diff --git a/atst/domain/roles.py b/atst/domain/roles.py index 12d9a6c6..49a78135 100644 --- a/atst/domain/roles.py +++ b/atst/domain/roles.py @@ -161,6 +161,90 @@ PORTFOLIO_ROLES = [ }, ] +PORTFOLIO_PERMISSION_SETS = [ + { + "name": "view_portfolio_application_management", + "description": "View applications and related resources", + "display_name": "Application Management", + "permissions": [ + Permissions.VIEW_APPLICATION, + Permissions.VIEW_APPLICATION_MEMBER, + Permissions.VIEW_ENVIRONMENT, + ], + }, + { + "name": "edit_portfolio_application_management", + "description": "Edit applications and related resources", + "display_name": "Application Management", + "permissions": [ + Permissions.EDIT_APPLICATION, + Permissions.CREATE_APPLICATION, + Permissions.EDIT_APPLICATION_MEMBER, + Permissions.CREATE_APPLICATION_MEMBER, + Permissions.EDIT_ENVIRONMENT, + Permissions.CREATE_ENVIRONMENT, + ], + }, + { + "name": "view_portfolio_funding", + "description": "View a portfolio's task orders", + "display_name": "Funding", + "permissions": [ + Permissions.VIEW_PORTFOLIO_FUNDING, + Permissions.VIEW_TASK_ORDER_DETAILS, + ], + }, + { + "name": "edit_portfolio_funding", + "description": "Edit a portfolio's task orders and add new ones", + "display_name": "Funding", + "permissions": [ + Permissions.CREATE_TASK_ORDER, + Permissions.EDIT_TASK_ORDER_DETAILS, + ], + }, + { + "name": "view_portfolio_reports", + "description": "View a portfolio's reports", + "display_name": "Reporting", + "permissions": [Permissions.VIEW_PORTFOLIO_REPORTS], + }, + { + "name": "edit_portfolio_reports", + "description": "Edit a portfolio's reports (no-op)", + "display_name": "Reporting", + "permissions": [], + }, + { + "name": "view_portfolio_admin", + "description": "View a portfolio's admin options", + "display_name": "Portfolio Administration", + "permissions": [ + Permissions.VIEW_PORTFOLIO_ADMIN, + Permissions.VIEW_PORTFOLIO_NAME, + Permissions.VIEW_PORTFOLIO_USERS, + Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG, + Permissions.VIEW_PORTFOLIO_POC, + ], + }, + { + "name": "edit_portfolio_admin", + "description": "Edit a portfolio's admin options", + "display_name": "Portfolio Administration", + "permissions": [ + Permissions.EDIT_PORTFOLIO_NAME, + Permissions.EDIT_PORTFOLIO_USERS, + Permissions.CREATE_PORTFOLIO_USERS, + ], + }, + { + "name": "portfolio_poc", + "description": "Permissions belonging to the Portfolio POC", + "display_name": "Portfolio Point of Contact", + "permissions": [Permissions.EDIT_PORTFOLIO_POC, Permissions.ARCHIVE_PORTFOLIO], + }, +] + class Roles(object): @classmethod diff --git a/atst/models/permissions.py b/atst/models/permissions.py index 77d8ffa7..95c504f1 100644 --- a/atst/models/permissions.py +++ b/atst/models/permissions.py @@ -27,7 +27,6 @@ class Permissions(object): VIEW_ATAT_PERMISSIONS = "view_atat_permissions" TRANSFER_OWNERSHIP_OF_PORTFOLIO = "transfer_ownership_of_portfolio" VIEW_PORTFOLIO_MEMBERS = "view_portfolio_members" - VIEW_PORTFOLIO = "view_portfolio" ADD_APPLICATION_IN_PORTFOLIO = "add_application_in_portfolio" DELETE_APPLICATION_IN_PORTFOLIO = "delete_application_in_portfolio" @@ -47,3 +46,43 @@ class Permissions(object): VIEW_TASK_ORDER = "view_task_order" UPDATE_TASK_ORDER = "update_task_order" ADD_TASK_ORDER_OFFICER = "add_task_order_officers" + + # new portfolio permissions + # base portfolio perms + VIEW_PORTFOLIO = "view_portfolio" + + # application management + VIEW_APPLICATION = "view_application" + EDIT_APPLICATION = "edit_application" + CREATE_APPLICATION = "create_application" + VIEW_APPLICATION_MEMBER = "view_application_member" + EDIT_APPLICATION_MEMBER = "edit_application_member" + CREATE_APPLICATION_MEMBER = "create_application_member" + VIEW_ENVIRONMENT = "view_environment" + EDIT_ENVIRONMENT = "edit_environment" + CREATE_ENVIRONMENT = "create_environment" + + # funding + VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding" # TO summary page + CREATE_TASK_ORDER = "create_task_order" # create a new TO + VIEW_TASK_ORDER_DETAILS = "view_task_order_details" # individual TO page + EDIT_TASK_ORDER_DETAILS = ( + "edit_task_order_details" + ) # edit TO that has not been finalized + + # reporting + VIEW_PORTFOLIO_REPORTS = "view_portfolio_reports" + + # portfolio admin + VIEW_PORTFOLIO_ADMIN = "view_portfolio_admin" + VIEW_PORTFOLIO_NAME = "view_portfolio_name" + EDIT_PORTFOLIO_NAME = "edit_portfolio_name" + VIEW_PORTFOLIO_USERS = "view_portfolio_users" + EDIT_PORTFOLIO_USERS = "edit_portfolio_users" + CREATE_PORTFOLIO_USERS = "create_portfolio_users" + VIEW_PORTFOLIO_ACTIVITY_LOG = "view_portfolio_activity_log" + VIEW_PORTFOLIO_POC = "view_portfolio_poc" + + # portfolio POC + EDIT_PORTFOLIO_POC = "edit_portfolio_poc" + ARCHIVE_PORTFOLIO = "archive_portfolio" diff --git a/script/seed_roles.py b/script/seed_roles.py index 00b96920..5e1cb4f1 100755 --- a/script/seed_roles.py +++ b/script/seed_roles.py @@ -10,11 +10,11 @@ from sqlalchemy.orm.exc import NoResultFound from atst.app import make_config, make_app from atst.database import db from atst.models import Role, Permissions -from atst.domain.roles import ATAT_ROLES, PORTFOLIO_ROLES +from atst.domain.roles import ATAT_ROLES, PORTFOLIO_ROLES, PORTFOLIO_PERMISSION_SETS def seed_roles(): - for role_info in ATAT_ROLES + PORTFOLIO_ROLES: + for role_info in ATAT_ROLES + PORTFOLIO_ROLES + PORTFOLIO_PERMISSION_SETS: role = Role(**role_info) try: existing_role = db.session.query(Role).filter_by(name=role.name).one()