_task_order_invitations(portfolio_id, task_order_id): portfolio = Portfolios.get(g.current_user, portfolio_id) - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) form = EditTaskOrderOfficersForm(formdata=http_request.form, obj=task_order) if form.validate(): @@ -279,7 +279,7 @@ def so_review_form(task_order): def wrap_check_is_so(user, _perm, task_order_id=None, **_kwargs): - task_order = TaskOrders.get(user, task_order_id) + task_order = TaskOrders.get(task_order_id) Authorization.check_is_so(user, task_order) return True @@ -288,7 +288,7 @@ def wrap_check_is_so(user, _perm, task_order_id=None, **_kwargs): @portfolios_bp.route("/portfolios//task_order//dd254") @user_can(None, exceptions=[wrap_check_is_so]) def so_review(portfolio_id, task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) form = so_review_form(task_order) return render_template( @@ -304,7 +304,7 @@ def so_review(portfolio_id, task_order_id): ) @user_can(None, exceptions=[wrap_check_is_so]) def submit_so_review(portfolio_id, task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) form = DD254Form(http_request.form) if form.validate(): diff --git a/atst/routes/task_orders/index.py b/atst/routes/task_orders/index.py index d9077386..7eb2ea23 100644 --- a/atst/routes/task_orders/index.py +++ b/atst/routes/task_orders/index.py @@ -1,5 +1,5 @@ from io import BytesIO -from flask import g, Response, current_app as app +from flask import Response, current_app as app from . import task_orders_bp from atst.domain.task_orders import TaskOrders @@ -12,7 +12,7 @@ from atst.models.permissions import Permissions @task_orders_bp.route("/task_orders/download_summary/") @user_can(Permissions.VIEW_TASK_ORDER_DETAILS) def download_summary(task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) byte_str = BytesIO() Docx.render(byte_str, data=task_order.to_dictionary()) filename = "{}.docx".format(task_order.portfolio_name) @@ -36,7 +36,7 @@ def send_file(attachment): @task_orders_bp.route("/task_orders/csp_estimate/") @user_can(Permissions.VIEW_TASK_ORDER_DETAILS) def download_csp_estimate(task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) if task_order.csp_estimate: return send_file(task_order.csp_estimate) else: @@ -46,7 +46,7 @@ def download_csp_estimate(task_order_id): @task_orders_bp.route("/task_orders/pdf/") @user_can(Permissions.VIEW_TASK_ORDER_DETAILS) def download_task_order_pdf(task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) if task_order.pdf: return send_file(task_order.pdf) else: diff --git a/atst/routes/task_orders/invite.py b/atst/routes/task_orders/invite.py index e58ff5b6..ffc872c7 100644 --- a/atst/routes/task_orders/invite.py +++ b/atst/routes/task_orders/invite.py @@ -11,7 +11,7 @@ from atst.models.permissions import Permissions @task_orders_bp.route("/task_orders/invite/", methods=["POST"]) @user_can(Permissions.EDIT_TASK_ORDER_DETAILS) def invite(task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) if TaskOrders.all_sections_complete(task_order): update_officer_invitations(g.current_user, task_order) diff --git a/atst/routes/task_orders/new.py b/atst/routes/task_orders/new.py index dc361af4..b698fb6d 100644 --- a/atst/routes/task_orders/new.py +++ b/atst/routes/task_orders/new.py @@ -61,7 +61,7 @@ class ShowTaskOrderWorkflow: @property def task_order(self): if not self._task_order and self.task_order_id: - self._task_order = TaskOrders.get(self.user, self.task_order_id) + self._task_order = TaskOrders.get(self.task_order_id) return self._task_order @@ -230,7 +230,7 @@ class UpdateTaskOrderWorkflow(ShowTaskOrderWorkflow): old_name = self.task_order.portfolio_name if not new_name == old_name: Portfolios.update(self.task_order.portfolio, {"name": new_name}) - TaskOrders.update(self.user, self.task_order, **self.task_order_form_data) + TaskOrders.update(self.task_order, **self.task_order_form_data) else: if self.portfolio_id: pf = Portfolios.get(self.user, self.portfolio_id) @@ -241,7 +241,7 @@ class UpdateTaskOrderWorkflow(ShowTaskOrderWorkflow): self.form.defense_component.data, ) self._task_order = TaskOrders.create(portfolio=pf, creator=self.user) - TaskOrders.update(self.user, self.task_order, **self.task_order_form_data) + TaskOrders.update(self.task_order, **self.task_order_form_data) return self.task_order @@ -251,7 +251,7 @@ def get_started(): return render_template("task_orders/new/get_started.html") # pragma: no cover -def is_new_task_order(*args, **kwargs): +def is_new_task_order(*_args, **kwargs): return ( "screen" in kwargs and kwargs["screen"] == 1 diff --git a/atst/routes/task_orders/signing.py b/atst/routes/task_orders/signing.py index 04b21d4a..c12f32fd 100644 --- a/atst/routes/task_orders/signing.py +++ b/atst/routes/task_orders/signing.py @@ -12,7 +12,7 @@ from atst.domain.authz.decorator import user_can_access_decorator as user_can def find_unsigned_ko_to(task_order_id): - task_order = TaskOrders.get(g.current_user, task_order_id) + task_order = TaskOrders.get(task_order_id) if not TaskOrders.can_ko_sign(task_order): raise NoAccessError("task_order") @@ -21,7 +21,7 @@ def find_unsigned_ko_to(task_order_id): def wrap_check_is_ko(user, _perm, task_order_id=None, **_kwargs): - task_order = TaskOrders.get(user, task_order_id) + task_order = TaskOrders.get(task_order_id) Authorization.check_is_ko(user, task_order) return True @@ -58,7 +58,6 @@ def record_signature(task_order_id): if form.validate(): TaskOrders.update( - user=g.current_user, task_order=task_order, signer_dod_id=g.current_user.dod_id, signed_at=datetime.datetime.now(), diff --git a/atst/services/invitation.py b/atst/services/invitation.py index b3bd94fb..0953d42a 100644 --- a/atst/services/invitation.py +++ b/atst/services/invitation.py @@ -33,7 +33,7 @@ def update_officer_invitations(user, task_order): ): officer_data = task_order.officer_dictionary(invite_opts["role"]) officer = TaskOrders.add_officer( - user, task_order, invite_opts["role"], officer_data + task_order, invite_opts["role"], officer_data ) pf_officer_member = PortfolioRoles.get(task_order.portfolio.id, officer.id) invite_service = Invitation( diff --git a/script/seed_sample.py b/script/seed_sample.py index f29fb5f6..f9895e59 100644 --- a/script/seed_sample.py +++ b/script/seed_sample.py @@ -68,7 +68,7 @@ def get_users(): def add_members_to_portfolio(portfolio): for portfolio_role in PORTFOLIO_USERS: - ws_role = Portfolios.create_member(portfolio.owner, portfolio, portfolio_role) + ws_role = Portfolios.create_member(portfolio, portfolio_role) db.session.refresh(ws_role) PortfolioRoles.enable(ws_role) @@ -114,7 +114,6 @@ def create_task_order(portfolio, start, end, clin_01=None, clin_03=None): def add_applications_to_portfolio(portfolio, applications): for application in applications: Applications.create( - portfolio.owner, portfolio=portfolio, name=application["name"], description=application["description"], diff --git a/tests/domain/test_applications.py b/tests/domain/test_applications.py index 5ac13cde..98dde0e2 100644 --- a/tests/domain/test_applications.py +++ b/tests/domain/test_applications.py @@ -6,7 +6,7 @@ from atst.domain.portfolios import Portfolios def test_create_application_with_multiple_environments(): portfolio = PortfolioFactory.create() application = Applications.create( - portfolio.owner, portfolio, "My Test Application", "Test", ["dev", "prod"] + portfolio, "My Test Application", "Test", ["dev", "prod"] ) assert application.portfolio == portfolio @@ -21,7 +21,7 @@ def test_portfolio_owner_can_view_environments(): owner=owner, applications=[{"environments": [{"name": "dev"}, {"name": "prod"}]}], ) - application = Applications.get(owner, portfolio, portfolio.applications[0].id) + application = Applications.get(portfolio.applications[0].id) assert len(application.environments) == 2 @@ -38,11 +38,9 @@ def test_can_only_update_name_and_description(): } ], ) - application = Applications.get(owner, portfolio, portfolio.applications[0].id) + application = Applications.get(portfolio.applications[0].id) env_name = application.environments[0].name Applications.update( - owner, - portfolio, application, { "name": "New Name", diff --git a/tests/domain/test_audit_log.py b/tests/domain/test_audit_log.py index 5ed320cb..110d385e 100644 --- a/tests/domain/test_audit_log.py +++ b/tests/domain/test_audit_log.py @@ -28,39 +28,43 @@ def test_non_admin_cannot_view_audit_log(developer): AuditLog.get_all_events(developer) -def test_ccpo_can_view_audit_log(ccpo): - events = AuditLog.get_all_events(ccpo) +@pytest.mark.skip(reason="redo as a route access test") +def test_ccpo_can_view_audit_log(): + events = AuditLog.get_all_events() assert len(events) > 0 -def test_paginate_audit_log(ccpo): +def test_paginate_audit_log(): user = UserFactory.create() for _ in range(100): AuditLog.log_system_event(user, action="create") - events = AuditLog.get_all_events(ccpo, pagination_opts={"per_page": 25, "page": 2}) + events = AuditLog.get_all_events(pagination_opts={"per_page": 25, "page": 2}) assert len(events) == 25 -def test_ccpo_can_view_ws_audit_log(ccpo): +@pytest.mark.skip(reason="redo as a route access test") +def test_ccpo_can_view_ws_audit_log(): portfolio = PortfolioFactory.create() - events = AuditLog.get_portfolio_events(ccpo, portfolio) + events = AuditLog.get_portfolio_events(portfolio) assert len(events) > 0 +@pytest.mark.skip(reason="redo as a route access test") def test_ws_admin_can_view_ws_audit_log(): portfolio = PortfolioFactory.create() admin = UserFactory.create() PortfolioRoleFactory.create( portfolio=portfolio, user=admin, status=PortfolioRoleStatus.ACTIVE ) - events = AuditLog.get_portfolio_events(admin, portfolio) + events = AuditLog.get_portfolio_events(portfolio) assert len(events) > 0 +@pytest.mark.skip(reason="redo as a route access test") def test_ws_owner_can_view_ws_audit_log(): portfolio = PortfolioFactory.create() - events = AuditLog.get_portfolio_events(portfolio.owner, portfolio) + events = AuditLog.get_portfolio_events(portfolio) assert len(events) > 0 @@ -81,7 +85,7 @@ def test_paginate_ws_audit_log(): ) events = AuditLog.get_portfolio_events( - portfolio.owner, portfolio, pagination_opts={"per_page": 25, "page": 2} + portfolio, pagination_opts={"per_page": 25, "page": 2} ) assert len(events) == 25 @@ -94,7 +98,7 @@ def test_ws_audit_log_only_includes_current_ws_events(): application_1 = ApplicationFactory.create(portfolio=portfolio) application_2 = ApplicationFactory.create(portfolio=other_portfolio) - events = AuditLog.get_portfolio_events(portfolio.owner, portfolio) + events = AuditLog.get_portfolio_events(portfolio) for event in events: assert event.portfolio_id == portfolio.id or event.resource_id == portfolio.id assert ( diff --git a/tests/domain/test_environments.py b/tests/domain/test_environments.py index 78cc8b0d..dee03fb6 100644 --- a/tests/domain/test_environments.py +++ b/tests/domain/test_environments.py @@ -29,9 +29,7 @@ def test_create_environment_role_creates_cloud_id(session): portfolio_role = portfolio.members[0] assert not portfolio_role.user.cloud_id - assert Environments.update_environment_roles( - owner, portfolio, portfolio_role, new_role - ) + assert Environments.update_environment_roles(portfolio_role, new_role) assert portfolio_role.user.cloud_id is not None @@ -69,9 +67,7 @@ def test_update_environment_roles(): ] portfolio_role = portfolio.members[0] - assert Environments.update_environment_roles( - owner, portfolio, portfolio_role, new_ids_and_roles - ) + assert Environments.update_environment_roles(portfolio_role, new_ids_and_roles) new_dev_env_role = EnvironmentRoles.get(portfolio_role.user.id, dev_env.id) staging_env_role = EnvironmentRoles.get(portfolio_role.user.id, staging_env.id) @@ -120,9 +116,7 @@ def test_remove_environment_role(): ] portfolio_role = PortfolioRoles.get(portfolio.id, developer.id) - assert Environments.update_environment_roles( - owner, portfolio, portfolio_role, new_environment_roles - ) + assert Environments.update_environment_roles(portfolio_role, new_environment_roles) assert portfolio_role.num_environment_roles == 2 assert EnvironmentRoles.get(developer.id, now_ba).role == "billing_auditor" @@ -154,9 +148,7 @@ def test_no_update_to_environment_roles(): new_ids_and_roles = [{"id": dev_env.id, "role": "devops"}] portfolio_role = PortfolioRoles.get(portfolio.id, developer.id) - assert not Environments.update_environment_roles( - owner, portfolio, portfolio_role, new_ids_and_roles - ) + assert not Environments.update_environment_roles(portfolio_role, new_ids_and_roles) def test_get_scoped_environments(db): diff --git a/tests/domain/test_invitations.py b/tests/domain/test_invitations.py index 7c0f0ff8..ef08c879 100644 --- a/tests/domain/test_invitations.py +++ b/tests/domain/test_invitations.py @@ -130,7 +130,7 @@ def test_resend_invitation(): user = UserFactory.create() ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio) invite = Invitations.create(portfolio.owner, ws_role, user.email) - Invitations.resend(portfolio.owner, portfolio.id, invite.token) + Invitations.resend(user, invite.token) assert ws_role.invitations[0].is_revoked assert ws_role.invitations[1].is_pending diff --git a/tests/domain/test_portfolios.py b/tests/domain/test_portfolios.py index 7ca7b5ba..ef594f44 100644 --- a/tests/domain/test_portfolios.py +++ b/tests/domain/test_portfolios.py @@ -54,7 +54,7 @@ def test_portfolios_get_ensures_user_is_in_portfolio(portfolio, portfolio_owner) def test_get_for_update_applications_allows_owner(portfolio, portfolio_owner): - Portfolios.get_for_update_applications(portfolio_owner, portfolio.id) + Portfolios.get_for_update(portfolio.id) @pytest.mark.skip(reason="redo as a route access test") @@ -63,7 +63,7 @@ def test_get_for_update_applications_blocks_developer(portfolio): PortfolioRoles.add(developer, portfolio.id) with pytest.raises(UnauthorizedError): - Portfolios.get_for_update_applications(developer, portfolio.id) + Portfolios.get_for_update(portfolio.id) def test_can_create_portfolio_role(portfolio, portfolio_owner): @@ -75,7 +75,7 @@ def test_can_create_portfolio_role(portfolio, portfolio_owner): "dod_id": "1234567890", } - new_member = Portfolios.create_member(portfolio_owner, portfolio, user_data) + new_member = Portfolios.create_member(portfolio, user_data) assert new_member.portfolio == portfolio assert new_member.user.provisional @@ -90,7 +90,7 @@ def test_can_add_existing_user_to_portfolio(portfolio, portfolio_owner): "dod_id": user.dod_id, } - new_member = Portfolios.create_member(portfolio_owner, portfolio, user_data) + new_member = Portfolios.create_member(portfolio, user_data) assert new_member.portfolio == portfolio assert new_member.user.email == user.email assert not new_member.user.provisional @@ -109,7 +109,7 @@ def test_need_permission_to_create_portfolio_role(portfolio, portfolio_owner): } with pytest.raises(UnauthorizedError): - Portfolios.create_member(random_user, portfolio, user_data) + Portfolios.create_member(portfolio, user_data) def test_update_portfolio_role_role(portfolio, portfolio_owner): @@ -124,9 +124,7 @@ def test_update_portfolio_role_role(portfolio, portfolio_owner): member = PortfolioRoleFactory.create(portfolio=portfolio) permission_sets = [PermissionSets.EDIT_PORTFOLIO_FUNDING] - updated_member = Portfolios.update_member( - portfolio_owner, portfolio, member, permission_sets=permission_sets - ) + updated_member = Portfolios.update_member(member, permission_sets=permission_sets) assert updated_member.portfolio == portfolio @@ -140,22 +138,22 @@ def test_need_permission_to_update_portfolio_role_role(portfolio, portfolio_owne "portfolio_role": "developer", "dod_id": "1234567890", } - member = Portfolios.create_member(portfolio_owner, portfolio, user_data) + member = Portfolios.create_member(portfolio, user_data) role_name = "developer" with pytest.raises(UnauthorizedError): - Portfolios.update_member(random_user, portfolio, member, role_name) + Portfolios.update_member(member, role_name) def test_owner_can_view_portfolio_members(portfolio, portfolio_owner): - portfolio = Portfolios.get_with_members(portfolio_owner, portfolio.id) + portfolio = Portfolios.get_for_update(portfolio.id) assert portfolio def test_ccpo_can_view_portfolio_members(portfolio, portfolio_owner): ccpo = UserFactory.create_ccpo() - assert Portfolios.get_with_members(ccpo, portfolio.id) + assert Portfolios.get_for_update(portfolio.id) @pytest.mark.skip(reason="redo as a route access test") @@ -163,16 +161,12 @@ def test_random_user_cannot_view_portfolio_members(portfolio): developer = UserFactory.create() with pytest.raises(UnauthorizedError): - portfolio = Portfolios.get_with_members(developer, portfolio.id) + portfolio = Portfolios.get_for_update(portfolio.id) def test_scoped_portfolio_for_admin_missing_view_apps_perms(portfolio_owner, portfolio): Applications.create( - portfolio_owner, - portfolio, - "My Application 2", - "My application 2", - ["dev", "staging", "prod"], + portfolio, "My Application 2", "My application 2", ["dev", "staging", "prod"] ) restricted_admin = UserFactory.create() PortfolioRoleFactory.create( @@ -191,18 +185,10 @@ def test_scoped_portfolio_only_returns_a_users_applications_and_environments( portfolio, portfolio_owner ): new_application = Applications.create( - portfolio_owner, - portfolio, - "My Application", - "My application", - ["dev", "staging", "prod"], + portfolio, "My Application", "My application", ["dev", "staging", "prod"] ) Applications.create( - portfolio_owner, - portfolio, - "My Application 2", - "My application 2", - ["dev", "staging", "prod"], + portfolio, "My Application 2", "My application 2", ["dev", "staging", "prod"] ) developer = UserFactory.create() dev_environment = Environments.add_member( @@ -222,11 +208,7 @@ def test_scoped_portfolio_returns_all_applications_for_portfolio_admin( ): for _ in range(5): Applications.create( - portfolio_owner, - portfolio, - "My Application", - "My application", - ["dev", "staging", "prod"], + portfolio, "My Application", "My application", ["dev", "staging", "prod"] ) admin = UserFactory.create() @@ -245,11 +227,7 @@ def test_scoped_portfolio_returns_all_applications_for_portfolio_owner( ): for _ in range(5): Applications.create( - portfolio_owner, - portfolio, - "My Application", - "My application", - ["dev", "staging", "prod"], + portfolio, "My Application", "My application", ["dev", "staging", "prod"] ) scoped_portfolio = Portfolios.get(portfolio_owner, portfolio.id) @@ -289,7 +267,7 @@ def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner): @pytest.mark.skip(reason="redo as a route access test") def test_get_for_update_information(portfolio, portfolio_owner): - owner_ws = Portfolios.get_for_update_information(portfolio_owner, portfolio.id) + owner_ws = Portfolios.get_for_update(portfolio.id) assert portfolio == owner_ws admin = UserFactory.create() @@ -297,16 +275,16 @@ def test_get_for_update_information(portfolio, portfolio_owner): PortfolioRoleFactory.create( user=admin, portfolio=portfolio, permission_sets=perm_sets ) - admin_ws = Portfolios.get_for_update_information(admin, portfolio.id) + admin_ws = Portfolios.get_for_update(portfolio.id) assert portfolio == admin_ws # TODO: implement ccpo roles # ccpo = UserFactory.create_ccpo() - # assert Portfolios.get_for_update_information(ccpo, portfolio.id) + # assert Portfolios.get_for_update(portfolio.id) developer = UserFactory.create() with pytest.raises(UnauthorizedError): - Portfolios.get_for_update_information(developer, portfolio.id) + Portfolios.get_for_update(portfolio.id) def test_can_create_portfolios_with_matching_names(): @@ -320,7 +298,7 @@ def test_able_to_revoke_portfolio_access_for_active_member(): portfolio_role = PortfolioRoleFactory.create( portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE ) - Portfolios.revoke_access(portfolio.owner, portfolio.id, portfolio_role.id) + Portfolios.revoke_access(portfolio.id, portfolio_role.id) assert Portfolios.for_user(portfolio_role.user) == [] @@ -340,7 +318,7 @@ def test_unable_to_revoke_owner_portfolio_access(): owner_portfolio_role = portfolio.roles[0] with pytest.raises(PortfolioError): - Portfolios.revoke_access(portfolio.owner, portfolio.id, owner_portfolio_role.id) + Portfolios.revoke_access(portfolio.id, owner_portfolio_role.id) def test_disabled_members_dont_show_up(session): diff --git a/tests/domain/test_task_orders.py b/tests/domain/test_task_orders.py index 65b8b511..f7f94236 100644 --- a/tests/domain/test_task_orders.py +++ b/tests/domain/test_task_orders.py @@ -21,7 +21,7 @@ def test_is_signed_by_ko(): assert not TaskOrders.is_signed_by_ko(task_order) - TaskOrders.update(user, task_order, signer_dod_id=user.dod_id) + TaskOrders.update(task_order, signer_dod_id=user.dod_id) assert TaskOrders.is_signed_by_ko(task_order) @@ -68,7 +68,7 @@ def test_add_officer(): task_order = TaskOrderFactory.create() ko = UserFactory.create() owner = task_order.portfolio.owner - TaskOrders.add_officer(owner, task_order, "contracting_officer", ko.to_dictionary()) + TaskOrders.add_officer(task_order, "contracting_officer", ko.to_dictionary()) assert task_order.contracting_officer == ko portfolio_users = [ws_role.user for ws_role in task_order.portfolio.members] @@ -80,15 +80,13 @@ def test_add_officer_with_nonexistent_role(): ko = UserFactory.create() owner = task_order.portfolio.owner with pytest.raises(TaskOrderError): - TaskOrders.add_officer(owner, task_order, "pilot", ko.to_dictionary()) + TaskOrders.add_officer(task_order, "pilot", ko.to_dictionary()) def test_add_officer_who_is_already_portfolio_member(): task_order = TaskOrderFactory.create() owner = task_order.portfolio.owner - TaskOrders.add_officer( - owner, task_order, "contracting_officer", owner.to_dictionary() - ) + TaskOrders.add_officer(task_order, "contracting_officer", owner.to_dictionary()) assert task_order.contracting_officer == owner member = task_order.portfolio.members[0] @@ -122,9 +120,7 @@ def test_task_order_access(): for prms in PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS ], ) - TaskOrders.add_officer( - creator, task_order, "contracting_officer", officer.to_dictionary() - ) + TaskOrders.add_officer(task_order, "contracting_officer", officer.to_dictionary()) check_access([creator, officer, member], [rando], "get", [task_order.id]) check_access([creator, officer], [member, rando], "create", [portfolio]) diff --git a/tests/models/test_environments.py b/tests/models/test_environments.py index 0dad7874..17a32ec8 100644 --- a/tests/models/test_environments.py +++ b/tests/models/test_environments.py @@ -9,11 +9,7 @@ def test_add_user_to_environment(): portfolio = PortfolioFactory.create(owner=owner) application = Applications.create( - owner, - portfolio, - "my test application", - "It's mine.", - ["dev", "staging", "prod"], + portfolio, "my test application", "It's mine.", ["dev", "staging", "prod"] ) dev_environment = application.environments[0] diff --git a/tests/models/test_portfolio_role.py b/tests/models/test_portfolio_role.py index 333375ff..7747a5c6 100644 --- a/tests/models/test_portfolio_role.py +++ b/tests/models/test_portfolio_role.py @@ -120,7 +120,7 @@ def test_has_env_role_history(session): user=user, environment=environment, role="developer" ) Environments.update_environment_roles( - owner, portfolio, portfolio_role, [{"role": "admin", "id": environment.id}] + portfolio_role, [{"role": "admin", "id": environment.id}] ) changed_events = ( session.query(AuditEvent) @@ -154,7 +154,7 @@ def test_has_no_environment_roles(): } portfolio = PortfolioFactory.create(owner=owner) - portfolio_role = Portfolios.create_member(owner, portfolio, developer_data) + portfolio_role = Portfolios.create_member(portfolio, developer_data) assert not portfolio_role.has_environment_roles @@ -170,13 +170,9 @@ def test_has_environment_roles(): } portfolio = PortfolioFactory.create(owner=owner) - portfolio_role = Portfolios.create_member(owner, portfolio, developer_data) + portfolio_role = Portfolios.create_member(portfolio, developer_data) application = Applications.create( - owner, - portfolio, - "my test application", - "It's mine.", - ["dev", "staging", "prod"], + portfolio, "my test application", "It's mine.", ["dev", "staging", "prod"] ) Environments.add_member( application.environments[0], portfolio_role.user, "developer" diff --git a/tests/routes/portfolios/test_applications.py b/tests/routes/portfolios/test_applications.py index ff38fd1c..941d198e 100644 --- a/tests/routes/portfolios/test_applications.py +++ b/tests/routes/portfolios/test_applications.py @@ -130,7 +130,6 @@ def test_creating_application(client, user_session): def test_view_edit_application(client, user_session): portfolio = PortfolioFactory.create() application = Applications.create( - portfolio.owner, portfolio, "Snazzy Application", "A new application for me and my friends", diff --git a/tests/routes/portfolios/test_members.py b/tests/routes/portfolios/test_members.py index 5d149f6f..b4edbb23 100644 --- a/tests/routes/portfolios/test_members.py +++ b/tests/routes/portfolios/test_members.py @@ -168,7 +168,6 @@ def test_update_member_environment_role(client, user_session): user = UserFactory.create() member = PortfolioRoles.add(user, portfolio.id) application = Applications.create( - portfolio.owner, portfolio, "Snazzy Application", "A new application for me and my friends", @@ -202,7 +201,6 @@ def test_update_member_environment_role_with_no_data(client, user_session): user = UserFactory.create() member = PortfolioRoles.add(user, portfolio.id) application = Applications.create( - portfolio.owner, portfolio, "Snazzy Application", "A new application for me and my friends", @@ -231,7 +229,6 @@ def test_revoke_active_member_access(client, user_session): portfolio=portfolio, user=user, status=PortfolioRoleStatus.ACTIVE ) Applications.create( - portfolio.owner, portfolio, "Snazzy Application", "A new application for me and my friends", diff --git a/tests/routes/portfolios/test_task_orders.py b/tests/routes/portfolios/test_task_orders.py index 1e9dfa86..ab6e18d0 100644 --- a/tests/routes/portfolios/test_task_orders.py +++ b/tests/routes/portfolios/test_task_orders.py @@ -157,7 +157,7 @@ class TestTaskOrderInvitations: "security_officer-last_name": "Fett", }, ) - updated_task_order = TaskOrders.get(self.portfolio.owner, self.task_order.id) + updated_task_order = TaskOrders.get(self.task_order.id) assert updated_task_order.ko_first_name == "Luke" assert updated_task_order.ko_last_name == "Skywalker" assert updated_task_order.so_first_name == "Boba" @@ -189,7 +189,7 @@ class TestTaskOrderInvitations: "contracting_officer-invite": "y", }, ) - updated_task_order = TaskOrders.get(self.portfolio.owner, self.task_order.id) + updated_task_order = TaskOrders.get(self.task_order.id) assert updated_task_order.ko_invite == True assert updated_task_order.ko_first_name == "Luke" @@ -222,7 +222,7 @@ class TestTaskOrderInvitations: assert "There were some errors" in response.data.decode() - updated_task_order = TaskOrders.get(self.portfolio.owner, self.task_order.id) + updated_task_order = TaskOrders.get(self.task_order.id) assert updated_task_order.so_first_name != "Boba" assert len(queue.get_queue()) == queue_length assert response.status_code == 400 @@ -251,7 +251,7 @@ def test_ko_can_view_task_order(client, user_session, portfolio, user): assert response.status_code == 200 assert translate("common.manage") in response.data.decode() - TaskOrders.update(user, task_order, clin_01=None) + TaskOrders.update(task_order, clin_01=None) response = client.get( url_for( "portfolios.view_task_order", @@ -706,20 +706,21 @@ def test_resending_revoked_invite(app, client, user_session, portfolio, user): assert response.status_code == 404 -def test_resending_expired_invite(app, client, user_session, portfolio, user): +def test_resending_expired_invite(app, client, user_session, portfolio): queue_length = len(queue.get_queue()) + ko = UserFactory.create() task_order = TaskOrderFactory.create( - portfolio=portfolio, contracting_officer=user, ko_invite=True + portfolio=portfolio, contracting_officer=ko, ko_invite=True ) - portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio, user=user) + portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio, user=ko) invite = InvitationFactory.create( - inviter=user, + inviter=portfolio.owner, portfolio_role=portfolio_role, - email=user.email, + email=ko.email, expiration_time=datetime.now() - timedelta(days=1), ) - user_session(user) + user_session(portfolio.owner) response = client.post( url_for( diff --git a/tests/routes/task_orders/test_new_task_order.py b/tests/routes/task_orders/test_new_task_order.py index b6015295..28da7c8c 100644 --- a/tests/routes/task_orders/test_new_task_order.py +++ b/tests/routes/task_orders/test_new_task_order.py @@ -118,7 +118,7 @@ def test_create_new_task_order(client, user_session, pdf_upload): assert url_for("task_orders.new", screen=2) in response.headers["Location"] created_task_order_id = response.headers["Location"].split("/")[-1] - created_task_order = TaskOrders.get(creator, created_task_order_id) + created_task_order = TaskOrders.get(created_task_order_id) assert created_task_order.portfolio is not None assert created_task_order.portfolio.name == portfolio_name assert created_task_order.portfolio.defense_component == defense_component @@ -156,7 +156,7 @@ def test_create_new_task_order_for_portfolio(client, user_session): assert url_for("task_orders.new", screen=2) in response.headers["Location"] created_task_order_id = response.headers["Location"].split("/")[-1] - created_task_order = TaskOrders.get(creator, created_task_order_id) + created_task_order = TaskOrders.get(created_task_order_id) assert created_task_order.portfolio_name == portfolio.name assert created_task_order.defense_component == portfolio.defense_component assert created_task_order.portfolio == portfolio @@ -213,7 +213,7 @@ def test_review_screen_when_all_sections_complete(client, user_session, task_ord def test_review_screen_when_not_all_sections_complete(client, user_session, task_order): - TaskOrders.update(task_order.creator, task_order, clin_01=None) + TaskOrders.update(task_order, clin_01=None) user_session(task_order.creator) response = client.get( url_for("task_orders.new", screen=4, task_order_id=task_order.id) diff --git a/tests/routes/task_orders/test_sign.py b/tests/routes/task_orders/test_sign.py index a7717ab0..d66cd3a7 100644 --- a/tests/routes/task_orders/test_sign.py +++ b/tests/routes/task_orders/test_sign.py @@ -18,10 +18,7 @@ def create_ko_task_order(user_session, contracting_officer): ) TaskOrders.add_officer( - contracting_officer, - task_order, - "contracting_officer", - contracting_officer.to_dictionary(), + task_order, "contracting_officer", contracting_officer.to_dictionary() ) dd_254 = DD254Factory.create() @@ -33,7 +30,7 @@ def create_ko_task_order(user_session, contracting_officer): def test_show_signature_requested_not_ko(client, user_session): contracting_officer = UserFactory.create() task_order = create_ko_task_order(user_session, contracting_officer) - TaskOrders.update(contracting_officer, task_order, contracting_officer=None) + TaskOrders.update(task_order, contracting_officer=None) response = client.get( url_for("task_orders.signature_requested", task_order_id=task_order.id) @@ -50,10 +47,7 @@ def test_show_signature_requested(client, user_session): # create unfinished TO task_order = TaskOrderFactory.create(portfolio=portfolio, clin_01=None) TaskOrders.add_officer( - contracting_officer, - task_order, - "contracting_officer", - contracting_officer.to_dictionary(), + task_order, "contracting_officer", contracting_officer.to_dictionary() ) response = client.get( url_for("task_orders.signature_requested", task_order_id=task_order.id) @@ -61,7 +55,7 @@ def test_show_signature_requested(client, user_session): assert response.status_code == 404 # Finish TO - TaskOrders.update(contracting_officer, task_order, clin_01=100) + TaskOrders.update(task_order, clin_01=100) response = client.get( url_for("task_orders.signature_requested", task_order_id=task_order.id) ) @@ -79,9 +73,7 @@ def test_show_signature_requested(client, user_session): def test_show_signature_requested_already_signed(client, user_session): contracting_officer = UserFactory.create() task_order = create_ko_task_order(user_session, contracting_officer) - TaskOrders.update( - contracting_officer, task_order, signer_dod_id=contracting_officer.dod_id - ) + TaskOrders.update(task_order, signer_dod_id=contracting_officer.dod_id) response = client.get( url_for("task_orders.signature_requested", task_order_id=task_order.id) @@ -93,7 +85,7 @@ def test_show_signature_requested_already_signed(client, user_session): def test_signing_task_order_not_ko(client, user_session): contracting_officer = UserFactory.create() task_order = create_ko_task_order(user_session, contracting_officer) - TaskOrders.update(contracting_officer, task_order, contracting_officer=None) + TaskOrders.update(task_order, contracting_officer=None) response = client.post( url_for("task_orders.record_signature", task_order_id=task_order.id), data={} @@ -105,9 +97,7 @@ def test_signing_task_order_not_ko(client, user_session): def test_singing_an_already_signed_task_order(client, user_session): contracting_officer = UserFactory.create() task_order = create_ko_task_order(user_session, contracting_officer) - TaskOrders.update( - contracting_officer, task_order, signer_dod_id=contracting_officer.dod_id - ) + TaskOrders.update(task_order, signer_dod_id=contracting_officer.dod_id) response = client.post( url_for("task_orders.record_signature", task_order_id=task_order.id), diff --git a/tests/test_authz.py b/tests/test_access.py similarity index 57% rename from tests/test_authz.py rename to tests/test_access.py index 343ba526..f8a6e82d 100644 --- a/tests/test_authz.py +++ b/tests/test_access.py @@ -8,18 +8,18 @@ import atst.domain.authz as authz from tests.factories import UserFactory _NO_ACCESS_CHECK_REQUIRED = _NO_LOGIN_REQUIRED + [ - "task_orders.get_started", - "atst.csp_environment_access", - "atst.jedi_csp_calculator", - "atst.styleguide", - "dev.test_email", - "dev.messages", - "atst.home", - "users.user", - "users.update_user", - "portfolios.accept_invitation", - "atst.catch_all", - "portfolios.portfolios", + "task_orders.get_started", # all users can start a new TO + "atst.csp_environment_access", # internal redirect + "atst.jedi_csp_calculator", # internal redirect + "atst.styleguide", # dev reference + "dev.test_email", # dev tool + "dev.messages", # dev tool + "atst.home", # available to all users + "users.user", # available to all users + "users.update_user", # available to all users + "portfolios.accept_invitation", # available to all users; access control is built into invitation logic + "atst.catch_all", # available to all users + "portfolios.portfolios", # the portfolios list is scoped to the user separately ] @@ -38,10 +38,19 @@ def protected_routes(app): return _protected_routes -_PROTECTED_ROUTES = protected_routes(make_app(make_config())) +sample_config = make_config() +sample_app = make_app(sample_config) +_PROTECTED_ROUTES = protected_routes(sample_app) class Null: + """ + Very simple null object. Will return itself for all attribute + calls: + > foo = Null() + > foo.bar.baz == foo + """ + def __init__(self, *args, **kwargs): pass @@ -53,10 +62,18 @@ class Null: def test_all_protected_routes_have_access_control( rule, route, mocker, client, user_session, monkeypatch ): + """ + This tests that all routes, except the ones in + _NO_ACCESS_CHECK_REQUIRED, are protected by the access + decorator. + """ + # monkeypatch any object lookups that might happen in the access decorator monkeypatch.setattr("atst.domain.portfolios.Portfolios.for_user", lambda *a: []) monkeypatch.setattr("atst.domain.portfolios.Portfolios.get", lambda *a: None) monkeypatch.setattr("atst.domain.task_orders.TaskOrders.get", lambda *a: Null()) + # patch the two internal functions the access decorator uses so + # that we can check that one or the other was called mocker.patch("atst.domain.authz.decorator.user_can_access") mocker.patch("atst.domain.authz.decorator.evaluate_exceptions")