pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure workspace access can be revoked

Browse Source
This commit is contained in:
richard-dds
2018-11-26 11:58:32 -05:00
parent 27cf1783e3
commit 8430b769f3
5 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
atst/domain/workspaces/__init__.py
View File

@@ -1 +1 @@
from .workspaces import Workspaces
from .workspaces import Workspaces, WorkspaceError

16
atst/domain/workspaces/workspaces.py
View File

@@ -10,6 +10,10 @@ from .query import WorkspacesQuery
from .scopes import ScopedWorkspace
class WorkspaceError(Exception):
pass
class Workspaces(object):
@classmethod
def create(cls, request, name=None):
@@ -140,6 +144,10 @@ class Workspaces(object):
WorkspacesQuery.add_and_commit(workspace)
@classmethod
def can_revoke_access(cls, workspace, workspace_role):
return workspace_role.user != workspace.owner
@classmethod
def revoke_access(cls, user, workspace_id, workspace_role_id):
workspace = WorkspacesQuery.get(workspace_id)
@@ -150,8 +158,14 @@ class Workspaces(object):
"revoke workspace access",
)
workspace_role = WorkspaceRoles.get_by_id(workspace_role_id)
if not Workspaces.can_revoke_access(workspace, workspace_role):
raise WorkspaceError()
workspace_role.status = WorkspaceRoleStatus.DISABLED
for environment in workspace.all_environments:
# TODO: Implement Environments.revoke_access
Environments.revoke_access(user, environment, workspace_role.user)
return WorkspacesQuery.add_and_commit(workspace_role)
WorkspacesQuery.add_and_commit(workspace_role)
return workspace_role