pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rearrange and rename application routes.

Browse Source 
- move application routes to their own Flask blueprint
- squash application routes to be resource-specific
- reorganize application routes
This commit is contained in:
dandds 2019-04-18 14:54:45 -04:00
parent ed25078c39
commit 849c5d4b58
24 changed files with 583 additions and 646 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
atst/app.py
View File

@ -14,6 +14,7 @@ from atst.filters import register_filters
from atst.routes import bp
from atst.routes.portfolios import portfolios_bp as portfolio_routes
from atst.routes.task_orders import task_orders_bp
from atst.routes.applications import applications_bp
from atst.routes.dev import bp as dev_routes
from atst.routes.users import bp as user_routes
from atst.routes.errors import make_error_pages
@ -71,6 +72,7 @@ def make_app(config):
app.register_blueprint(bp)
app.register_blueprint(portfolio_routes)
app.register_blueprint(task_orders_bp)
app.register_blueprint(applications_bp)
app.register_blueprint(user_routes)
if ENV != "prod":

21
atst/domain/environment_roles.py
View File

@ -1,9 +1,7 @@
from flask import current_app as app
from sqlalchemy.orm.exc import NoResultFound
from atst.database import db
from atst.domain.exceptions import NotFoundError
from atst.models import EnvironmentRole, Environment, Application
from atst.models import EnvironmentRole
class EnvironmentRoles(object):
@ -15,23 +13,6 @@ class EnvironmentRoles(object):
app.csp.cloud.create_role(env_role)
return env_role
@classmethod
def get_for_portfolio(cls, user_id, environment_id, portfolio_id):
try:
return (
db.session.query(EnvironmentRole)
.join(Environment, EnvironmentRole.environment_id == Environment.id)
.join(Application, Environment.application_id == Application.id)
.filter(
EnvironmentRole.user_id == user_id,
EnvironmentRole.environment_id == environment_id,
Application.portfolio_id == portfolio_id,
)
.one()
)
except NoResultFound:
raise NotFoundError("environment_role")
@classmethod
def get(cls, user_id, environment_id):
existing_env_role = (

6
atst/routes/__init__.py
View File

@ -76,14 +76,16 @@ def home():
)
else:
return redirect(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio_id)
url_for(
"applications.portfolio_applications", portfolio_id=portfolio_id
)
)
else:
portfolios = Portfolios.for_user(g.current_user)
first_portfolio = sorted(portfolios, key=lambda portfolio: portfolio.name)[0]
return redirect(
url_for(
"portfolios.portfolio_applications", portfolio_id=first_portfolio.id
"applications.portfolio_applications", portfolio_id=first_portfolio.id
)
)

32
atst/routes/applications/__init__.py Normal file
View File

@ -0,0 +1,32 @@
from flask import Blueprint, current_app as app, g, redirect, url_for
applications_bp = Blueprint("applications", __name__)
from . import index
from . import new
from . import settings
from . import team
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.exceptions import UnauthorizedError
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
from atst.utils.context_processors import portfolio as portfolio_context_processor
applications_bp.context_processor(portfolio_context_processor)
def wrap_environment_role_lookup(user, environment_id=None, **kwargs):
env_role = EnvironmentRoles.get(user.id, environment_id)
if not env_role:
raise UnauthorizedError(user, "access environment {}".format(environment_id))
return True
@applications_bp.route("/environments/<environment_id>/access")
@user_can(None, override=wrap_environment_role_lookup, message="access environment")
def access_environment(environment_id):
env_role = EnvironmentRoles.get(g.current_user.id, environment_id)
token = app.csp.cloud.get_access_token(env_role)
return redirect(url_for("atst.csp_environment_access", token=token))

11
atst/routes/applications/index.py Normal file
View File

@ -0,0 +1,11 @@
from flask import render_template
from . import applications_bp
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
@applications_bp.route("/portfolios/<portfolio_id>/applications")
@user_can(Permissions.VIEW_APPLICATION, message="view portfolio applications")
def portfolio_applications(portfolio_id):
return render_template("portfolios/applications/index.html")

36
atst/routes/applications/new.py Normal file
View File

@ -0,0 +1,36 @@
from flask import redirect, render_template, request as http_request, url_for
from . import applications_bp
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.forms.application import NewApplicationForm
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
@applications_bp.route("/portfolios/<portfolio_id>/applications/new")
@user_can(Permissions.CREATE_APPLICATION, message="view create new application form")
def new(portfolio_id):
form = NewApplicationForm()
return render_template("portfolios/applications/new.html", form=form)
@applications_bp.route("/portfolios/<portfolio_id>/applications", methods=["POST"])
@user_can(Permissions.CREATE_APPLICATION, message="create new application")
def create(portfolio_id):
portfolio = Portfolios.get_for_update(portfolio_id)
form = NewApplicationForm(http_request.form)
if form.validate():
application_data = form.data
Applications.create(
portfolio,
application_data["name"],
application_data["description"],
application_data["environment_names"],
)
return redirect(
url_for("applications.portfolio_applications", portfolio_id=portfolio_id)
)
else:
return render_template("portfolios/applications/new.html", form=form)

76
atst/routes/applications/settings.py Normal file
View File

@ -0,0 +1,76 @@
from flask import redirect, render_template, request as http_request, url_for
from . import applications_bp
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.applications import Applications
from atst.forms.application import ApplicationForm
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
from atst.utils.flash import formatted_flash as flash
def get_environments_obj_for_app(application):
environments_obj = {}
for env in application.environments:
environments_obj[env.name] = []
for user in env.users:
env_role = EnvironmentRoles.get(user.id, env.id)
environments_obj[env.name].append(
{"name": user.full_name, "role": env_role.displayname}
)
return environments_obj
@applications_bp.route("/applications/<application_id>/settings")
@user_can(Permissions.VIEW_APPLICATION, message="view application edit form")
def settings(application_id):
application = Applications.get(application_id)
form = ApplicationForm(name=application.name, description=application.description)
return render_template(
"portfolios/applications/edit.html",
application=application,
form=form,
environments_obj=get_environments_obj_for_app(application=application),
)
@applications_bp.route("/applications/<application_id>/edit", methods=["POST"])
@user_can(Permissions.EDIT_APPLICATION, message="update application")
def update(application_id):
application = Applications.get(application_id)
form = ApplicationForm(http_request.form)
if form.validate():
application_data = form.data
Applications.update(application, application_data)
return redirect(
url_for(
"applications.portfolio_applications",
portfolio_id=application.portfolio_id,
)
)
else:
return render_template(
"portfolios/applications/edit.html",
application=application,
form=form,
environments_obj=get_environments_obj_for_app(application=application),
)
@applications_bp.route("/applications/<application_id>/delete", methods=["POST"])
@user_can(Permissions.DELETE_APPLICATION, message="delete application")
def delete(application_id):
application = Applications.get(application_id)
Applications.delete(application)
flash("application_deleted", application_name=application.name)
return redirect(
url_for(
"applications.portfolio_applications", portfolio_id=application.portfolio_id
)
)

49
atst/routes/applications/team.py Normal file
View File

@ -0,0 +1,49 @@
from flask import render_template
from . import applications_bp
from atst.domain.environments import Environments
from atst.domain.applications import Applications
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
from atst.domain.permission_sets import PermissionSets
from atst.utils.localization import translate
def permission_str(member, edit_perm_set):
if member.has_permission_set(edit_perm_set):
return translate("portfolios.members.permissions.edit_access")
else:
return translate("portfolios.members.permissions.view_only")
@applications_bp.route("/applications/<application_id>/team")
@user_can(Permissions.VIEW_APPLICATION, message="view portfolio applications")
def team(application_id):
application = Applications.get(resource_id=application_id)
environment_users = {}
for member in application.members:
user_id = member.user.id
environment_users[user_id] = {
"permissions": {
"delete_access": permission_str(
member, PermissionSets.DELETE_APPLICATION_ENVIRONMENTS
),
"environment_management": permission_str(
member, PermissionSets.EDIT_APPLICATION_ENVIRONMENTS
),
"team_management": permission_str(
member, PermissionSets.EDIT_APPLICATION_TEAM
),
},
"environments": Environments.for_user(
user=member.user, application=application
),
}
return render_template(
"portfolios/applications/team.html",
application=application,
environment_users=environment_users,
)

1
atst/routes/portfolios/__init__.py
View File

@ -4,7 +4,6 @@ from operator import attrgetter
portfolios_bp = Blueprint("portfolios", __name__)
from . import index
from . import applications
from . import members
from . import invitations
from . import task_orders

185
atst/routes/portfolios/applications.py
View File

@ -1,185 +0,0 @@
from flask import (
current_app as app,
g,
redirect,
render_template,
request as http_request,
url_for,
)
from . import portfolios_bp
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.environments import Environments
from atst.domain.exceptions import UnauthorizedError
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.forms.application import NewApplicationForm, ApplicationForm
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
from atst.utils.flash import formatted_flash as flash
from atst.domain.permission_sets import PermissionSets
from atst.utils.localization import translate
@portfolios_bp.route("/portfolios/<portfolio_id>/applications")
@user_can(Permissions.VIEW_APPLICATION, message="view portfolio applications")
def portfolio_applications(portfolio_id):
return render_template("portfolios/applications/index.html")
@portfolios_bp.route("/portfolios/<portfolio_id>/applications/new")
@user_can(Permissions.CREATE_APPLICATION, message="view create new application form")
def new_application(portfolio_id):
form = NewApplicationForm()
return render_template("portfolios/applications/new.html", form=form)
@portfolios_bp.route("/portfolios/<portfolio_id>/applications/new", methods=["POST"])
@user_can(Permissions.CREATE_APPLICATION, message="create new application")
def create_application(portfolio_id):
portfolio = Portfolios.get_for_update(portfolio_id)
form = NewApplicationForm(http_request.form)
if form.validate():
application_data = form.data
Applications.create(
portfolio,
application_data["name"],
application_data["description"],
application_data["environment_names"],
)
return redirect(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio_id)
)
else:
return render_template("portfolios/applications/new.html", form=form)
def get_environments_obj_for_app(application):
environments_obj = {}
for env in application.environments:
environments_obj[env.name] = []
for user in env.users:
env_role = EnvironmentRoles.get(user.id, env.id)
environments_obj[env.name].append(
{"name": user.full_name, "role": env_role.displayname}
)
return environments_obj
@portfolios_bp.route("/portfolios/<portfolio_id>/applications/<application_id>/edit")
@user_can(Permissions.VIEW_APPLICATION, message="view application edit form")
def edit_application(portfolio_id, application_id):
application = Applications.get(application_id, portfolio_id=portfolio_id)
form = ApplicationForm(name=application.name, description=application.description)
return render_template(
"portfolios/applications/edit.html",
application=application,
form=form,
environments_obj=get_environments_obj_for_app(application=application),
)
@portfolios_bp.route(
"/portfolios/<portfolio_id>/applications/<application_id>/edit", methods=["POST"]
)
@user_can(Permissions.EDIT_APPLICATION, message="update application")
def update_application(portfolio_id, application_id):
application = Applications.get(application_id, portfolio_id=portfolio_id)
form = ApplicationForm(http_request.form)
if form.validate():
application_data = form.data
Applications.update(application, application_data)
return redirect(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio_id)
)
else:
return render_template(
"portfolios/applications/edit.html",
application=application,
form=form,
environments_obj=get_environments_obj_for_app(application=application),
)
def wrap_environment_role_lookup(
user, portfolio_id=None, environment_id=None, **kwargs
):
env_role = EnvironmentRoles.get_for_portfolio(
user.id, environment_id, portfolio_id=portfolio_id
)
if not env_role:
raise UnauthorizedError(user, "access environment {}".format(environment_id))
return True
@portfolios_bp.route("/portfolios/<portfolio_id>/environments/<environment_id>/access")
@user_can(None, override=wrap_environment_role_lookup, message="access environment")
def access_environment(portfolio_id, environment_id):
env_role = EnvironmentRoles.get_for_portfolio(
g.current_user.id, environment_id, portfolio_id=portfolio_id
)
token = app.csp.cloud.get_access_token(env_role)
return redirect(url_for("atst.csp_environment_access", token=token))
@portfolios_bp.route(
"/portfolios/<portfolio_id>/applications/<application_id>/delete", methods=["POST"]
)
@user_can(Permissions.DELETE_APPLICATION, message="delete application")
def delete_application(portfolio_id, application_id):
application = Applications.get(application_id, portfolio_id=portfolio_id)
Applications.delete(application)
flash("application_deleted", application_name=application.name)
return redirect(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio_id)
)
def permission_str(member, edit_perm_set):
if member.has_permission_set(edit_perm_set):
return translate("portfolios.members.permissions.edit_access")
else:
return translate("portfolios.members.permissions.view_only")
@portfolios_bp.route("/portfolios/<portfolio_id>/applications/<application_id>/team")
@user_can(Permissions.VIEW_APPLICATION, message="view portfolio applications")
def application_team(portfolio_id, application_id):
application = Applications.get(
resource_id=application_id, portfolio_id=portfolio_id
)
environment_users = {}
for member in application.members:
user_id = member.user.id
environment_users[user_id] = {
"permissions": {
"delete_access": permission_str(
member, PermissionSets.DELETE_APPLICATION_ENVIRONMENTS
),
"environment_management": permission_str(
member, PermissionSets.EDIT_APPLICATION_ENVIRONMENTS
),
"team_management": permission_str(
member, PermissionSets.EDIT_APPLICATION_TEAM
),
},
"environments": Environments.for_user(
user=member.user, application=application
),
}
return render_template(
"portfolios/applications/team.html",
application=application,
environment_users=environment_users,
)

4
atst/routes/portfolios/index.py
View File

@ -171,7 +171,7 @@ def edit_portfolio(portfolio_id):
if form.validate():
Portfolios.update(portfolio, form.data)
return redirect(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id)
url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
)
else:
# rerender portfolio admin page
@ -182,7 +182,7 @@ def edit_portfolio(portfolio_id):
@user_can(Permissions.VIEW_PORTFOLIO, message="view portfolio")
def show_portfolio(portfolio_id):
return redirect(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio_id)
url_for("applications.portfolio_applications", portfolio_id=portfolio_id)
)

4
templates/portfolios/applications/edit.html
View File

@ -11,7 +11,7 @@
<div class='subheading'>{{ 'portfolios.applications.settings_heading' | translate }}</div>
<form method="POST" action="{{ url_for('portfolios.edit_application', portfolio_id=portfolio.id, application_id=application.id) }}">
<form method="POST" action="{{ url_for('applications.update', application_id=application.id) }}">
<div class="panel">
<div class="panel__content">
@ -112,7 +112,7 @@
<input id="deleted-text" v-model="deleteText">
</div>
<div class="action-group">
<form method="POST" action="{{ url_for('portfolios.delete_application', portfolio_id=portfolio.id, application_id=application.id) }}">
<form method="POST" action="{{ url_for('applications.delete', application_id=application.id) }}">
{{ form.csrf_token }}
<button class="usa-button button-danger" v-bind:disabled="!valid">
{{ "portfolios.applications.delete.button" | translate }}

10
templates/portfolios/applications/index.html
View File

@ -13,7 +13,7 @@
<div class='portfolio-applications__header--title col col--grow'>Applications</div>
<div class='portfolio-applications__header--actions col'>
{% if can_create_applications %}
<a class='icon-link' href='{{ url_for('portfolios.new_application', portfolio_id=portfolio.id) }}'>
<a class='icon-link' href='{{ url_for('applications.new', portfolio_id=portfolio.id) }}'>
{{ 'portfolios.applications.add_application_text' | translate }}
{{ Icon("plus", classes="sidenav__link-icon icon--circle") }}
</a>
@ -26,7 +26,7 @@
{{ EmptyState(
'This portfolio doesnt have any applications yet.',
action_label='Add a new application' if can_create_applications else None,
action_href=url_for('portfolios.new_application', portfolio_id=portfolio.id) if can_create_applications else None,
action_href=url_for('applications.new', portfolio_id=portfolio.id) if can_create_applications else None,
icon='cloud',
sub_message=None if can_create_applications else 'Please contact your JEDI Cloud portfolio administrator to set up a new application.'
) }}
@ -43,14 +43,14 @@
<span class='accordion__description'>{{ application.description }}</span>
<div class='accordion__actions'>
{% if user_can(permissions.VIEW_APPLICATION) %}
<a class='icon-link' href='{{ url_for("portfolios.edit_application", portfolio_id=portfolio.id, application_id=application.id) }}'>
<a class='icon-link' href='{{ url_for("applications.settings", application_id=application.id) }}'>
<span>{{ "portfolios.applications.app_settings_text" | translate }}</span>
</a>
<div class='separator'></div>
{% endif %}
{% if user_can(permissions.VIEW_PORTFOLIO_USERS) %}
<a
href="{{ url_for('portfolios.application_team', portfolio_id=portfolio.id, application_id=application.id) }}"
href="{{ url_for('applications.team', application_id=application.id) }}"
class='icon-link'>
<span>{{ "portfolios.applications.team_text" | translate }}</span>
<span class='counter'>{{ application.num_users }}</span>
@ -76,7 +76,7 @@
<span>{{ environment.name }}</span>
</div>
<a href='{{ url_for("portfolios.access_environment", portfolio_id=portfolio.id, environment_id=environment.id)}}' target='_blank' rel='noopener noreferrer' class='application-list-item__environment__csp_link icon-link'>
<a href='{{ url_for("applications.access_environment", environment_id=environment.id)}}' target='_blank' rel='noopener noreferrer' class='application-list-item__environment__csp_link icon-link'>
<span>{{ "portfolios.applications.csp_console_text" | translate }}</span>
</a>

2
templates/portfolios/applications/new.html
View File

@ -16,7 +16,7 @@
<div class='subheading'>{{ 'portfolios.applications.settings_heading' | translate }}</div>
<new-application inline-template v-bind:initial-data='{{ form.data|tojson }}' modal-name='{{ modalName }}'>
<form method="POST" action="{{ url_for('portfolios.create_application', portfolio_id=portfolio.id) }}" v-on:submit="handleSubmit">
<form method="POST" action="{{ url_for('applications.create', portfolio_id=portfolio.id) }}" v-on:submit="handleSubmit">
<div class="panel">
<div class="panel__content">

2
templates/portfolios/breadcrumbs.html
View File

@ -1,7 +1,7 @@
{% from "components/icon.html" import Icon %}
<div class="row portfolio-breadcrumbs">
<a class="icon-link portfolio-breadcrumbs__home {{ 'icon-link--disabled' if not secondary_breadcrumb }}" href="{{ url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id) }}">
<a class="icon-link portfolio-breadcrumbs__home {{ 'icon-link--disabled' if not secondary_breadcrumb }}" href="{{ url_for("applications.portfolio_applications", portfolio_id=portfolio.id) }}">
{{ Icon("home") }}
<span>
{{ portfolio.name }} Portfolio

2
templates/portfolios/reports/index.html
View File

@ -143,7 +143,7 @@
{{ EmptyState(
'Nothing to report',
action_label='Add a new application' if can_create_applications else None,
action_href=url_for('portfolios.new_application', portfolio_id=portfolio.id) if can_create_applications else None,
action_href=url_for('applications.new', portfolio_id=portfolio.id) if can_create_applications else None,
icon='chart',
sub_message=message
) }}

27
tests/domain/test_environment_roles.py
View File

@ -1,27 +0,0 @@
import pytest
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.exceptions import NotFoundError
from tests.factories import *
def test_get_for_portfolio():
user = UserFactory.create()
portfolio = PortfolioFactory.create()
application = ApplicationFactory.create(portfolio=portfolio)
environment = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(
environment=environment, user=user, role="basic access"
)
assert (
EnvironmentRoles.get_for_portfolio(
user.id, environment.id, portfolio_id=portfolio.id
)
== env_role
)
with pytest.raises(NotFoundError):
EnvironmentRoles.get_for_portfolio(
user.id, environment.id, portfolio_id=application.id
)

70
tests/routes/applications/test_index.py Normal file
View File

@ -0,0 +1,70 @@
from flask import url_for, get_flashed_messages
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
EnvironmentRoleFactory,
EnvironmentFactory,
ApplicationFactory,
)
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from tests.utils import captured_templates
def test_user_with_permission_has_budget_report_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get(
url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("portfolios.portfolio_reports", portfolio_id=portfolio.id)
in response.data.decode()
)
def test_user_without_permission_has_no_budget_report_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(
user, portfolio, status=PortfolioRoleStatus.ACTIVE
)
user_session(user)
response = client.get(
url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("portfolios.portfolio_reports", portfolio_id=portfolio.id)
not in response.data.decode()
)
def test_user_with_permission_has_add_application_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get(
url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("applications.create", portfolio_id=portfolio.id)
in response.data.decode()
)
def test_user_without_permission_has_no_add_application_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(user, portfolio)
user_session(user)
response = client.get(
url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("applications.create", portfolio_id=portfolio.id)
not in response.data.decode()
)

47
tests/routes/applications/test_init.py Normal file
View File

@ -0,0 +1,47 @@
from flask import url_for, get_flashed_messages
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
EnvironmentRoleFactory,
EnvironmentFactory,
ApplicationFactory,
)
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from tests.utils import captured_templates
def create_environment(user):
portfolio = PortfolioFactory.create()
portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio, user=user)
application = ApplicationFactory.create(portfolio=portfolio)
return EnvironmentFactory.create(application=application, name="new environment!")
def test_environment_access_with_env_role(client, user_session):
user = UserFactory.create()
environment = create_environment(user)
env_role = EnvironmentRoleFactory.create(
user=user, environment=environment, role="developer"
)
user_session(user)
response = client.get(
url_for("applications.access_environment", environment_id=environment.id)
)
assert response.status_code == 302
assert "csp-environment-access" in response.location
def test_environment_access_with_no_role(client, user_session):
user = UserFactory.create()
environment = create_environment(user)
user_session(user)
response = client.get(
url_for("applications.access_environment", environment_id=environment.id)
)
assert response.status_code == 404

21
tests/routes/applications/test_new.py Normal file
View File

@ -0,0 +1,21 @@
from flask import url_for
from tests.factories import PortfolioFactory
def test_creating_application(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.post(
url_for("applications.create", portfolio_id=portfolio.id),
data={
"name": "Test Application",
"description": "This is only a test",
"environment_names-0": "dev",
"environment_names-1": "staging",
"environment_names-2": "prod",
},
)
assert response.status_code == 302
assert len(portfolio.applications) == 1
assert len(portfolio.applications[0].environments) == 3

185
tests/routes/applications/test_settings.py Normal file
View File

@ -0,0 +1,185 @@
from flask import url_for, get_flashed_messages
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
EnvironmentRoleFactory,
EnvironmentFactory,
ApplicationFactory,
)
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from tests.utils import captured_templates
def test_application_settings(client, user_session):
portfolio = PortfolioFactory.create()
application = Applications.create(
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1", "env2"},
)
user_session(portfolio.owner)
response = client.get(
url_for("applications.settings", application_id=application.id)
)
assert response.status_code == 200
def test_edit_application_environments_obj(app, client, user_session):
portfolio = PortfolioFactory.create()
application = Applications.create(
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1", "env2"},
)
user1 = UserFactory.create()
user2 = UserFactory.create()
env1 = application.environments[0]
env2 = application.environments[1]
env_role1 = EnvironmentRoleFactory.create(environment=env1, user=user1)
env_role2 = EnvironmentRoleFactory.create(environment=env1, user=user2)
env_role3 = EnvironmentRoleFactory.create(environment=env2, user=user1)
user_session(portfolio.owner)
with captured_templates(app) as templates:
response = app.test_client().get(
url_for("applications.settings", application_id=application.id)
)
assert response.status_code == 200
_, context = templates[0]
assert context["environments_obj"] == {
env1.name: [
{"name": user1.full_name, "role": env_role1.role},
{"name": user2.full_name, "role": env_role2.role},
],
env2.name: [{"name": user1.full_name, "role": env_role3.role}],
}
def test_user_with_permission_can_update_application(client, user_session):
owner = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner,
applications=[
{
"name": "Awesome Application",
"description": "It's really awesome!",
"environments": [{"name": "dev"}, {"name": "prod"}],
}
],
)
application = portfolio.applications[0]
user_session(owner)
response = client.post(
url_for("applications.update", application_id=application.id),
data={
"name": "Really Cool Application",
"description": "A very cool application.",
},
follow_redirects=True,
)
assert response.status_code == 200
assert application.name == "Really Cool Application"
assert application.description == "A very cool application."
def test_user_without_permission_cannot_update_application(client, user_session):
dev = UserFactory.create()
owner = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner,
members=[{"user": dev, "role_name": "developer"}],
applications=[
{
"name": "Great Application",
"description": "Cool stuff happening here!",
"environments": [{"name": "dev"}, {"name": "prod"}],
}
],
)
application = portfolio.applications[0]
user_session(dev)
response = client.post(
url_for("applications.update", application_id=application.id),
data={"name": "New Name", "description": "A new description."},
follow_redirects=True,
)
assert response.status_code == 404
assert application.name == "Great Application"
assert application.description == "Cool stuff happening here!"
def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
portfolio = PortfolioFactory.create()
other_portfolio = PortfolioFactory.create(
applications=[
{
"name": "Awesome Application",
"description": "More cool stuff happening here!",
"environments": [{"name": "dev"}],
}
]
)
other_application = other_portfolio.applications[0]
user_session(portfolio.owner)
# user can't view application edit form
response = client.get(
url_for("applications.settings", application_id=other_application.id)
)
assert response.status_code == 404
# user can't post update application form
time_updated = other_application.time_updated
response = client.post(
url_for("applications.update", application_id=other_application.id),
data={"name": "New Name", "description": "A new description."},
)
assert response.status_code == 404
assert time_updated == other_application.time_updated
def test_delete_application(client, user_session):
user = UserFactory.create()
port = PortfolioFactory.create(
owner=user,
applications=[
{
"name": "mos eisley",
"environments": [
{"name": "bar"},
{"name": "booth"},
{"name": "band stage"},
],
}
],
)
application = port.applications[0]
user_session(user)
response = client.post(
url_for("applications.delete", application_id=application.id)
)
# appropriate response and redirect
assert response.status_code == 302
assert response.location == url_for(
"applications.portfolio_applications", portfolio_id=port.id, _external=True
)
# appropriate flash message
message = get_flashed_messages()[0]
assert "deleted" in message["message"]
assert application.name in message["message"]
# app and envs are soft deleted
assert len(port.applications) == 0
assert len(application.environments) == 0

14
tests/routes/applications/test_team.py Normal file
View File

@ -0,0 +1,14 @@
from flask import url_for
from tests.factories import PortfolioFactory, ApplicationFactory
def test_application_team(client, user_session):
portfolio = PortfolioFactory.create()
application = ApplicationFactory.create(portfolio=portfolio)
user_session(portfolio.owner)
response = client.get(url_for("applications.team", application_id=application.id))
assert response.status_code == 200

358
tests/routes/portfolios/test_applications.py
View File

@ -1,358 +0,0 @@
from flask import url_for, get_flashed_messages
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
EnvironmentRoleFactory,
EnvironmentFactory,
ApplicationFactory,
)
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from tests.utils import captured_templates
def test_user_with_permission_has_budget_report_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("portfolios.portfolio_reports", portfolio_id=portfolio.id)
in response.data.decode()
)
def test_user_without_permission_has_no_budget_report_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(
user, portfolio, status=PortfolioRoleStatus.ACTIVE
)
user_session(user)
response = client.get(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("portfolios.portfolio_reports", portfolio_id=portfolio.id)
not in response.data.decode()
)
def test_user_with_permission_has_add_application_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("portfolios.create_application", portfolio_id=portfolio.id)
in response.data.decode()
)
def test_user_without_permission_has_no_add_application_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(user, portfolio)
user_session(user)
response = client.get(
url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id)
)
assert (
url_for("portfolios.create_application", portfolio_id=portfolio.id)
not in response.data.decode()
)
def test_creating_application(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.post(
url_for("portfolios.create_application", portfolio_id=portfolio.id),
data={
"name": "Test Application",
"description": "This is only a test",
"environment_names-0": "dev",
"environment_names-1": "staging",
"environment_names-2": "prod",
},
)
assert response.status_code == 302
assert len(portfolio.applications) == 1
assert len(portfolio.applications[0].environments) == 3
def test_view_edit_application(client, user_session):
portfolio = PortfolioFactory.create()
application = Applications.create(
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1", "env2"},
)
user_session(portfolio.owner)
response = client.get(
url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=application.id,
)
)
assert response.status_code == 200
def test_edit_application_environments_obj(app, client, user_session):
portfolio = PortfolioFactory.create()
application = Applications.create(
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1", "env2"},
)
user1 = UserFactory.create()
user2 = UserFactory.create()
env1 = application.environments[0]
env2 = application.environments[1]
env_role1 = EnvironmentRoleFactory.create(environment=env1, user=user1)
env_role2 = EnvironmentRoleFactory.create(environment=env1, user=user2)
env_role3 = EnvironmentRoleFactory.create(environment=env2, user=user1)
user_session(portfolio.owner)
with captured_templates(app) as templates:
response = app.test_client().get(
url_for(
"portfolios.edit_application",
portfolio_id=portfolio.id,
application_id=application.id,
)
)
assert response.status_code == 200
_, context = templates[0]
assert context["environments_obj"] == {
env1.name: [
{"name": user1.full_name, "role": env_role1.role},
{"name": user2.full_name, "role": env_role2.role},
],
env2.name: [{"name": user1.full_name, "role": env_role3.role}],
}
def test_user_with_permission_can_update_application(client, user_session):
owner = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner,
applications=[
{
"name": "Awesome Application",
"description": "It's really awesome!",
"environments": [{"name": "dev"}, {"name": "prod"}],
}
],
)
application = portfolio.applications[0]
user_session(owner)
response = client.post(
url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=application.id,
),
data={
"name": "Really Cool Application",
"description": "A very cool application.",
},
follow_redirects=True,
)
assert response.status_code == 200
assert application.name == "Really Cool Application"
assert application.description == "A very cool application."
def test_user_without_permission_cannot_update_application(client, user_session):
dev = UserFactory.create()
owner = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner,
members=[{"user": dev, "role_name": "developer"}],
applications=[
{
"name": "Great Application",
"description": "Cool stuff happening here!",
"environments": [{"name": "dev"}, {"name": "prod"}],
}
],
)
application = portfolio.applications[0]
user_session(dev)
response = client.post(
url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=application.id,
),
data={"name": "New Name", "description": "A new description."},
follow_redirects=True,
)
assert response.status_code == 404
assert application.name == "Great Application"
assert application.description == "Cool stuff happening here!"
def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
portfolio = PortfolioFactory.create()
other_portfolio = PortfolioFactory.create(
applications=[
{
"name": "Awesome Application",
"description": "More cool stuff happening here!",
"environments": [{"name": "dev"}],
}
]
)
other_application = other_portfolio.applications[0]
user_session(portfolio.owner)
# user can't view application edit form
response = client.get(
url_for(
"portfolios.edit_application",
portfolio_id=portfolio.id,
application_id=other_application.id,
)
)
assert response.status_code == 404
# user can't post update application form
time_updated = other_application.time_updated
response = client.post(
url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=other_application.id,
),
data={"name": "New Name", "description": "A new description."},
)
assert response.status_code == 404
assert time_updated == other_application.time_updated
def create_environment(user):
portfolio = PortfolioFactory.create()
portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio, user=user)
application = ApplicationFactory.create(portfolio=portfolio)
return EnvironmentFactory.create(application=application, name="new environment!")
def test_environment_access_with_env_role(client, user_session):
user = UserFactory.create()
environment = create_environment(user)
env_role = EnvironmentRoleFactory.create(
user=user, environment=environment, role="developer"
)
user_session(user)
response = client.get(
url_for(
"portfolios.access_environment",
portfolio_id=environment.portfolio.id,
environment_id=environment.id,
)
)
assert response.status_code == 302
assert "csp-environment-access" in response.location
def test_environment_access_with_no_role(client, user_session):
user = UserFactory.create()
environment = create_environment(user)
user_session(user)
response = client.get(
url_for(
"portfolios.access_environment",
portfolio_id=environment.portfolio.id,
environment_id=environment.id,
)
)
assert response.status_code == 404
def test_delete_application(client, user_session):
user = UserFactory.create()
port = PortfolioFactory.create(
owner=user,
applications=[
{
"name": "mos eisley",
"environments": [
{"name": "bar"},
{"name": "booth"},
{"name": "band stage"},
],
}
],
)
application = port.applications[0]
user_session(user)
response = client.post(
url_for(
"portfolios.delete_application",
portfolio_id=port.id,
application_id=application.id,
)
)
# appropriate response and redirect
assert response.status_code == 302
assert response.location == url_for(
"portfolios.portfolio_applications", portfolio_id=port.id, _external=True
)
# appropriate flash message
message = get_flashed_messages()[0]
assert "deleted" in message["message"]
assert application.name in message["message"]
# app and envs are soft deleted
assert len(port.applications) == 0
assert len(application.environments) == 0
def test_edit_application_scope(client, user_session):
owner = UserFactory.create()
port1 = PortfolioFactory.create(owner=owner, applications=[{"name": "first app"}])
port2 = PortfolioFactory.create(owner=owner, applications=[{"name": "second app"}])
user_session(owner)
response = client.get(
url_for(
"portfolios.edit_application",
portfolio_id=port2.id,
application_id=port1.applications[0].id,
)
)
assert response.status_code == 404
def test_application_team(client, user_session):
portfolio = PortfolioFactory.create()
application = ApplicationFactory.create(portfolio=portfolio)
user_session(portfolio.owner)
response = client.get(
url_for(
"portfolios.application_team",
portfolio_id=portfolio.id,
application_id=application.id,
)
)
assert response.status_code == 200

64
tests/test_access.py
View File

@ -126,8 +126,8 @@ def test_atst_activity_history_access(get_url_assert_status):
get_url_assert_status(rando, url, 404)
# portfolios.access_environment
def test_portfolios_access_environment_access(get_url_assert_status):
# applications.access_environment
def test_applications_access_environment_access(get_url_assert_status):
dev = UserFactory.create()
rando = UserFactory.create()
ccpo = UserFactory.create_ccpo()
@ -149,24 +149,20 @@ def test_portfolios_access_environment_access(get_url_assert_status):
)
env = portfolio.applications[0].environments[0]
url = url_for(
"portfolios.access_environment",
portfolio_id=portfolio.id,
environment_id=env.id,
)
url = url_for("applications.access_environment", environment_id=env.id)
get_url_assert_status(dev, url, 302)
get_url_assert_status(rando, url, 404)
get_url_assert_status(ccpo, url, 404)
# portfolios.create_application
def test_portfolios_create_application_access(post_url_assert_status):
# applications.create
def test_applications_create_access(post_url_assert_status):
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)
owner = user_with()
rando = user_with()
portfolio = PortfolioFactory.create(owner=owner)
url = url_for("portfolios.create_application", portfolio_id=portfolio.id)
url = url_for("applications.create", portfolio_id=portfolio.id)
post_url_assert_status(ccpo, url, 200)
post_url_assert_status(owner, url, 200)
post_url_assert_status(rando, url, 404)
@ -185,8 +181,8 @@ def test_portfolios_create_member_access(post_url_assert_status):
post_url_assert_status(rando, url, 404)
# portfolios.delete_application
def test_portfolios_delete_application_access(post_url_assert_status, monkeypatch):
# applications.delete
def test_applications_delete_access(post_url_assert_status, monkeypatch):
ccpo = UserFactory.create_ccpo()
owner = user_with()
app_admin = user_with()
@ -212,19 +208,15 @@ def test_portfolios_delete_application_access(post_url_assert_status, monkeypatc
monkeypatch.setattr("atst.domain.applications.Applications.delete", lambda *a: True)
url = url_for(
"portfolios.delete_application",
portfolio_id=portfolio.id,
application_id=application.id,
)
url = url_for("applications.delete", application_id=application.id)
post_url_assert_status(app_admin, url, 404)
post_url_assert_status(rando, url, 404)
post_url_assert_status(owner, url, 302)
post_url_assert_status(ccpo, url, 302)
# portfolios.edit_application
def test_portfolios_edit_application_access(get_url_assert_status):
# applications.settings
def test_application_settings_access(get_url_assert_status):
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT)
owner = user_with()
rando = user_with()
@ -234,9 +226,7 @@ def test_portfolios_edit_application_access(get_url_assert_status):
)
app = portfolio.applications[0]
url = url_for(
"portfolios.edit_application", portfolio_id=portfolio.id, application_id=app.id
)
url = url_for("applications.settings", application_id=app.id)
get_url_assert_status(ccpo, url, 200)
get_url_assert_status(owner, url, 200)
get_url_assert_status(rando, url, 404)
@ -295,14 +285,14 @@ def test_portfolios_ko_review_access(get_url_assert_status):
get_url_assert_status(cor, url, 200)
# portfolios.new_application
def test_portfolios_new_application_access(get_url_assert_status):
# applications.new
def test_applications_new_access(get_url_assert_status):
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)
owner = user_with()
rando = user_with()
portfolio = PortfolioFactory.create(owner=owner)
url = url_for("portfolios.new_application", portfolio_id=portfolio.id)
url = url_for("applications.new", portfolio_id=portfolio.id)
get_url_assert_status(ccpo, url, 200)
get_url_assert_status(owner, url, 200)
get_url_assert_status(rando, url, 404)
@ -321,14 +311,14 @@ def test_portfolios_portfolio_admin_access(get_url_assert_status):
get_url_assert_status(rando, url, 404)
# portfolios.portfolio_applications
def test_portfolios_portfolio_applications_access(get_url_assert_status):
# applications.portfolio_applications
def test_applications_portfolio_applications_access(get_url_assert_status):
ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT)
owner = user_with()
rando = user_with()
portfolio = PortfolioFactory.create(owner=owner)
url = url_for("portfolios.portfolio_applications", portfolio_id=portfolio.id)
url = url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
get_url_assert_status(ccpo, url, 200)
get_url_assert_status(owner, url, 200)
get_url_assert_status(rando, url, 404)
@ -519,8 +509,8 @@ def test_portfolios_task_order_invitations_access(get_url_assert_status):
get_url_assert_status(rando, url, 404)
# portfolios.update_application
def test_portfolios_update_application_access(post_url_assert_status):
# applications.update
def test_applications_update_access(post_url_assert_status):
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)
dev = UserFactory.create()
rando = UserFactory.create()
@ -531,11 +521,7 @@ def test_portfolios_update_application_access(post_url_assert_status):
)
app = portfolio.applications[0]
url = url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=app.id,
)
url = url_for("applications.update", application_id=app.id)
post_url_assert_status(dev, url, 200)
post_url_assert_status(ccpo, url, 200)
post_url_assert_status(rando, url, 404)
@ -718,18 +704,14 @@ def test_task_orders_update_access(post_url_assert_status):
post_url_assert_status(rando, url, 404)
def test_portfolio_application_team_access(get_url_assert_status):
def test_applications_application_team_access(get_url_assert_status):
ccpo = UserFactory.create_ccpo()
rando = UserFactory.create()
portfolio = PortfolioFactory.create()
application = ApplicationFactory.create(portfolio=portfolio)
url = url_for(
"portfolios.application_team",
portfolio_id=portfolio.id,
application_id=application.id,
)
url = url_for("applications.team", application_id=application.id)
get_url_assert_status(ccpo, url, 200)
get_url_assert_status(portfolio.owner, url, 200)