Ensure workspace access can be revoked
This commit is contained in:
richard-dds
parent
27cf1783e3
commit
8430b769f3
@ -1 +1 @@
|
||||
from .workspaces import Workspaces
|
||||
from .workspaces import Workspaces, WorkspaceError
|
||||
|
||||
@ -10,6 +10,10 @@ from .query import WorkspacesQuery
|
||||
from .scopes import ScopedWorkspace
|
||||
|
||||
|
||||
class WorkspaceError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class Workspaces(object):
|
||||
@classmethod
|
||||
def create(cls, request, name=None):
|
||||
@ -140,6 +144,10 @@ class Workspaces(object):
|
||||
|
||||
WorkspacesQuery.add_and_commit(workspace)
|
||||
|
||||
@classmethod
|
||||
def can_revoke_access(cls, workspace, workspace_role):
|
||||
return workspace_role.user != workspace.owner
|
||||
|
||||
@classmethod
|
||||
def revoke_access(cls, user, workspace_id, workspace_role_id):
|
||||
workspace = WorkspacesQuery.get(workspace_id)
|
||||
@ -150,8 +158,14 @@ class Workspaces(object):
|
||||
"revoke workspace access",
|
||||
)
|
||||
workspace_role = WorkspaceRoles.get_by_id(workspace_role_id)
|
||||
|
||||
if not Workspaces.can_revoke_access(workspace, workspace_role):
|
||||
raise WorkspaceError()
|
||||
|
||||
workspace_role.status = WorkspaceRoleStatus.DISABLED
|
||||
for environment in workspace.all_environments:
|
||||
# TODO: Implement Environments.revoke_access
|
||||
Environments.revoke_access(user, environment, workspace_role.user)
|
||||
return WorkspacesQuery.add_and_commit(workspace_role)
|
||||
WorkspacesQuery.add_and_commit(workspace_role)
|
||||
|
||||
return workspace_role
|
||||
|
||||
@ -8,6 +8,7 @@ from atst.domain.invitations import (
|
||||
ExpiredError as InvitationExpiredError,
|
||||
WrongUserError as InvitationWrongUserError,
|
||||
)
|
||||
from atst.domain.workspaces import WorkspaceError
|
||||
|
||||
|
||||
def log_error(e):
|
||||
@ -24,6 +25,7 @@ def make_error_pages(app):
|
||||
@app.errorhandler(werkzeug_exceptions.NotFound)
|
||||
@app.errorhandler(exceptions.NotFoundError)
|
||||
@app.errorhandler(exceptions.UnauthorizedError)
|
||||
@app.errorhandler(WorkspaceError)
|
||||
# pylint: disable=unused-variable
|
||||
def not_found(e):
|
||||
return handle_error(e)
|
||||
|
||||
@ -53,12 +53,14 @@
|
||||
confirm_msg="Are you sure? This will send an email to invite the user to join this workspace."
|
||||
)}}
|
||||
{% endif %}
|
||||
{% if can_revoke_access %}
|
||||
{{ ConfirmationButton (
|
||||
"Remove Workspace Access",
|
||||
url_for("workspaces.revoke_access", workspace_id=workspace.id, member_id=member.id),
|
||||
form.csrf_token,
|
||||
confirm_msg="Are you sure? This will remove this user from the workspace.",
|
||||
)}}
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -2,7 +2,7 @@ import pytest
|
||||
from uuid import uuid4
|
||||
|
||||
from atst.domain.exceptions import NotFoundError, UnauthorizedError
|
||||
from atst.domain.workspaces import Workspaces
|
||||
from atst.domain.workspaces import Workspaces, WorkspaceError
|
||||
from atst.domain.workspace_roles import WorkspaceRoles
|
||||
from atst.domain.projects import Projects
|
||||
from atst.domain.environments import Environments
|
||||
@ -304,13 +304,30 @@ def test_can_create_workspaces_with_matching_names():
|
||||
Workspaces.create(RequestFactory.create(), name=workspace_name)
|
||||
|
||||
|
||||
def test_can_remove_workspace_access():
|
||||
def test_can_revoke_workspace_access():
|
||||
workspace = WorkspaceFactory.create()
|
||||
workspace_role = WorkspaceRoleFactory.create(workspace=workspace)
|
||||
Workspaces.revoke_access(workspace.owner, workspace.id, workspace_role.id)
|
||||
assert Workspaces.for_user(workspace_role.user) == []
|
||||
|
||||
|
||||
def test_can_revoke_access():
|
||||
workspace = WorkspaceFactory.create()
|
||||
owner_role = workspace.roles[0]
|
||||
workspace_role = WorkspaceRoleFactory.create(workspace=workspace)
|
||||
|
||||
assert Workspaces.can_revoke_access(workspace, workspace_role)
|
||||
assert not Workspaces.can_revoke_access(workspace, owner_role)
|
||||
|
||||
|
||||
def test_cant_revoke_owner_workspace_access():
|
||||
workspace = WorkspaceFactory.create()
|
||||
owner_workspace_role = workspace.roles[0]
|
||||
|
||||
with pytest.raises(WorkspaceError):
|
||||
Workspaces.revoke_access(workspace.owner, workspace.id, owner_workspace_role.id)
|
||||
|
||||
|
||||
def test_disabled_members_dont_show_up(session):
|
||||
workspace = WorkspaceFactory.create()
|
||||
WorkspaceRoleFactory.create(workspace=workspace, status=WorkspaceRoleStatus.ACTIVE)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user