remove frontend role selection for edit member
This commit is contained in:
dandds
parent
0eb2d4fa3c
commit
720c227c32
@ -111,12 +111,13 @@ class PortfolioRoles(object):
|
||||
return [Roles.get(perms_set_name) for perms_set_name in perms_set_names]
|
||||
|
||||
@classmethod
|
||||
def update_role(cls, portfolio_role, role_name):
|
||||
new_role = Roles.get(role_name)
|
||||
portfolio_role.role = new_role
|
||||
def update(cls, portfolio_role, set_names):
|
||||
new_permission_sets = PortfolioRoles._permission_sets_for_names(set_names)
|
||||
portfolio_role.permission_sets = new_permission_sets
|
||||
|
||||
db.session.add(portfolio_role)
|
||||
db.session.commit()
|
||||
|
||||
return portfolio_role
|
||||
|
||||
@classmethod
|
||||
|
||||
@ -114,12 +114,13 @@ class Portfolios(object):
|
||||
return portfolio_role
|
||||
|
||||
@classmethod
|
||||
def update_member(cls, user, portfolio, member, role_name):
|
||||
def update_member(cls, user, portfolio, member, permission_sets):
|
||||
Authorization.check_portfolio_permission(
|
||||
user, portfolio, Permissions.EDIT_PORTFOLIO_USERS, "edit portfolio member"
|
||||
)
|
||||
|
||||
return PortfolioRoles.update_role(member, role_name)
|
||||
# need to update perms sets here
|
||||
return PortfolioRoles.update(member, permission_sets)
|
||||
|
||||
@classmethod
|
||||
def _create_portfolio_role(
|
||||
|
||||
@ -1,18 +0,0 @@
|
||||
from wtforms.validators import Required
|
||||
|
||||
from .forms import BaseForm
|
||||
from atst.forms.fields import SelectField
|
||||
from atst.utils.localization import translate
|
||||
|
||||
from .data import PORTFOLIO_ROLES
|
||||
|
||||
|
||||
class EditMemberForm(BaseForm):
|
||||
# This form also accepts a field for each environment in each application
|
||||
# that the user is a member of
|
||||
|
||||
portfolio_role = SelectField(
|
||||
translate("forms.edit_member.portfolio_role_label"),
|
||||
choices=PORTFOLIO_ROLES,
|
||||
validators=[Required()],
|
||||
)
|
||||
@ -1,63 +0,0 @@
|
||||
from wtforms.fields import StringField
|
||||
from wtforms.fields.html5 import EmailField
|
||||
from wtforms.validators import Required, Email, Length
|
||||
|
||||
from .forms import BaseForm
|
||||
from atst.forms.validators import IsNumber
|
||||
from atst.forms.fields import SelectField
|
||||
from atst.utils.localization import translate
|
||||
|
||||
|
||||
class NewMemberForm(BaseForm):
|
||||
|
||||
first_name = StringField(
|
||||
label=translate("forms.new_member.first_name_label"), validators=[Required()]
|
||||
)
|
||||
last_name = StringField(
|
||||
label=translate("forms.new_member.last_name_label"), validators=[Required()]
|
||||
)
|
||||
email = EmailField(
|
||||
translate("forms.new_member.email_label"), validators=[Required(), Email()]
|
||||
)
|
||||
dod_id = StringField(
|
||||
translate("forms.new_member.dod_id_label"),
|
||||
validators=[Required(), Length(min=10), IsNumber()],
|
||||
)
|
||||
perms_app_mgmt = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_application_management", "View Only"),
|
||||
("edit_portfolio_application_management", "Edit Access"),
|
||||
],
|
||||
)
|
||||
perms_funding = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_funding", "View Only"),
|
||||
("edit_portfolio_funding", "Edit Access"),
|
||||
],
|
||||
)
|
||||
perms_reporting = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_reports", "View Only"),
|
||||
("edit_portfolio_reports", "Edit Access"),
|
||||
],
|
||||
)
|
||||
perms_portfolio_mgmt = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_admin", "View Only"),
|
||||
("edit_portfolio_admin", "Edit Access"),
|
||||
],
|
||||
)
|
||||
|
||||
@property
|
||||
def data(self):
|
||||
_data = super().data
|
||||
_data["permission_sets"] = []
|
||||
for field in _data:
|
||||
if "perms" in field:
|
||||
_data["permission_sets"].append(_data[field])
|
||||
|
||||
return _data
|
||||
71
atst/forms/portfolio_member.py
Normal file
71
atst/forms/portfolio_member.py
Normal file
@ -0,0 +1,71 @@
|
||||
from wtforms.fields import StringField
|
||||
from wtforms.fields.html5 import EmailField
|
||||
from wtforms.validators import Required, Email, Length
|
||||
|
||||
from .forms import BaseForm
|
||||
from atst.forms.validators import IsNumber
|
||||
from atst.forms.fields import SelectField
|
||||
from atst.utils.localization import translate
|
||||
|
||||
|
||||
class PermissionsForm(BaseForm):
|
||||
perms_app_mgmt = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_application_management", "View Only"),
|
||||
("edit_portfolio_application_management", "Edit Access"),
|
||||
],
|
||||
)
|
||||
perms_funding = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_funding", "View Only"),
|
||||
("edit_portfolio_funding", "Edit Access"),
|
||||
],
|
||||
)
|
||||
perms_reporting = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_reports", "View Only"),
|
||||
("edit_portfolio_reports", "Edit Access"),
|
||||
],
|
||||
)
|
||||
perms_portfolio_mgmt = SelectField(
|
||||
None,
|
||||
choices=[
|
||||
("view_portfolio_admin", "View Only"),
|
||||
("edit_portfolio_admin", "Edit Access"),
|
||||
],
|
||||
)
|
||||
|
||||
@property
|
||||
def data(self):
|
||||
_data = super().data
|
||||
_data["permission_sets"] = []
|
||||
for field in _data:
|
||||
if "perms" in field:
|
||||
_data["permission_sets"].append(_data[field])
|
||||
|
||||
return _data
|
||||
|
||||
|
||||
class EditForm(PermissionsForm):
|
||||
# This form also accepts a field for each environment in each application
|
||||
# that the user is a member of
|
||||
pass
|
||||
|
||||
|
||||
class NewForm(PermissionsForm):
|
||||
first_name = StringField(
|
||||
label=translate("forms.new_member.first_name_label"), validators=[Required()]
|
||||
)
|
||||
last_name = StringField(
|
||||
label=translate("forms.new_member.last_name_label"), validators=[Required()]
|
||||
)
|
||||
email = EmailField(
|
||||
translate("forms.new_member.email_label"), validators=[Required(), Email()]
|
||||
)
|
||||
dod_id = StringField(
|
||||
translate("forms.new_member.dod_id_label"),
|
||||
validators=[Required(), Length(min=10), IsNumber()],
|
||||
)
|
||||
@ -10,8 +10,7 @@ from atst.domain.portfolio_roles import PortfolioRoles, MEMBER_STATUS_CHOICES
|
||||
from atst.domain.environments import Environments
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.services.invitation import Invitation as InvitationService
|
||||
from atst.forms.new_member import NewMemberForm
|
||||
from atst.forms.edit_member import EditMemberForm
|
||||
import atst.forms.portfolio_member as member_forms
|
||||
from atst.forms.data import (
|
||||
ENVIRONMENT_ROLES,
|
||||
ENV_ROLE_MODAL_DESCRIPTION,
|
||||
@ -70,7 +69,7 @@ def application_members(portfolio_id, application_id):
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/members/new")
|
||||
def new_member(portfolio_id):
|
||||
portfolio = Portfolios.get(g.current_user, portfolio_id)
|
||||
form = NewMemberForm()
|
||||
form = member_forms.NewForm()
|
||||
return render_template(
|
||||
"portfolios/members/new.html", portfolio=portfolio, form=form
|
||||
)
|
||||
@ -79,7 +78,7 @@ def new_member(portfolio_id):
|
||||
@portfolios_bp.route("/portfolios/<portfolio_id>/members/new", methods=["POST"])
|
||||
def create_member(portfolio_id):
|
||||
portfolio = Portfolios.get(g.current_user, portfolio_id)
|
||||
form = NewMemberForm(http_request.form)
|
||||
form = member_forms.NewForm(http_request.form)
|
||||
|
||||
if form.validate():
|
||||
try:
|
||||
@ -115,7 +114,7 @@ def view_member(portfolio_id, member_id):
|
||||
)
|
||||
member = PortfolioRoles.get(portfolio_id, member_id)
|
||||
applications = Applications.get_all(g.current_user, member, portfolio)
|
||||
form = EditMemberForm(portfolio_role="admin")
|
||||
form = member_forms.EditForm(portfolio_role="admin")
|
||||
editable = g.current_user == member.user
|
||||
can_revoke_access = Portfolios.can_revoke_access_for(portfolio, member)
|
||||
|
||||
@ -157,20 +156,11 @@ def update_member(portfolio_id, member_id):
|
||||
env_role = form_dict[entry] or None
|
||||
ids_and_roles.append({"id": env_id, "role": env_role})
|
||||
|
||||
form = EditMemberForm(http_request.form)
|
||||
form = member_forms.EditForm(http_request.form)
|
||||
if form.validate():
|
||||
new_role_name = None
|
||||
if form.data["portfolio_role"] != member.role.name:
|
||||
member = Portfolios.update_member(
|
||||
g.current_user, portfolio, member, form.data["portfolio_role"]
|
||||
)
|
||||
new_role_name = member.role_displayname
|
||||
flash(
|
||||
"portfolio_role_updated",
|
||||
member_name=member.user_name,
|
||||
updated_role=new_role_name,
|
||||
)
|
||||
|
||||
member = Portfolios.update_member(
|
||||
g.current_user, portfolio, member, form.data["permission_sets"]
|
||||
)
|
||||
updated_roles = Environments.update_environment_roles(
|
||||
g.current_user, portfolio, member, ids_and_roles
|
||||
)
|
||||
|
||||
@ -21,7 +21,30 @@
|
||||
<h1 class='member-card__heading'>{{ member.user.full_name }}</h1>
|
||||
|
||||
<div class="usa-input member-card__input">
|
||||
{{ Selector(form.portfolio_role) }}
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{{ "portfolios.members.permissions.app_mgmt" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.funding" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.reporting" | translate }}</th>
|
||||
<th>{{ "portfolios.members.permissions.portfolio_mgmt" | translate }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<td>
|
||||
{{ form.perms_app_mgmt() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_funding() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_reporting() }}
|
||||
</td>
|
||||
<td>
|
||||
{{ form.perms_portfolio_mgmt() }}
|
||||
</td>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
@ -114,10 +114,10 @@ def test_update_portfolio_role_role(portfolio, portfolio_owner):
|
||||
}
|
||||
PortfolioRoleFactory._meta.sqlalchemy_session_persistence = "flush"
|
||||
member = PortfolioRoleFactory.create(portfolio=portfolio)
|
||||
role_name = "admin"
|
||||
permission_sets = ["edit_portfolio_funding"]
|
||||
|
||||
updated_member = Portfolios.update_member(
|
||||
portfolio_owner, portfolio, member, role_name
|
||||
portfolio_owner, portfolio, member, permission_sets=permission_sets
|
||||
)
|
||||
assert updated_member.portfolio == portfolio
|
||||
|
||||
|
||||
@ -12,10 +12,18 @@ from atst.domain.portfolio_roles import PortfolioRoles
|
||||
from atst.domain.applications import Applications
|
||||
from atst.domain.environments import Environments
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.domain.roles import Roles
|
||||
from atst.queue import queue
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
from atst.models.invitation import Status as InvitationStatus
|
||||
|
||||
_DEFAULT_PERMS_FORM_DATA = {
|
||||
"perms_app_mgmt": "view_portfolio_application_management",
|
||||
"perms_funding": "view_portfolio_funding",
|
||||
"perms_reporting": "view_portfolio_reports",
|
||||
"perms_portfolio_mgmt": "view_portfolio_admin",
|
||||
}
|
||||
|
||||
|
||||
def create_portfolio_and_invite_user(
|
||||
ws_role="developer",
|
||||
@ -90,10 +98,7 @@ def test_create_member(client, user_session):
|
||||
"last_name": "Zuckerman",
|
||||
"email": "some_pig@zuckermans.com",
|
||||
"portfolio_role": "developer",
|
||||
"perms_app_mgmt": "view_portfolio_application_management",
|
||||
"perms_funding": "view_portfolio_funding",
|
||||
"perms_reporting": "view_portfolio_reports",
|
||||
"perms_portfolio_mgmt": "view_portfolio_admin",
|
||||
**_DEFAULT_PERMS_FORM_DATA,
|
||||
},
|
||||
follow_redirects=True,
|
||||
)
|
||||
@ -121,7 +126,6 @@ def test_view_member_shows_role(client, user_session):
|
||||
assert "initial-choice='developer'".encode() in response.data
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="need to re-implement for permission set changes")
|
||||
def test_update_member_portfolio_role(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
@ -131,20 +135,20 @@ def test_update_member_portfolio_role(client, user_session):
|
||||
url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
||||
),
|
||||
data={"portfolio_role": "security_auditor"},
|
||||
data={**_DEFAULT_PERMS_FORM_DATA, "perms_funding": "edit_portfolio_funding"},
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert b"role updated successfully" in response.data
|
||||
assert member.role_name == "security_auditor"
|
||||
edit_funding = Roles.get("edit_portfolio_funding")
|
||||
assert edit_funding in member.permission_sets
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="update member permission sets not implemented")
|
||||
def test_update_member_portfolio_role_with_no_data(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
member = PortfolioRoles.add(user, portfolio.id)
|
||||
user_session(portfolio.owner)
|
||||
original_perms_len = len(member.permission_sets)
|
||||
response = client.post(
|
||||
url_for(
|
||||
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
||||
@ -153,10 +157,9 @@ def test_update_member_portfolio_role_with_no_data(client, user_session):
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert member.role_name == "developer"
|
||||
assert len(member.permission_sets) == original_perms_len
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="update member permission sets not implemented")
|
||||
def test_update_member_environment_role(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
@ -180,6 +183,7 @@ def test_update_member_environment_role(client, user_session):
|
||||
data={
|
||||
"env_" + str(env1_id): "security_auditor",
|
||||
"env_" + str(env2_id): "devops",
|
||||
**_DEFAULT_PERMS_FORM_DATA,
|
||||
},
|
||||
follow_redirects=True,
|
||||
)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user