pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check workspace permission, not ATAT permission

Browse Source
This commit is contained in:
richard-dds 2018-11-29 10:35:11 -05:00
parent f546ccb673
commit 54aa10275f
5 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
atst/domain/environments.py
View File

@ -88,7 +88,10 @@ class Environments(object):
@classmethod @classmethod
def revoke_access(cls, user, environment, target_user): def revoke_access(cls, user, environment, target_user):
Authorization.check_atat_permission( Authorization.check_workspace_permission(
user, Permissions.REMOVE_CSP_ROLES, "revoke environment access" user,
environment.workspace,
Permissions.REMOVE_CSP_ROLES,
"revoke environment access",
) )
EnvironmentRoles.delete(environment.id, target_user.id) EnvironmentRoles.delete(environment.id, target_user.id)

4
atst/models/environment.py
View File

@ -27,6 +27,10 @@ class Environment(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
def displayname(self): def displayname(self):
return self.name return self.name
@property
def workspace(self):
return self.project.workspace
def auditable_workspace_id(self): def auditable_workspace_id(self):
return self.project.workspace_id return self.project.workspace_id

2
atst/models/workspace_role.py
View File

@ -20,7 +20,7 @@ MEMBER_STATUSES = {
"error": "Error on invite", "error": "Error on invite",
"pending": "Pending", "pending": "Pending",
"unknown": "Unknown errors", "unknown": "Unknown errors",
"disabled": "Disabled" "disabled": "Disabled",
} }

14
atst/routes/workspaces/members.py
View File

@ -168,3 +168,17 @@ def update_member(workspace_id, member_id):
workspace=workspace, workspace=workspace,
member=member, member=member,
) )
@workspaces_bp.route(
"/workspaces/<workspace_id>/members/<member_id>/revoke_access", methods=["POST"]
)
def revoke_access(workspace_id, member_id):
revoked_role = Workspaces.revoke_access(g.current_user, workspace_id, member_id)
return redirect(
url_for(
"workspaces.workspace_members",
workspace_id=workspace_id,
revokedMemberName=revoked_role.user_name,
)
)

21
tests/routes/workspaces/test_members.py
View File

@ -168,3 +168,24 @@ def test_update_member_environment_role_with_no_data(client, user_session):
) )
assert response.status_code == 200 assert response.status_code == 200
assert EnvironmentRoles.get(user.id, env1_id).role == "developer" assert EnvironmentRoles.get(user.id, env1_id).role == "developer"
def test_revoke_member_access(client, user_session):
workspace = WorkspaceFactory.create()
user = UserFactory.create()
member = WorkspaceRoles.add(user, workspace.id, "developer")
Projects.create(
workspace.owner,
workspace,
"Snazzy Project",
"A new project for me and my friends",
{"env1"},
)
user_session(workspace.owner)
response = client.post(
url_for(
"workspaces.revoke_access", workspace_id=workspace.id, member_id=member.id
)
)
assert response.status_code == 302
assert WorkspaceRoles.get_by_id(member.id).num_environment_roles == 0