diff --git a/atst/forms/team.py b/atst/forms/team.py index fbbdffe5..513955f1 100644 --- a/atst/forms/team.py +++ b/atst/forms/team.py @@ -9,22 +9,25 @@ from atst.utils.localization import translate class PermissionsForm(FlaskForm): - perms_env_mgmt = SelectField( - translate("portfolios.applications.members.new.manage_envs"), - choices=[ - ("", "View only"), - (PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "Edit access"), - ], - ) perms_team_mgmt = SelectField( translate("portfolios.applications.members.new.manage_team"), choices=[ - ("", "View only"), + (PermissionSets.VIEW_APPLICATION, "View only"), (PermissionSets.EDIT_APPLICATION_TEAM, "Edit access"), ], ) + perms_env_mgmt = SelectField( + translate("portfolios.applications.members.new.manage_envs"), + choices=[ + (PermissionSets.VIEW_APPLICATION, "View only"), + (PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "Edit access"), + ], + ) perms_del_env = SelectField( - choices=[("", "No"), (PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "Yes")] + choices=[ + ("View only", "No"), + (PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "Yes"), + ] ) @property diff --git a/atst/routes/applications/team.py b/atst/routes/applications/team.py index 227aa644..dde891a9 100644 --- a/atst/routes/applications/team.py +++ b/atst/routes/applications/team.py @@ -4,11 +4,11 @@ from flask import render_template, request as http_request, g, url_for, redirect from . import applications_bp from atst.domain.applications import Applications from atst.domain.application_roles import ApplicationRoles +from atst.domain.authz.decorator import user_can_access_decorator as user_can from atst.domain.environments import Environments from atst.domain.environment_roles import EnvironmentRoles -from atst.domain.authz.decorator import user_can_access_decorator as user_can -from atst.domain.permission_sets import PermissionSets from atst.domain.exceptions import AlreadyExistsError +from atst.domain.permission_sets import PermissionSets from atst.forms.application_member import NewForm as NewMemberForm from atst.forms.team import TeamForm from atst.models import Permissions @@ -33,7 +33,6 @@ def team(application_id): team_data = [] for member in application.members: user_id = member.user.id - # TODO: if no members, we get a server error user_name = member.user.full_name environment_users[user_id] = { "permissions": { @@ -82,12 +81,11 @@ def team(application_id): } ) - team_form = TeamForm(data={"members": team_data}) - env_roles = [ {"environment_id": e.id, "environment_name": e.name} for e in application.environments ] + team_form = TeamForm(data={"members": team_data}) new_member_form = NewMemberForm(data={"environment_roles": env_roles}) return render_template( diff --git a/templates/fragments/applications/edit_team.html b/templates/fragments/applications/edit_team.html index a88361d6..f33cfe9c 100644 --- a/templates/fragments/applications/edit_team.html +++ b/templates/fragments/applications/edit_team.html @@ -4,7 +4,7 @@ {% set environment_roles_form = member_form.environment_roles %} {% set permissions_form = member_form.permission_sets %} -
+ {{ team_form.csrf_token }}
  • diff --git a/tests/domain/test_application_roles.py b/tests/domain/test_application_roles.py index f430c8cb..b77546af 100644 --- a/tests/domain/test_application_roles.py +++ b/tests/domain/test_application_roles.py @@ -33,3 +33,30 @@ def test_enabled_application_role(): ApplicationRoles.enable(app_role) assert app_role.status == ApplicationRoleStatus.ACTIVE + + +def test_get(): + user = UserFactory.create() + application = ApplicationFactory.create() + app_role = ApplicationRoleFactory.create(user=user, application=application) + + assert ApplicationRoles.get(user.id, application.id) + assert app_role.application == application + assert app_role.user == user + + +def test_update_permission_sets(): + user = UserFactory.create() + application = ApplicationFactory.create() + app_role = ApplicationRoleFactory.create(user=user, application=application) + + view_app = [PermissionSets.get(PermissionSets.VIEW_APPLICATION)] + new_perms_names = [ + PermissionSets.EDIT_APPLICATION_TEAM, + PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, + ] + new_perms = PermissionSets.get_many(new_perms_names) + # view application permission is included by default + assert app_role.permission_sets == view_app + assert ApplicationRoles.update_permission_sets(app_role, new_perms_names) + assert set(app_role.permission_sets) == set(new_perms + view_app) diff --git a/tests/forms/test_team.py b/tests/forms/test_team.py index 671a44ee..895c5e6a 100644 --- a/tests/forms/test_team.py +++ b/tests/forms/test_team.py @@ -7,20 +7,25 @@ from atst.forms.team import * def test_permissions_form_permission_sets(): form_data = { - "perms_env_mgmt": "", "perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, - "perms_del_env": "", + "perms_env_mgmt": PermissionSets.VIEW_APPLICATION, + "perms_del_env": "View only", } form = PermissionsForm(data=form_data) + assert form.validate() - assert form.data == [PermissionSets.EDIT_APPLICATION_TEAM] + assert form.data == [ + PermissionSets.EDIT_APPLICATION_TEAM, + PermissionSets.VIEW_APPLICATION, + "View only", + ] def test_permissions_form_invalid(): form_data = { - "perms_env_mgmt": "not a real choice", "perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, - "perms_del_env": "", + "perms_env_mgmt": "not a real choice", + "perms_del_env": "View only", } form = PermissionsForm(data=form_data) assert not form.validate() diff --git a/tests/routes/applications/test_team.py b/tests/routes/applications/test_team.py index 1c3e0a17..af776822 100644 --- a/tests/routes/applications/test_team.py +++ b/tests/routes/applications/test_team.py @@ -10,7 +10,6 @@ def test_application_team(client, user_session): user_session(portfolio.owner) response = client.get(url_for("applications.team", application_id=application.id)) - assert response.status_code == 200