Ensure that a member is an application member before adding the user to an environment

2019-04-23 16:37:29 -04:00
parent 3e0a332ffc
commit 6822680bc8
5 changed files with 40 additions and 21 deletions
--- a/atst/domain/environment_roles.py
+++ b/atst/domain/environment_roles.py
@@ -7,11 +7,12 @@ from atst.models import EnvironmentRole
 class EnvironmentRoles(object):
    @classmethod
    def create(cls, user, environment, role):
-        env_role = EnvironmentRole(user=user, environment=environment, role=role)
-        if not user.cloud_id:
-            user.cloud_id = app.csp.cloud.create_user(user)
-        app.csp.cloud.create_role(env_role)
-        return env_role
+        if user.is_app_member(environment.application):
+            env_role = EnvironmentRole(user=user, environment=environment, role=role)
+            if not user.cloud_id:
+                user.cloud_id = app.csp.cloud.create_user(user)
+            app.csp.cloud.create_role(env_role)
+            return env_role

    @classmethod
    def get(cls, user_id, environment_id):
--- a/atst/domain/environments.py
+++ b/atst/domain/environments.py
@@ -5,6 +5,7 @@ from atst.database import db
 from atst.models.environment import Environment
 from atst.models.environment_role import EnvironmentRole
 from atst.models.application import Application
+from atst.domain.application_roles import ApplicationRoles
 from atst.domain.environment_roles import EnvironmentRoles
 from atst.domain.users import Users

@@ -32,6 +33,7 @@ class Environments(object):

    @classmethod
    def add_member(cls, environment, user, role):
+        ApplicationRoles.create(user=user, application=environment.application)
        environment_user = EnvironmentRoles.create(
            user=user, environment=environment, role=role
        )
@@ -66,23 +68,24 @@ class Environments(object):
    def update_env_role(cls, environment, user, new_role):
        updated = False

-        if new_role is None:
-            updated = EnvironmentRoles.delete(user.id, environment.id)
-        else:
-            env_role = EnvironmentRoles.get(user.id, environment.id)
-            if env_role and env_role.role != new_role:
-                env_role.role = new_role
-                updated = True
-                db.session.add(env_role)
-            elif not env_role:
-                env_role = EnvironmentRoles.create(
-                    user=user, environment=environment, role=new_role
-                )
-                updated = True
-                db.session.add(env_role)
+        if user.is_app_member(environment.application):
+            if new_role is None:
+                updated = EnvironmentRoles.delete(user.id, environment.id)
+            else:
+                env_role = EnvironmentRoles.get(user.id, environment.id)
+                if env_role and env_role.role != new_role:
+                    env_role.role = new_role
+                    updated = True
+                    db.session.add(env_role)
+                elif not env_role:
+                    env_role = EnvironmentRoles.create(
+                        user=user, environment=environment, role=new_role
+                    )
+                    updated = True
+                    db.session.add(env_role)

-        if updated:
-            db.session.commit()
+            if updated:
+                db.session.commit()

        return updated