diff --git a/atst/forms/portfolio_member.py b/atst/forms/portfolio_member.py index 36e0d3cd..492777a7 100644 --- a/atst/forms/portfolio_member.py +++ b/atst/forms/portfolio_member.py @@ -1,4 +1,4 @@ -from wtforms.fields import StringField +from wtforms.fields import StringField, FormField, FieldList from wtforms.fields.html5 import EmailField from wtforms.validators import Required, Email, Length @@ -10,6 +10,7 @@ from atst.utils.localization import translate class PermissionsForm(BaseForm): + member = StringField() perms_app_mgmt = SelectField( None, choices=[ @@ -50,6 +51,10 @@ class PermissionsForm(BaseForm): return _data +class MembersPermissionsForm(BaseForm): + members_permissions = FieldList(FormField(PermissionsForm)) + + class EditForm(PermissionsForm): # This form also accepts a field for each environment in each application # that the user is a member of diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py index 6aadb012..b87763d4 100644 --- a/atst/routes/portfolios/index.py +++ b/atst/routes/portfolios/index.py @@ -8,9 +8,10 @@ from atst.domain.portfolios import Portfolios from atst.domain.audit_log import AuditLog from atst.domain.common import Paginator from atst.forms.portfolio import PortfolioForm +from atst.forms.portfolio_member import MembersPermissionsForm +from atst.models.permissions import Permissions from atst.domain.permission_sets import PermissionSets from atst.domain.authz.decorator import user_can_access_decorator as user_can -from atst.models.permissions import Permissions @portfolios_bp.route("/portfolios") @@ -23,27 +24,53 @@ def portfolios(): return render_template("portfolios/blank_slate.html") -def serialize_member(member): +def permission_str(member, edit_perm_set, view_perm_set): + if member.has_permission_set(edit_perm_set): + return edit_perm_set + else: + return view_perm_set + + +def serialize_member_form_data(member): return { - "member": member, - "app_mgmt": member.has_permission_set( - PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT + "member": member.user.full_name, + "perms_app_mgmt": permission_str( + member, + PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT, + PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT, ), - "funding": member.has_permission_set(PermissionSets.EDIT_PORTFOLIO_FUNDING), - "reporting": member.has_permission_set(PermissionSets.EDIT_PORTFOLIO_REPORTS), - "portfolio_mgmt": member.has_permission_set( - PermissionSets.EDIT_PORTFOLIO_ADMIN + "perms_funding": permission_str( + member, + PermissionSets.EDIT_PORTFOLIO_FUNDING, + PermissionSets.VIEW_PORTFOLIO_FUNDING, + ), + "perms_reporting": permission_str( + member, + PermissionSets.EDIT_PORTFOLIO_REPORTS, + PermissionSets.VIEW_PORTFOLIO_REPORTS, + ), + "perms_portfolio_mgmt": permission_str( + member, + PermissionSets.EDIT_PORTFOLIO_ADMIN, + PermissionSets.VIEW_PORTFOLIO_ADMIN, ), } -def render_admin_page(portfolio, form): +def render_admin_page(portfolio, form=None): pagination_opts = Paginator.get_pagination_opts(http_request) audit_events = AuditLog.get_portfolio_events(portfolio, pagination_opts) - members_data = [serialize_member(member) for member in portfolio.members] + members_data = [serialize_member_form_data(member) for member in portfolio.members] + + portfolio_form = PortfolioForm(data={"name": portfolio.name}) + member_perms_form = MembersPermissionsForm( + data={"members_permissions": members_data} + ) return render_template( "portfolios/admin.html", form=form, + portfolio_form=portfolio_form, + member_perms_form=member_perms_form, portfolio=portfolio, audit_events=audit_events, user=g.current_user, @@ -55,8 +82,7 @@ def render_admin_page(portfolio, form): @user_can(Permissions.VIEW_PORTFOLIO_ADMIN, message="view portfolio admin page") def portfolio_admin(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) - form = PortfolioForm(data={"name": portfolio.name}) - return render_admin_page(portfolio, form) + return render_admin_page(portfolio) @portfolios_bp.route("/portfolios//edit", methods=["POST"]) diff --git a/static/icons/plus-circle-solid.svg b/static/icons/plus-circle-solid.svg new file mode 100644 index 00000000..67441e7f --- /dev/null +++ b/static/icons/plus-circle-solid.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/styles/components/_portfolio_layout.scss b/styles/components/_portfolio_layout.scss index 87c080c2..2ae5f61e 100644 --- a/styles/components/_portfolio_layout.scss +++ b/styles/components/_portfolio_layout.scss @@ -197,8 +197,6 @@ } table { - box-shadow: 0 6px 18px 0 rgba(144,164,183,0.3); - thead { th:first-child { padding-left: 3 * $gap; @@ -233,6 +231,26 @@ font-size: 1.6rem; border-top: 0; padding: 3 * $gap 2 * $gap; + + .usa-button-secondary { + color: $color-red; + background-color: $color-red-lightest; + box-shadow: inset 0 0 0 1px $color-red; + } + + .usa-button-disabled { + color: $color-gray-medium; + background-color: $color-gray-lightest; + box-shadow: inset 0 0 0 1px $color-gray-medium; + } + + button { + padding: 0; + margin: 0; + font-size: 1.5rem; + width: 11rem; + height: 3rem; + } } .green { @@ -246,11 +264,35 @@ font-size: 1.2rem; } } + + .usa-input.usa-input--success { + margin: 0; + } + + select { + border: none; + } } .add-member-link { text-align: right; } + + .usa-button-primary .usa-button { + padding: 2 * $gap; + float: right; + } + } + + input.usa-button.usa-button-primary { + margin: 0; + width: 9rem; + height: 4rem; + } + + .members-table-footer { + float: right; + padding: 3 * $gap; } } diff --git a/templates/components/options_input.html b/templates/components/options_input.html index d2b52e07..bda1805b 100644 --- a/templates/components/options_input.html +++ b/templates/components/options_input.html @@ -1,7 +1,7 @@ {% from "components/icon.html" import Icon %} {% from "components/tooltip.html" import Tooltip %} -{% macro OptionsInput(field, tooltip, inline=False) -%} +{% macro OptionsInput(field, tooltip, inline=False, label=True) -%}
- -
- {{ field.label | striptags}} - {% if tooltip %}{{ Tooltip(tooltip) }}{% endif %} -
+ {% if label %} + +
+ {{ field.label | striptags}} + {% if tooltip %}{{ Tooltip(tooltip) }}{% endif %} +
- {% if field.description %} - {{ field.description | safe }} - {% endif %} + {% if field.description %} + {{ field.description | safe }} + {% endif %} - {{ Icon('alert',classes="icon-validation") }} - {{ Icon('ok',classes="icon-validation") }} - + {{ Icon('alert',classes="icon-validation") }} + {{ Icon('ok',classes="icon-validation") }} + + {% endif %} {{ field() }} diff --git a/templates/fragments/admin/members_edit.html b/templates/fragments/admin/members_edit.html new file mode 100644 index 00000000..c64dafcb --- /dev/null +++ b/templates/fragments/admin/members_edit.html @@ -0,0 +1,20 @@ +{% for subform in member_perms_form.members_permissions %} + + {{ subform.member.data }} + {% if subform.member.data == user.full_name %} + (you) + {% set archive_button_class = 'usa-button-disabled' %} + {% else %} + {% set archive_button_class = 'usa-button-secondary' %} + {% endif %} + + + {{ OptionsInput(subform.perms_app_mgmt, label=False) }} + {{ OptionsInput(subform.perms_funding, label=False) }} + {{ OptionsInput(subform.perms_reporting, label=False) }} + {{ OptionsInput(subform.perms_portfolio_mgmt, label=False) }} + + + + +{% endfor %} diff --git a/templates/fragments/admin/members_view.html b/templates/fragments/admin/members_view.html new file mode 100644 index 00000000..33e66478 --- /dev/null +++ b/templates/fragments/admin/members_view.html @@ -0,0 +1,20 @@ +{% for subform in member_perms_form.members_permissions %} + + + {{ subform.member.data }} + {% if subform.member.data == user.full_name %} + (you) + {% endif %} + + {% set heading_perms = [subform.perms_app_mgmt, subform.perms_funding, subform.perms_reporting, subform.perms_portfolio_mgmt] %} + + {% for access in heading_perms %} + {% if dict(access.choices).get(access.data) == 'Edit Access' %} + Edit Access + {% else %} + View Only + {% endif %} + {% endfor %} + + +{% endfor %} diff --git a/templates/fragments/admin/portfolio_members.html b/templates/fragments/admin/portfolio_members.html index b9301368..5c7032a7 100644 --- a/templates/fragments/admin/portfolio_members.html +++ b/templates/fragments/admin/portfolio_members.html @@ -1,7 +1,10 @@ {% from "components/icon.html" import Icon %} +{% from "components/options_input.html" import OptionsInput %}
+
+
{{ "portfolios.admin.portfolio_members_title" | translate }}
@@ -35,30 +38,28 @@ - {% for member_data in members_data %} - - {{ member_data.member.user_name }} - {% if member_data.member.user == user %} - (you) - {% endif %} - - {% set heading_perms = [member_data.app_mgmt, member_data.funding, member_data.reporting, member_data.portfolio_mgmt] %} - - {% for has_perm in heading_perms %} - {% if has_perm %} - Edit Access - {% else %} - View Only - {% endif %} - {% endfor %} - - - {% endfor %} + {% if user_can(permissions.EDIT_PORTFOLIO_USERS) %} + {% include "fragments/admin/members_edit.html" %} + {% elif user_can(permissions.VIEW_PORTFOLIO_USERS) %} + {% include "fragments/admin/members_view.html" %} + {% endif %} + + {% if user_can(permissions.EDIT_PORTFOLIO_USERS) %} +
+ + {{ "portfolios.admin.add_member" | translate }} + {{ Icon('plus-circle-solid') }} + + +
+ {% endif %} + +
-{% endif %} + {% endif %}
diff --git a/templates/portfolios/admin.html b/templates/portfolios/admin.html index 25c3f445..2f0614a8 100644 --- a/templates/portfolios/admin.html +++ b/templates/portfolios/admin.html @@ -14,13 +14,14 @@
+ {% if user_can(permissions.VIEW_PORTFOLIO_NAME) %} -
- {{ form.csrf_token }} -
-
- {{ TextInput(form.name, validation="portfolioName") }} -
+ + {{ portfolio_form.csrf_token }} +
+
+ {{ TextInput(portfolio_form.name, validation="portfolioName") }} +
diff --git a/tests/routes/portfolios/test_admin.py b/tests/routes/portfolios/test_admin.py new file mode 100644 index 00000000..7f141fe8 --- /dev/null +++ b/tests/routes/portfolios/test_admin.py @@ -0,0 +1,28 @@ +from flask import url_for + +from atst.domain.permission_sets import PermissionSets + +from tests.factories import PortfolioFactory, PortfolioRoleFactory, UserFactory + + +def test_member_table_access(client, user_session): + admin = UserFactory.create() + portfolio = PortfolioFactory.create(owner=admin) + rando = UserFactory.create() + PortfolioRoleFactory.create( + user=rando, + portfolio=portfolio, + permission_sets=[PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_ADMIN)], + ) + + url = url_for("portfolios.portfolio_admin", portfolio_id=portfolio.id) + + # editable + user_session(admin) + edit_resp = client.get(url) + assert "