Check workspace permission, not ATAT permission

2018-11-29 10:35:11 -05:00 · 2018-11-29 10:35:11 -05:00 · 54aa10275f
commit 54aa10275f
parent f546ccb673
5 changed files with 45 additions and 3 deletions
--- a/atst/domain/environments.py
+++ b/atst/domain/environments.py
@ -88,7 +88,10 @@ class Environments(object):

    @classmethod
    def revoke_access(cls, user, environment, target_user):
-        Authorization.check_atat_permission(
-            user, Permissions.REMOVE_CSP_ROLES, "revoke environment access"
+        Authorization.check_workspace_permission(
+            user,
+            environment.workspace,
+            Permissions.REMOVE_CSP_ROLES,
+            "revoke environment access",
        )
        EnvironmentRoles.delete(environment.id, target_user.id)
--- a/atst/models/environment.py
+++ b/atst/models/environment.py
@ -27,6 +27,10 @@ class Environment(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
    def displayname(self):
        return self.name

+    @property
+    def workspace(self):
+        return self.project.workspace
+
    def auditable_workspace_id(self):
        return self.project.workspace_id

--- a/atst/models/workspace_role.py
+++ b/atst/models/workspace_role.py
@ -20,7 +20,7 @@ MEMBER_STATUSES = {
    "error": "Error on invite",
    "pending": "Pending",
    "unknown": "Unknown errors",
-    "disabled": "Disabled"
+    "disabled": "Disabled",
 }


--- a/atst/routes/workspaces/members.py
+++ b/atst/routes/workspaces/members.py
@ -168,3 +168,17 @@ def update_member(workspace_id, member_id):
            workspace=workspace,
            member=member,
        )
+
+
+@workspaces_bp.route(
+    "/workspaces/<workspace_id>/members/<member_id>/revoke_access", methods=["POST"]
+)
+def revoke_access(workspace_id, member_id):
+    revoked_role = Workspaces.revoke_access(g.current_user, workspace_id, member_id)
+    return redirect(
+        url_for(
+            "workspaces.workspace_members",
+            workspace_id=workspace_id,
+            revokedMemberName=revoked_role.user_name,
+        )
+    )
--- a/tests/routes/workspaces/test_members.py
+++ b/tests/routes/workspaces/test_members.py
@ -168,3 +168,24 @@ def test_update_member_environment_role_with_no_data(client, user_session):
    )
    assert response.status_code == 200
    assert EnvironmentRoles.get(user.id, env1_id).role == "developer"
+
+
+def test_revoke_member_access(client, user_session):
+    workspace = WorkspaceFactory.create()
+    user = UserFactory.create()
+    member = WorkspaceRoles.add(user, workspace.id, "developer")
+    Projects.create(
+        workspace.owner,
+        workspace,
+        "Snazzy Project",
+        "A new project for me and my friends",
+        {"env1"},
+    )
+    user_session(workspace.owner)
+    response = client.post(
+        url_for(
+            "workspaces.revoke_access", workspace_id=workspace.id, member_id=member.id
+        )
+    )
+    assert response.status_code == 302
+    assert WorkspaceRoles.get_by_id(member.id).num_environment_roles == 0