pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

permission set names should be constants on the domain class

Browse Source
This commit is contained in:
dandds
2019-03-14 06:46:40 -04:00
parent d3c3209fc0
commit 78aa2dfcc6
12 changed files with 93 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
atst/domain/permission_sets.py
View File

@@ -5,6 +5,32 @@ from atst.models import PermissionSet, Permissions
from .exceptions import NotFoundError
class PermissionSets(object):
VIEW_PORTFOLIO = "view_portfolio"
VIEW_PORTFOLIO_APPLICATION_MANAGEMENT = "view_portfolio_application_management"
VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding"
VIEW_PORTFOLIO_REPORTS = "view_portfolio_reports"
VIEW_PORTFOLIO_ADMIN = "view_portfolio_admin"
EDIT_PORTFOLIO_APPLICATION_MANAGEMENT = "edit_portfolio_application_management"
EDIT_PORTFOLIO_FUNDING = "edit_portfolio_funding"
EDIT_PORTFOLIO_REPORTS = "edit_portfolio_reports"
EDIT_PORTFOLIO_ADMIN = "edit_portfolio_admin"
PORTFOLIO_POC = "portfolio_poc"
@classmethod
def get(cls, perms_set_name):
try:
role = db.session.query(PermissionSet).filter_by(name=perms_set_name).one()
except NoResultFound:
raise NotFoundError("permission_set")
return role
@classmethod
def get_all(cls):
return db.session.query(PermissionSet).all()
ATAT_ROLES = [
{
"name": "ccpo",
@@ -57,13 +83,13 @@ ATAT_ROLES = [
_VIEW_PORTFOLIO_PERMISSION_SETS = [
{
"name": "view_portfolio",
"name": PermissionSets.VIEW_PORTFOLIO,
"description": "View basic portfolio info",
"display_name": "View Portfolio",
"permissions": [Permissions.VIEW_PORTFOLIO],
},
{
"name": "view_portfolio_application_management",
"name": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
"description": "View applications and related resources",
"display_name": "Application Management",
"permissions": [
@@ -73,7 +99,7 @@ _VIEW_PORTFOLIO_PERMISSION_SETS = [
],
},
{
"name": "view_portfolio_funding",
"name": PermissionSets.VIEW_PORTFOLIO_FUNDING,
"description": "View a portfolio's task orders",
"display_name": "Funding",
"permissions": [
@@ -82,13 +108,13 @@ _VIEW_PORTFOLIO_PERMISSION_SETS = [
],
},
{
"name": "view_portfolio_reports",
"name": PermissionSets.VIEW_PORTFOLIO_REPORTS,
"description": "View a portfolio's reports",
"display_name": "Reporting",
"permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
},
{
"name": "view_portfolio_admin",
"name": PermissionSets.VIEW_PORTFOLIO_ADMIN,
"description": "View a portfolio's admin options",
"display_name": "Portfolio Administration",
"permissions": [
@@ -103,7 +129,7 @@ _VIEW_PORTFOLIO_PERMISSION_SETS = [
_EDIT_PORTFOLIO_PERMISSION_SETS = [
{
"name": "edit_portfolio_application_management",
"name": PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT,
"description": "Edit applications and related resources",
"display_name": "Application Management",
"permissions": [
@@ -116,7 +142,7 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
],
},
{
"name": "edit_portfolio_funding",
"name": PermissionSets.EDIT_PORTFOLIO_FUNDING,
"description": "Edit a portfolio's task orders and add new ones",
"display_name": "Funding",
"permissions": [
@@ -125,13 +151,13 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
],
},
{
"name": "edit_portfolio_reports",
"name": PermissionSets.EDIT_PORTFOLIO_REPORTS,
"description": "Edit a portfolio's reports (no-op)",
"display_name": "Reporting",
"permissions": [],
},
{
"name": "edit_portfolio_admin",
"name": PermissionSets.EDIT_PORTFOLIO_ADMIN,
"description": "Edit a portfolio's admin options",
"display_name": "Portfolio Administration",
"permissions": [
@@ -157,18 +183,3 @@ PORTFOLIO_PERMISSION_SETS = (
}
]
)
class PermissionSets(object):
@classmethod
def get(cls, perms_set_name):
try:
role = db.session.query(PermissionSet).filter_by(name=perms_set_name).one()
except NoResultFound:
raise NotFoundError("permission_set")
return role
@classmethod
def get_all(cls):
return db.session.query(PermissionSet).all()

8
atst/domain/portfolio_roles.py
View File

@@ -97,10 +97,10 @@ class PortfolioRoles(object):
return new_portfolio_role
_DEFAULT_PORTFOLIO_PERMS_SETS = {
"view_portfolio_application_management",
"view_portfolio_funding",
"view_portfolio_reports",
"view_portfolio_admin",
PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
PermissionSets.VIEW_PORTFOLIO_FUNDING,
PermissionSets.VIEW_PORTFOLIO_REPORTS,
PermissionSets.VIEW_PORTFOLIO_ADMIN,
}
@classmethod

4
atst/domain/task_orders.py
View File

@@ -7,6 +7,7 @@ from atst.models.permissions import Permissions
from atst.models.dd_254 import DD254
from atst.domain.portfolios import Portfolios
from atst.domain.authz import Authorization
from atst.domain.permission_sets import PermissionSets
from .exceptions import NotFoundError
@@ -174,8 +175,7 @@ class TaskOrders(object):
portfolio,
{
**officer_data,
"portfolio_role": "officer",
"permission_sets": ["edit_portfolio_funding"],
"permission_sets": [PermissionSets.EDIT_PORTFOLIO_FUNDING],
},
)
portfolio_user = member.user

17
atst/forms/portfolio_member.py
View File

@@ -2,6 +2,7 @@ from wtforms.fields import StringField
from wtforms.fields.html5 import EmailField
from wtforms.validators import Required, Email, Length
from atst.domain.permission_sets import PermissionSets
from .forms import BaseForm
from atst.forms.validators import IsNumber
from atst.forms.fields import SelectField
@@ -12,29 +13,29 @@ class PermissionsForm(BaseForm):
perms_app_mgmt = SelectField(
None,
choices=[
("view_portfolio_application_management", "View Only"),
("edit_portfolio_application_management", "Edit Access"),
(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT, "View Only"),
(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT, "Edit Access"),
],
)
perms_funding = SelectField(
None,
choices=[
("view_portfolio_funding", "View Only"),
("edit_portfolio_funding", "Edit Access"),
(PermissionSets.VIEW_PORTFOLIO_FUNDING, "View Only"),
(PermissionSets.EDIT_PORTFOLIO_FUNDING, "Edit Access"),
],
)
perms_reporting = SelectField(
None,
choices=[
("view_portfolio_reports", "View Only"),
("edit_portfolio_reports", "Edit Access"),
(PermissionSets.VIEW_PORTFOLIO_REPORTS, "View Only"),
(PermissionSets.EDIT_PORTFOLIO_REPORTS, "Edit Access"),
],
)
perms_portfolio_mgmt = SelectField(
None,
choices=[
("view_portfolio_admin", "View Only"),
("edit_portfolio_admin", "Edit Access"),
(PermissionSets.VIEW_PORTFOLIO_ADMIN, "View Only"),
(PermissionSets.EDIT_PORTFOLIO_ADMIN, "Edit Access"),
],
)

3
atst/models/portfolio.py
View File

@@ -4,6 +4,7 @@ from itertools import chain
from atst.models import Base, mixins, types
from atst.models.portfolio_role import PortfolioRole, Status as PortfolioRoleStatus
from atst.domain.permission_sets import PermissionSets
from atst.utils import first_or_none
from atst.database import db
@@ -23,7 +24,7 @@ class Portfolio(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
@property
def owner(self):
def _is_portfolio_owner(portfolio_role):
return "portfolio_poc" in [
return PermissionSets.PORTFOLIO_POC in [
perms_set.name for perms_set in portfolio_role.permission_sets
]