first cut of portfolio permission sets

atst/domain/roles.py

@@ -161,6 +161,90 @@ PORTFOLIO_ROLES = [
     },
 ]
 
+PORTFOLIO_PERMISSION_SETS = [
+    {
+        "name": "view_portfolio_application_management",
+        "description": "View applications and related resources",
+        "display_name": "Application Management",
+        "permissions": [
+            Permissions.VIEW_APPLICATION,
+            Permissions.VIEW_APPLICATION_MEMBER,
+            Permissions.VIEW_ENVIRONMENT,
+        ],
+    },
+    {
+        "name": "edit_portfolio_application_management",
+        "description": "Edit applications and related resources",
+        "display_name": "Application Management",
+        "permissions": [
+            Permissions.EDIT_APPLICATION,
+            Permissions.CREATE_APPLICATION,
+            Permissions.EDIT_APPLICATION_MEMBER,
+            Permissions.CREATE_APPLICATION_MEMBER,
+            Permissions.EDIT_ENVIRONMENT,
+            Permissions.CREATE_ENVIRONMENT,
+        ],
+    },
+    {
+        "name": "view_portfolio_funding",
+        "description": "View a portfolio's task orders",
+        "display_name": "Funding",
+        "permissions": [
+            Permissions.VIEW_PORTFOLIO_FUNDING,
+            Permissions.VIEW_TASK_ORDER_DETAILS,
+        ],
+    },
+    {
+        "name": "edit_portfolio_funding",
+        "description": "Edit a portfolio's task orders and add new ones",
+        "display_name": "Funding",
+        "permissions": [
+            Permissions.CREATE_TASK_ORDER,
+            Permissions.EDIT_TASK_ORDER_DETAILS,
+        ],
+    },
+    {
+        "name": "view_portfolio_reports",
+        "description": "View a portfolio's reports",
+        "display_name": "Reporting",
+        "permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
+    },
+    {
+        "name": "edit_portfolio_reports",
+        "description": "Edit a portfolio's reports (no-op)",
+        "display_name": "Reporting",
+        "permissions": [],
+    },
+    {
+        "name": "view_portfolio_admin",
+        "description": "View a portfolio's admin options",
+        "display_name": "Portfolio Administration",
+        "permissions": [
+            Permissions.VIEW_PORTFOLIO_ADMIN,
+            Permissions.VIEW_PORTFOLIO_NAME,
+            Permissions.VIEW_PORTFOLIO_USERS,
+            Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG,
+            Permissions.VIEW_PORTFOLIO_POC,
+        ],
+    },
+    {
+        "name": "edit_portfolio_admin",
+        "description": "Edit a portfolio's admin options",
+        "display_name": "Portfolio Administration",
+        "permissions": [
+            Permissions.EDIT_PORTFOLIO_NAME,
+            Permissions.EDIT_PORTFOLIO_USERS,
+            Permissions.CREATE_PORTFOLIO_USERS,
+        ],
+    },
+    {
+        "name": "portfolio_poc",
+        "description": "Permissions belonging to the Portfolio POC",
+        "display_name": "Portfolio Point of Contact",
+        "permissions": [Permissions.EDIT_PORTFOLIO_POC, Permissions.ARCHIVE_PORTFOLIO],
+    },
+]
+
 
 class Roles(object):
     @classmethod

atst/models/permissions.py

@@ -27,7 +27,6 @@ class Permissions(object):
     VIEW_ATAT_PERMISSIONS = "view_atat_permissions"
     TRANSFER_OWNERSHIP_OF_PORTFOLIO = "transfer_ownership_of_portfolio"
     VIEW_PORTFOLIO_MEMBERS = "view_portfolio_members"
-    VIEW_PORTFOLIO = "view_portfolio"
 
     ADD_APPLICATION_IN_PORTFOLIO = "add_application_in_portfolio"
     DELETE_APPLICATION_IN_PORTFOLIO = "delete_application_in_portfolio"
@@ -47,3 +46,43 @@ class Permissions(object):
     VIEW_TASK_ORDER = "view_task_order"
     UPDATE_TASK_ORDER = "update_task_order"
     ADD_TASK_ORDER_OFFICER = "add_task_order_officers"
+
+    # new portfolio permissions
+    # base portfolio perms
+    VIEW_PORTFOLIO = "view_portfolio"
+
+    # application management
+    VIEW_APPLICATION = "view_application"
+    EDIT_APPLICATION = "edit_application"
+    CREATE_APPLICATION = "create_application"
+    VIEW_APPLICATION_MEMBER = "view_application_member"
+    EDIT_APPLICATION_MEMBER = "edit_application_member"
+    CREATE_APPLICATION_MEMBER = "create_application_member"
+    VIEW_ENVIRONMENT = "view_environment"
+    EDIT_ENVIRONMENT = "edit_environment"
+    CREATE_ENVIRONMENT = "create_environment"
+
+    # funding
+    VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding"  # TO summary page
+    CREATE_TASK_ORDER = "create_task_order"  # create a new TO
+    VIEW_TASK_ORDER_DETAILS = "view_task_order_details"  # individual TO page
+    EDIT_TASK_ORDER_DETAILS = (
+        "edit_task_order_details"
+    )  # edit TO that has not been finalized
+
+    # reporting
+    VIEW_PORTFOLIO_REPORTS = "view_portfolio_reports"
+
+    # portfolio admin
+    VIEW_PORTFOLIO_ADMIN = "view_portfolio_admin"
+    VIEW_PORTFOLIO_NAME = "view_portfolio_name"
+    EDIT_PORTFOLIO_NAME = "edit_portfolio_name"
+    VIEW_PORTFOLIO_USERS = "view_portfolio_users"
+    EDIT_PORTFOLIO_USERS = "edit_portfolio_users"
+    CREATE_PORTFOLIO_USERS = "create_portfolio_users"
+    VIEW_PORTFOLIO_ACTIVITY_LOG = "view_portfolio_activity_log"
+    VIEW_PORTFOLIO_POC = "view_portfolio_poc"
+
+    # portfolio POC
+    EDIT_PORTFOLIO_POC = "edit_portfolio_poc"
+    ARCHIVE_PORTFOLIO = "archive_portfolio"

script/seed_roles.py

@@ -10,11 +10,11 @@ from sqlalchemy.orm.exc import NoResultFound
 from atst.app import make_config, make_app
 from atst.database import db
 from atst.models import Role, Permissions
-from atst.domain.roles import ATAT_ROLES, PORTFOLIO_ROLES
+from atst.domain.roles import ATAT_ROLES, PORTFOLIO_ROLES, PORTFOLIO_PERMISSION_SETS
 
 
 def seed_roles():
-    for role_info in ATAT_ROLES + PORTFOLIO_ROLES:
+    for role_info in ATAT_ROLES + PORTFOLIO_ROLES + PORTFOLIO_PERMISSION_SETS:
         role = Role(**role_info)
         try:
             existing_role = db.session.query(Role).filter_by(name=role.name).one()