Merge pull request #832 from dod-ccpo/add-app-audit-log

Add app audit log

alembic/versions/c5deba1826be_add_appliction_id_to_auditevent.py

@@ -0,0 +1,32 @@
+"""add_appliction_id_to_auditevent
+
+Revision ID: c5deba1826be
+Revises: 404bb5bb3a0e
+Create Date: 2019-05-15 16:30:27.981456
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = 'c5deba1826be'
+down_revision = '404bb5bb3a0e'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('audit_events', sa.Column('application_id', postgresql.UUID(as_uuid=True), nullable=True))
+    op.create_index(op.f('ix_audit_events_application_id'), 'audit_events', ['application_id'], unique=False)
+    op.create_foreign_key('audit_events_application_application_id', 'audit_events', 'applications', ['application_id'], ['id'])
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint('audit_events_application_application_id', 'audit_events', type_='foreignkey')
+    op.drop_index(op.f('ix_audit_events_application_id'), table_name='audit_events')
+    op.drop_column('audit_events', 'application_id')
+    # ### end Alembic commands ###

atst/domain/application_roles.py

@@ -14,7 +14,9 @@ class ApplicationRoles(object):
 
     @classmethod
     def create(cls, user, application, permission_set_names):
-        application_role = ApplicationRole(user=user, application_id=application.id)
+        application_role = ApplicationRole(
+            user=user, application_id=application.id, application=application
+        )
 
         application_role.permission_sets = ApplicationRoles._permission_sets_for_names(
             permission_set_names

atst/domain/audit_log.py

@@ -1,5 +1,3 @@
-from sqlalchemy import or_
-
 from atst.database import db
 from atst.domain.common import Query
 from atst.models.audit_event import AuditEvent
@@ -14,15 +12,19 @@ class AuditEventQuery(Query):
         return cls.paginate(query, pagination_opts)
 
     @classmethod
-    def get_ws_events(cls, portfolio_id, pagination_opts):
+    def get_portfolio_events(cls, portfolio_id, pagination_opts):
         query = (
             db.session.query(cls.model)
-            .filter(
-                or_(
-                    cls.model.portfolio_id == portfolio_id,
-                    cls.model.resource_id == portfolio_id,
-                )
-            )
+            .filter(cls.model.portfolio_id == portfolio_id)
+            .order_by(cls.model.time_created.desc())
+        )
+        return cls.paginate(query, pagination_opts)
+
+    @classmethod
+    def get_application_events(cls, application_id, pagination_opts):
+        query = (
+            db.session.query(cls.model)
+            .filter(cls.model.application_id == application_id)
             .order_by(cls.model.time_created.desc())
         )
         return cls.paginate(query, pagination_opts)
@@ -30,6 +32,7 @@ class AuditEventQuery(Query):
 
 class AuditLog(object):
     @classmethod
+    # TODO: see if this is being used anywhere and remove if not
     def log_system_event(cls, resource, action, portfolio=None):
         return cls._log(resource=resource, action=action, portfolio=portfolio)
 
@@ -39,7 +42,11 @@ class AuditLog(object):
 
     @classmethod
     def get_portfolio_events(cls, portfolio, pagination_opts=None):
-        return AuditEventQuery.get_ws_events(portfolio.id, pagination_opts)
+        return AuditEventQuery.get_portfolio_events(portfolio.id, pagination_opts)
+
+    @classmethod
+    def get_application_events(cls, application, pagination_opts=None):
+        return AuditEventQuery.get_application_events(application.id, pagination_opts)
 
     @classmethod
     def get_by_resource(cls, resource_id):
@@ -55,6 +62,7 @@ class AuditLog(object):
         return type(resource).__name__.lower()
 
     @classmethod
+    # TODO: see if this is being used anywhere and remove if not
     def _log(cls, user=None, portfolio=None, resource=None, action=None):
         resource_id = resource.id if resource else None
         resource_type = cls._resource_type(resource) if resource else None

atst/domain/permission_sets.py

@@ -209,6 +209,7 @@ _APPLICATION_TEAM_PERMISSION_SET = {
         Permissions.DELETE_APPLICATION_MEMBER,
         Permissions.CREATE_APPLICATION_MEMBER,
         Permissions.ASSIGN_ENVIRONMENT_MEMBER,
+        Permissions.VIEW_APPLICATION_ACTIVITY_LOG,
     ],
 }
 

atst/models/application.py

@@ -52,6 +52,10 @@ class Application(
     def displayname(self):
         return self.name
 
+    @property
+    def application_id(self):
+        return self.id
+
     def __repr__(self):  # pragma: no cover
         return "<Application(name='{}', description='{}', portfolio='{}', id='{}')>".format(
             self.name, self.description, self.portfolio.name, self.id

atst/models/application_invitation.py

@@ -26,6 +26,10 @@ class ApplicationInvitation(Base, TimestampsMixin, AuditableMixin, InvitesMixin)
     def application_id(self):
         return self.role.application_id
 
+    @property
+    def portfolio_id(self):
+        return self.role.portfolio_id
+
     @property
     def event_details(self):
         return {"email": self.email, "dod_id": self.user_dod_id}

atst/models/application_role.py

@@ -53,7 +53,10 @@ class ApplicationRole(
 
     @property
     def user_name(self):
-        return self.user.full_name
+        if self.user:
+            return self.user.full_name
+        else:
+            return None
 
     def __repr__(self):
         return "<ApplicationRole(application='{}', user_id='{}', id='{}', permissions={})>".format(
@@ -75,6 +78,19 @@ class ApplicationRole(
             lambda prms: prms.name == perm_set_name, self.permission_sets
         )
 
+    @property
+    def portfolio_id(self):
+        return self.application.portfolio_id
+
+    @property
+    def event_details(self):
+        return {
+            "updated_user_name": self.user_name,
+            "updated_user_id": str(self.user_id),
+            "application": self.application.name,
+            "portfolio": self.application.portfolio.name,
+        }
+
 
 Index(
     "application_role_user_application",

atst/models/audit_event.py

@@ -17,11 +17,17 @@ class AuditEvent(Base, TimestampsMixin):
     portfolio_id = Column(UUID(as_uuid=True), ForeignKey("portfolios.id"), index=True)
     portfolio = relationship("Portfolio", backref="audit_events")
 
+    application_id = Column(
+        UUID(as_uuid=True), ForeignKey("applications.id"), index=True
+    )
+    application = relationship("Application", backref="audit_events")
+
     changed_state = Column(JSONB())
     event_details = Column(JSONB())
 
     resource_type = Column(String(), nullable=False)
     resource_id = Column(UUID(as_uuid=True), index=True, nullable=False)
+
     display_name = Column(String())
     action = Column(String(), nullable=False)
 
@@ -29,6 +35,7 @@ class AuditEvent(Base, TimestampsMixin):
     def log(self):
         return {
             "portfolio_id": str(self.portfolio_id),
+            "application_id": str(self.application_id),
             "changed_state": self.changed_state,
             "event_details": self.event_details,
             "resource_type": self.resource_type,

atst/models/environment.py

@@ -35,7 +35,8 @@ class Environment(
     def portfolio(self):
         return self.application.portfolio
 
-    def auditable_portfolio_id(self):
+    @property
+    def portfolio_id(self):
         return self.application.portfolio_id
 
     def __repr__(self):

atst/models/environment_role.py

@@ -38,6 +38,14 @@ class EnvironmentRole(
     def history(self):
         return self.get_changes()
 
+    @property
+    def portfolio_id(self):
+        return self.environment.application.portfolio_id
+
+    @property
+    def application_id(self):
+        return self.environment.application_id
+
     @property
     def displayname(self):
         return self.role

atst/models/mixins/auditable.py

@@ -13,23 +13,20 @@ class AuditableMixin(object):
     @staticmethod
     def create_audit_event(connection, resource, action, changed_state=None):
         user_id = getattr_path(g, "current_user.id")
-        portfolio_id = resource.portfolio_id
-        resource_type = resource.resource_type
-        display_name = resource.displayname
-        event_details = resource.event_details
 
         if changed_state is None:
             changed_state = resource.history if action == ACTION_UPDATE else None
 
         audit_event = AuditEvent(
             user_id=user_id,
-            portfolio_id=portfolio_id,
-            resource_type=resource_type,
+            portfolio_id=resource.portfolio_id,
+            application_id=resource.application_id,
+            resource_type=resource.resource_type,
             resource_id=resource.id,
-            display_name=display_name,
+            display_name=resource.displayname,
             action=action,
             changed_state=changed_state,
-            event_details=event_details,
+            event_details=resource.event_details,
         )
 
         app.logger.info(
@@ -93,7 +90,11 @@ class AuditableMixin(object):
 
     @property
     def portfolio_id(self):
-        return None
+        raise NotImplementedError()
+
+    @property
+    def application_id(self):
+        raise NotImplementedError()
 
     @property
     def displayname(self):

atst/models/mixins/invites.py

@@ -105,3 +105,23 @@ class InvitesMixin(object):
     @property
     def user_dod_id(self):
         return self.user.dod_id if self.user is not None else None
+
+    @property
+    def event_details(self):
+        """Overrides the same property in AuditableMixin.
+        Provides the event details for an invite that are required for the audit log
+        """
+        return {"email": self.email, "dod_id": self.user_dod_id}
+
+    @property
+    def history(self):
+        """Overrides the same property in AuditableMixin
+        Determines whether or not invite status has been updated
+        """
+        changes = self.get_changes()
+        change_set = {}
+
+        if "status" in changes:
+            change_set["status"] = [s.name for s in changes["status"]]
+
+        return change_set

atst/models/permissions.py

@@ -18,6 +18,7 @@ class Permissions(object):
     CREATE_ENVIRONMENT = "create_environment"
     DELETE_ENVIRONMENT = "delete_environment"
     ASSIGN_ENVIRONMENT_MEMBER = "assign_environment_member"
+    VIEW_APPLICATION_ACTIVITY_LOG = "view_application_activity_log"
 
     # funding
     VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding"  # TO summary page

atst/models/portfolio.py

@@ -68,9 +68,14 @@ class Portfolio(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
     def all_environments(self):
         return list(chain.from_iterable(p.environments for p in self.applications))
 
-    def auditable_portfolio_id(self):
+    @property
+    def portfolio_id(self):
         return self.id
 
+    @property
+    def application_id(self):
+        return None
+
     def __repr__(self):
         return "<Portfolio(name='{}', user_count='{}', id='{}')>".format(
             self.name, self.user_count, self.id

atst/models/portfolio_invitation.py

@@ -6,7 +6,7 @@ from atst.models import Base
 from atst.models.mixins import TimestampsMixin, AuditableMixin, InvitesMixin
 
 
-class PortfolioInvitation(Base, TimestampsMixin, AuditableMixin, InvitesMixin):
+class PortfolioInvitation(Base, TimestampsMixin, InvitesMixin, AuditableMixin):
     __tablename__ = "portfolio_invitations"
 
     portfolio_role_id = Column(
@@ -27,15 +27,5 @@ class PortfolioInvitation(Base, TimestampsMixin, AuditableMixin, InvitesMixin):
         return self.role.portfolio_id
 
     @property
-    def event_details(self):
-        return {"email": self.email, "dod_id": self.user_dod_id}
-
-    @property
-    def history(self):
-        changes = self.get_changes()
-        change_set = {}
-
-        if "status" in changes:
-            change_set["status"] = [s.name for s in changes["status"]]
-
-        return change_set
+    def application_id(self):
+        return None

atst/models/portfolio_role.py

@@ -164,6 +164,10 @@ class PortfolioRole(
     def full_name(self):
         return self.user.full_name
 
+    @property
+    def application_id(self):
+        return None
+
 
 Index(
     "portfolio_role_user_portfolio",

atst/models/user.py

@@ -96,6 +96,14 @@ class User(
     def displayname(self):
         return self.full_name
 
+    @property
+    def portfolio_id(self):
+        return None
+
+    @property
+    def application_id(self):
+        return None
+
     def __repr__(self):
         return "<User(name='{}', dod_id='{}', email='{}', has_portfolios='{}', id='{}')>".format(
             self.full_name, self.dod_id, self.email, self.has_portfolios, self.id

atst/routes/applications/settings.py

@@ -3,6 +3,8 @@ from flask import redirect, render_template, request as http_request, url_for
 from . import applications_bp
 from atst.domain.environments import Environments
 from atst.domain.applications import Applications
+from atst.domain.audit_log import AuditLog
+from atst.domain.common import Paginator
 from atst.forms.app_settings import AppEnvRolesForm
 from atst.forms.application import ApplicationForm, EditEnvironmentForm
 from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
@@ -90,6 +92,8 @@ def render_settings_page(application, **kwargs):
     environments_obj = get_environments_obj_for_app(application=application)
     members_form = AppEnvRolesForm(data=data_for_app_env_roles_form(application))
     new_env_form = EditEnvironmentForm()
+    pagination_opts = Paginator.get_pagination_opts(http_request)
+    audit_events = AuditLog.get_application_events(application, pagination_opts)
 
     if "application_form" not in kwargs:
         kwargs["application_form"] = ApplicationForm(
@@ -102,6 +106,7 @@ def render_settings_page(application, **kwargs):
         environments_obj=environments_obj,
         members_form=members_form,
         new_env_form=new_env_form,
+        audit_events=audit_events,
         **kwargs,
     )
 

templates/audit_log/audit_log.html

@@ -4,6 +4,6 @@
 {% block content %}
   <div v-cloak>
     {% include "fragments/audit_events_log.html" %}
-    {{ Pagination(audit_events, 'atst.activity_history')}}
+    {{ Pagination(audit_events, url_for('atst.activity_history'))}}
   </div>
 {% endblock %}

templates/audit_log/events/application_invitation.html

@@ -0,0 +1,16 @@
+{% extends 'audit_log/events/_base.html' %}
+
+{% block content %}
+  {% set accepted = event.changed_state.status and event.changed_state.status.1 == "ACCEPTED" %}
+  {% if accepted %}
+    accepted by {{ event.event_details.email }} (DOD <code>{{ event.event_details.dod_id }}</code>)
+    <br>
+  {% endif %}
+  {% if event.action == "create" %}
+    invited {{ event.event_details.email }} (DOD <code>{{ event.event_details.dod_id }}</code>)
+    <br>
+  {% endif %}
+  in Application <code>{{ event.application_id }}</code> ({{ event.application.name }})
+  <br>
+  in Portfolio <code>{{ event.portfolio_id }}</code> ({{ event.portfolio.name }})
+{% endblock %}

templates/audit_log/events/application_role.html

@@ -0,0 +1,9 @@
+{% extends 'audit_log/events/_base.html' %}
+
+{% block content %}
+  for User <code>{{ event.event_details.updated_user_id }}</code> ({{ event.event_details.updated_user_name }})
+  <br>
+  in Application <code>{{ event.application_id}}</code> ({{ event.event_details.application }})
+  <br>
+  in Portfolio <code>{{ event.portfolio_id }}</code> ({{ event.event_details.portfolio }})
+{% endblock %}

templates/components/pagination.html

@@ -1,4 +1,4 @@
-{% macro Page(pagination, route, i, label=None, disabled=False, portfolio_id=None) -%}
+{% macro Page(pagination, url, i, label=None, disabled=False) -%}
   {% set label = label or i %}
 
   {% set button_class = "page usa-button " %}
@@ -11,44 +11,45 @@
     {% set button_class = button_class + "usa-button-secondary" %}
   {% endif %}
 
-    <a id="{{ label }}" type="button" class="{{ button_class }}" href="{{ url_for(route, portfolio_id=portfolio_id, page=i, perPage=pagination.per_page) if not disabled else 'null' }}">{{ label }}</a>
+    <a id="{{ label }}" type="button" class="{{ button_class }}" href="{{ url if not disabled else 'null' }}">{{ label }}</a>
 {%- endmacro %}
 
-{% macro Pagination(pagination, route, portfolio_id=None) -%}
+{% macro Pagination(pagination, url) -%}
+
   <div class="pagination">
 
     {% if pagination.page == 1 %}
-      {{ Page(pagination, route, 1, label="first", disabled=True, portfolio_id=portfolio_id) }}
-      {{ Page(pagination, route, pagination.page - 1, label="prev", disabled=True, portfolio_id=portfolio_id) }}
+      {{ Page(pagination, url, 1, label="first", disabled=True) }}
+      {{ Page(pagination, url, pagination.page - 1, label="prev", disabled=True) }}
     {% else %}
-      {{ Page(pagination, route, 1, label="first", portfolio_id=portfolio_id) }}
-      {{ Page(pagination, route, pagination.page - 1, label="prev", portfolio_id=portfolio_id) }}
+      {{ Page(pagination, url, 1, label="first") }}
+      {{ Page(pagination, url, pagination.page - 1, label="prev") }}
     {% endif %}
 
     {% if pagination.page == 1 %}
       {% set max_page = [pagination.pages, 5] | min %}
       {% for i in range(1, max_page + 1) %}
-        {{ Page(pagination, route, i, portfolio_id=portfolio_id) }}
+        {{ Page(pagination, url, i) }}
       {% endfor %}
     {% elif pagination.page == pagination.pages %}
       {% for i in range(pagination.pages - 4, pagination.pages + 1) %}
         {% if i > 0 %}
-          {{ Page(pagination, route, i, portfolio_id=portfolio_id) }}
+          {{ Page(pagination, url, i) }}
         {% endif %}
       {% endfor %}
     {% else %}
       {% set window = pagination | pageWindow %}
       {% for i in range(window.0, window.1 + 1) %}
-        {{ Page(pagination, route, i, portfolio_id=portfolio_id) }}
+        {{ Page(pagination, url, i) }}
       {% endfor %}
     {% endif %}
 
     {% if pagination.page == pagination.pages %}
-      {{ Page(pagination, route, pagination.page + 1, label="next", disabled=True, portfolio_id=portfolio_id) }}
-      {{ Page(pagination, route, pagination.pages, label="last", disabled=True, portfolio_id=portfolio_id) }}
+      {{ Page(pagination, url, pagination.page + 1, label="next", disabled=True) }}
+      {{ Page(pagination, url, pagination.pages, label="last", disabled=True) }}
     {% else %}
-      {{ Page(pagination, route, pagination.page + 1, label="next", portfolio_id=portfolio_id) }}
-      {{ Page(pagination, route, pagination.pages, label="last", portfolio_id=portfolio_id) }}
+      {{ Page(pagination, url, pagination.page + 1, label="next") }}
+      {{ Page(pagination, url, pagination.pages, label="last") }}
     {% endif %}
 
   </div>

templates/portfolios/admin.html

@@ -52,7 +52,7 @@
 
     {% if user_can(permissions.VIEW_PORTFOLIO_ACTIVITY_LOG) %}
       {% include "fragments/audit_events_log.html" %}
-      {{ Pagination(audit_events, 'portfolios.admin', portfolio_id=portfolio.id) }}
+      {{ Pagination(audit_events, url_for('portfolios.admin', portfolio_id=portfolio.id)) }}
     {% endif %}
   </div>
 {% endblock %}

templates/portfolios/applications/settings.html

@@ -4,6 +4,7 @@
 {% from "components/delete_confirmation.html" import DeleteConfirmation %}
 {% from "components/icon.html" import Icon %}
 {% from "components/modal.html" import Modal %}
+{% from "components/pagination.html" import Pagination %}
 {% from "components/text_input.html" import TextInput %}
 
 {% set secondary_breadcrumb = 'portfolios.applications.existing_application_title' | translate({ "application_name": application.name }) %}
@@ -102,4 +103,9 @@
     {% endcall %}
   {% endif %}
 
+  {% if user_can(permissions.VIEW_APPLICATION_ACTIVITY_LOG) %}
+    {% include "fragments/audit_events_log.html" %}
+    {{ Pagination(audit_events, url=url_for('applications.settings', application_id=application.id)) }}
+  {% endif %}
+
 {% endblock %}

tests/domain/test_audit_log.py

@@ -1,14 +1,20 @@
 import pytest
 
+from atst.domain.applications import Applications
 from atst.domain.audit_log import AuditLog
 from atst.domain.exceptions import UnauthorizedError
 from atst.domain.permission_sets import PermissionSets
+from atst.domain.portfolios import Portfolios
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
 from tests.factories import (
-    UserFactory,
+    ApplicationFactory,
+    ApplicationInvitationFactory,
+    ApplicationRoleFactory,
+    EnvironmentFactory,
+    EnvironmentRoleFactory,
     PortfolioFactory,
     PortfolioRoleFactory,
-    ApplicationFactory,
+    UserFactory,
 )
 
 
@@ -45,7 +51,7 @@ def test_paginate_ws_audit_log():
     assert len(events) == 25
 
 
-def test_ws_audit_log_only_includes_current_ws_events():
+def test_portfolio_audit_log_only_includes_current_portfolio_events():
     owner = UserFactory.create()
     portfolio = PortfolioFactory.create(owner=owner)
     other_portfolio = PortfolioFactory.create(owner=owner)
@@ -55,8 +61,59 @@ def test_ws_audit_log_only_includes_current_ws_events():
 
     events = AuditLog.get_portfolio_events(portfolio)
     for event in events:
-        assert event.portfolio_id == portfolio.id or event.resource_id == portfolio.id
+        assert event.portfolio_id == portfolio.id
         assert (
             not event.portfolio_id == other_portfolio.id
             or event.resource_id == other_portfolio.id
         )
+
+
+def test_get_portfolio_events_includes_app_and_env_events():
+    owner = UserFactory.create()
+    # add portfolio level events
+    portfolio = PortfolioFactory.create(owner=owner)
+    portfolio_events = AuditLog.get_portfolio_events(portfolio)
+
+    # add application level events
+    application = ApplicationFactory.create(portfolio=portfolio)
+    Applications.update(application, {"name": "Star Cruiser"})
+    app_role = ApplicationRoleFactory.create(application=application)
+    app_invite = ApplicationInvitationFactory.create(role=app_role)
+    portfolio_and_app_events = AuditLog.get_portfolio_events(portfolio)
+    assert len(portfolio_events) < len(portfolio_and_app_events)
+
+    # add environment level events
+    env = EnvironmentFactory.create(application=application)
+    env_role = EnvironmentRoleFactory.create(environment=env, user=app_role.user)
+    portfolio_app_and_env_events = AuditLog.get_portfolio_events(portfolio)
+    assert len(portfolio_and_app_events) < len(portfolio_app_and_env_events)
+
+    resource_types = [event.resource_type for event in portfolio_app_and_env_events]
+    assert "application" in resource_types
+    assert "application_role" in resource_types
+    assert "application_invitation" in resource_types
+    assert "environment" in resource_types
+    assert "environment_role" in resource_types
+
+
+def test_get_application_events():
+    # add in some portfolio level events
+    portfolio = PortfolioFactory.create()
+    Portfolios.update(portfolio, {"name": "New Name"})
+    # add app level events
+    application = ApplicationFactory.create(portfolio=portfolio)
+    Applications.update(application, {"name": "Star Cruiser"})
+    app_role = ApplicationRoleFactory.create(application=application)
+    app_invite = ApplicationInvitationFactory.create(role=app_role)
+    env = EnvironmentFactory.create(application=application)
+    env_role = EnvironmentRoleFactory.create(environment=env, user=app_role.user)
+    # add rando app
+    rando_app = ApplicationFactory.create(portfolio=portfolio)
+
+    events = AuditLog.get_application_events(application)
+    for event in events:
+        assert event.application_id == application.id
+        assert not event.application_id == rando_app.id
+
+    resource_types = [event.resource_type for event in events]
+    assert "portfolio" not in resource_types

tests/routes/applications/test_settings.py

@@ -15,6 +15,7 @@ from atst.routes.applications.settings import check_users_are_in_application
 from atst.domain.applications import Applications
 from atst.domain.environment_roles import EnvironmentRoles
 from atst.domain.environments import Environments
+from atst.domain.common import Paginator
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.portfolios import Portfolios
 from atst.domain.exceptions import NotFoundError
@@ -116,7 +117,7 @@ def test_edit_application_environments_obj(app, client, user_session):
         )
 
         assert response.status_code == 200
-        _, context = templates[0]
+        _, context = templates[-1]
 
         assert isinstance(context["members_form"], AppEnvRolesForm)
         env_obj = context["environments_obj"][0]
@@ -127,6 +128,7 @@ def test_edit_application_environments_obj(app, client, user_session):
             env_obj["members"].sort()
             == [env_role1.user.full_name, env_role2.user.full_name].sort()
         )
+        assert isinstance(context["audit_events"], Paginator)
 
 
 def test_data_for_app_env_roles_form(app, client, user_session):
@@ -156,7 +158,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
         )
 
         assert response.status_code == 200
-        _, context = templates[0]
+        _, context = templates[-1]
 
         members_form = context["members_form"]
         assert isinstance(members_form, AppEnvRolesForm)