pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #239 from dod-ccpo/edit-user-role

Browse Source 
Edit user role
This commit is contained in:
montana-mil 2018-09-05 16:51:36 -04:00 committed by GitHub
commit 91cb986b8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 332 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
atst/domain/authz.py
View File

@ -1,5 +1,6 @@
from atst.domain.workspace_users import WorkspaceUsers from atst.domain.workspace_users import WorkspaceUsers
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
from atst.domain.exceptions import UnauthorizedError
class Authorization(object): class Authorization(object):
@ -23,3 +24,8 @@ class Authorization(object):
return True return True
return False return False
@classmethod
def check_workspace_permission(cls, user, workspace, permission, message):
if not Authorization.has_workspace_permission(user, workspace, permission):
raise UnauthorizedError(user, message)

25
atst/domain/workspace_users.py
View File

@ -30,6 +30,21 @@ class WorkspaceUsers(object):
return WorkspaceUser(user, workspace_role) return WorkspaceUser(user, workspace_role)
@classmethod
def _get_workspace_role(cls, user, workspace_id):
try:
existing_workspace_role = (
db.session.query(WorkspaceRole)
.filter(
WorkspaceRole.user == user,
WorkspaceRole.workspace_id == workspace_id,
)
.one()
)
return existing_workspace_role
except NoResultFound:
raise NotFoundError("workspace role")
@classmethod @classmethod
def add(cls, user, workspace_id, role_name): def add(cls, user, workspace_id, role_name):
role = Roles.get(role_name) role = Roles.get(role_name)
@ -57,6 +72,16 @@ class WorkspaceUsers(object):
return WorkspaceUser(user, new_workspace_role) return WorkspaceUser(user, new_workspace_role)
@classmethod
def update_role(cls, member, workspace_id, role_name):
new_role = Roles.get(role_name)
workspace_role = WorkspaceUsers._get_workspace_role(member.user, workspace_id)
workspace_role.role = new_role
db.session.add(workspace_role)
db.session.commit()
return WorkspaceUser(member.user, workspace_role)
@classmethod @classmethod
def add_many(cls, workspace_id, workspace_user_dicts): def add_many(cls, workspace_id, workspace_user_dicts):
workspace_users = [] workspace_users = []

29
atst/domain/workspaces.py
View File

@ -38,10 +38,10 @@ class Workspaces(object):
@classmethod @classmethod
def get_for_update(cls, user, workspace_id): def get_for_update(cls, user, workspace_id):
workspace = Workspaces.get(user, workspace_id) workspace = Workspaces.get(user, workspace_id)
if not Authorization.has_workspace_permission( Authorization.check_workspace_permission(
user, workspace, Permissions.ADD_APPLICATION_IN_WORKSPACE user, workspace, Permissions.ADD_APPLICATION_IN_WORKSPACE, "add project"
): )
raise UnauthorizedError(user, "add project")
return workspace return workspace
@classmethod @classmethod
@ -65,10 +65,12 @@ class Workspaces(object):
@classmethod @classmethod
def create_member(cls, user, workspace, data): def create_member(cls, user, workspace, data):
if not Authorization.has_workspace_permission( Authorization.check_workspace_permission(
user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE user,
): workspace,
raise UnauthorizedError(user, "create workspace member") Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"create workspace member",
)
new_user = Users.get_or_create_by_dod_id( new_user = Users.get_or_create_by_dod_id(
data["dod_id"], data["dod_id"],
@ -81,6 +83,17 @@ class Workspaces(object):
) )
return workspace_user return workspace_user
@classmethod
def update_member(cls, user, workspace, member, role_name):
Authorization.check_workspace_permission(
user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit workspace member",
)
return WorkspaceUsers.update_role(member, workspace.id, role_name)
@classmethod @classmethod
def _create_workspace_role(cls, user, workspace, role_name): def _create_workspace_role(cls, user, workspace, role_name):
role = Roles.get(role_name) role = Roles.get(role_name)

13
atst/forms/edit_member.py Normal file
View File

@ -0,0 +1,13 @@
from flask_wtf import Form
from wtforms.validators import Optional
from atst.forms.fields import SelectField
from .data import WORKSPACE_ROLES
class EditMemberForm(Form):
workspace_role = SelectField(
"Workspace Role", choices=WORKSPACE_ROLES, validators=[Optional()]
)

34
atst/models/workspace.py
View File

@ -5,37 +5,7 @@ from atst.models import Base
from atst.models.types import Id from atst.models.types import Id
from atst.models.mixins import TimestampsMixin from atst.models.mixins import TimestampsMixin
from atst.utils import first_or_none from atst.utils import first_or_none
from atst.models.workspace_user import WorkspaceUser
MOCK_MEMBERS = [
{
"first_name": "Danny",
"last_name": "Knight",
"email": "dknight@thenavy.mil",
"dod_id": "1257892124",
"workspace_role": "Developer",
"status": "Pending",
"num_projects": "4",
},
{
"first_name": "Mario",
"last_name": "Hudson",
"email": "mhudson@thearmy.mil",
"dod_id": "4357892125",
"workspace_role": "CCPO",
"status": "Active",
"num_projects": "0",
},
{
"first_name": "Louise",
"last_name": "Greer",
"email": "lgreer@theairforce.mil",
"dod_id": "7257892125",
"workspace_role": "Admin",
"status": "Pending",
"num_projects": "43",
},
]
class Workspace(Base, TimestampsMixin): class Workspace(Base, TimestampsMixin):
@ -68,4 +38,4 @@ class Workspace(Base, TimestampsMixin):
@property @property
def members(self): def members(self):
return MOCK_MEMBERS return [WorkspaceUser(role.user, role) for role in self.roles]

16
atst/models/workspace_user.py
View File

@ -16,3 +16,19 @@ class WorkspaceUser(object):
def workspace_id(self): def workspace_id(self):
return self.workspace_role.workspace_id return self.workspace_role.workspace_id
@property
def user_id(self):
return self.user.id
@property
def user_name(self):
return self.user.full_name
@property
def role(self):
return self.workspace_role.role.name
@property
def status(self):
return "radical"

54
atst/routes/workspaces.py
View File

@ -9,9 +9,11 @@ from flask import (
from atst.domain.exceptions import UnauthorizedError from atst.domain.exceptions import UnauthorizedError
from atst.domain.workspaces import Workspaces from atst.domain.workspaces import Workspaces
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.projects import Projects from atst.domain.projects import Projects
from atst.forms.new_project import NewProjectForm from atst.forms.new_project import NewProjectForm
from atst.forms.new_member import NewMemberForm from atst.forms.new_member import NewMemberForm
from atst.forms.edit_member import EditMemberForm
from atst.domain.authz import Authorization from atst.domain.authz import Authorization
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
@ -114,8 +116,58 @@ def create_member(workspace_id):
url_for( url_for(
"workspaces.workspace_members", "workspaces.workspace_members",
workspace_id=workspace.id, workspace_id=workspace.id,
newMemberName=new_member.user.full_name, newMemberName=new_member.user_name,
) )
) )
else: else:
return render_template("member_new.html", workspace=workspace, form=form) return render_template("member_new.html", workspace=workspace, form=form)
@bp.route("/workspaces/<workspace_id>/members/<member_id>/member_edit")
def view_member(workspace_id, member_id):
workspace = Workspaces.get(g.current_user, workspace_id)
Authorization.check_workspace_permission(
g.current_user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id)
form = EditMemberForm(workspace_role=member.role)
return render_template(
"member_edit.html", form=form, workspace=workspace, member=member
)
@bp.route(
"/workspaces/<workspace_id>/members/<member_id>/member_edit", methods=["POST"]
)
def update_member(workspace_id, member_id):
workspace = Workspaces.get(g.current_user, workspace_id)
Authorization.check_workspace_permission(
g.current_user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id)
form = EditMemberForm(http_request.form)
if form.validate():
role = None
if form.data["workspace_role"] != member.role:
role = form.data["workspace_role"]
Workspaces.update_member(g.current_user, workspace, member, role)
return redirect(
url_for(
"workspaces.workspace_members",
workspace_id=workspace.id,
memberName=member.user_name,
updatedRole=role,
)
)
else:
return render_template(
"member_edit.html", form=form, workspace=workspace, member=member
)

5
styles/components/_selector.scss
View File

@ -14,7 +14,7 @@
width: 100%; width: 100%;
height: $input-height; height: $input-height;
margin: 0; margin: 0;
padding: $input-padding-vertical 0.7em; padding: $input-padding-vertical ($gap*5) $input-padding-vertical 0.7em;
line-height: $input-line-height; line-height: $input-line-height;
color: $color-base; color: $color-base;
font-size: $base-font-size; font-size: $base-font-size;
@ -42,6 +42,9 @@
label { label {
padding: 0; padding: 0;
dt {
font-weight: $font-bold;
}
} }
} }
} }

66
styles/sections/_member_edit.scss
View File

@ -3,6 +3,40 @@
padding: $gap*2; padding: $gap*2;
justify-content: space-between; justify-content: space-between;
.member-card__header {
display: flex;
flex-direction: column;
justify-content: space-between;
}
.member-card__heading {
margin: 0;
@include h2;
}
.member-card__input {
margin: 0;
display: flex;
margin-top: $gap;
fieldset {
margin: 0;
}
legend {
flex: none;
margin-top: $gap*1.5;
margin-right: $gap*2;
}
}
.member-card__details {
text-align: right;
.icon-link {
margin: 0 -$gap;
}
dl { dl {
margin: 0; margin: 0;
@ -19,37 +53,5 @@
dd { dd {
display: inline; display: inline;
} }
.member-card__header {
display: flex;
flex-direction: column;
justify-content: space-between;
}
.member-card__heading {
margin: 0;
@include h2;
}
.member-card__input {
margin: 0;
display: flex;
margin-top: $gap;
label {
flex: none;
margin-top: $gap*1.5;
font-weight: $font-normal;
margin-right: $gap*2;
}
}
.member-card__details {
text-align: right;
.icon-link {
margin: 0 -$gap;
}
} }
} }

127
templates/member_edit.html
View File

@ -2,23 +2,19 @@
{% from "components/icon.html" import Icon %} {% from "components/icon.html" import Icon %}
{% from "components/modal.html" import Modal %} {% from "components/modal.html" import Modal %}
{% from "components/selector.html" import Selector %}
{% block content %} {% block content %}
<div class='panel member-card'> <form method="POST" action="{{ url_for('workspaces.update_member', workspace_id=workspace.id, member_id=member.user_id) }}" autocomplete="false">
{{ form.csrf_token }}
<div class='panel member-card'>
<div class='member-card__header'> <div class='member-card__header'>
<h1 class='member-card__heading'>Danny Knight</h1> <h1 class='member-card__heading'>{{ member.user.full_name }}</h1>
<div class="usa-input member-card__input"> <div class="usa-input member-card__input">
<label for="filter-status">Workspace Role</label> {{ Selector(form.workspace_role) }}
<select id="filter-status" name="filter-status">
<option value="Admin">Admin</option>
<option value="Billing Auditor" selected="selected">Billing Auditor</option>
<option value="CCPO">CCPO</option>
<option value="Developer">Developer</option>
<option value="Owner">Owner</option>
<option value="Security Auditor">Security Auditor</option>
</select>
</div> </div>
</div> </div>
@ -26,24 +22,24 @@
<dl> <dl>
<div> <div>
<dt>DOD ID:</dt> <dt>DOD ID:</dt>
<dd>789</dd> <dd>{{ member.user.dod_id }}</dd>
</div> </div>
<div> <div>
<dt>Email:</dt> <dt>Email:</dt>
<dd>knight@mil.gov</dd> <dd>{{ member.user.email }}</dd>
</div> </div>
</dl> </dl>
<a href='#' class='icon-link'>edit account details</a> <a href='#' class='icon-link'>edit account details</a>
</div> </div>
</div> </div>
<div class="panel"> <div class="panel">
<div class="panel__heading panel__heading--tight"> <div class="panel__heading panel__heading--tight">
<h2 class="h3">Manage Access <div class="subtitle">Grant access to an environment</div></h2> <h2 class="h3">Manage Access <div class="subtitle">Grant access to an environment</div></h2>
</div> </div>
</div> </div>
<form class='search-bar'> <div class='search-bar'>
<div class='usa-input search-input'> <div class='usa-input search-input'>
<label for='project-search'>Search by project name</label> <label for='project-search'>Search by project name</label>
<input type='search' id='project-search' name='project-search' placeholder="Search by project name"/> <input type='search' id='project-search' name='project-search' placeholder="Search by project name"/>
@ -51,88 +47,9 @@
<span class="hide">Search</span> <span class="hide">Search</span>
</button> </button>
</div> </div>
</form>
{% call Modal(name='rolesModal', dismissable=False) %}
<div class="block-list">
<header class="block-list__header">
<h2 class="block-list__title">
Environment access for Danny Knight
<div class='subtitle'>Project Name - Environment Name</div>
</h2>
</header>
<form method="post" action="">
<ul>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-1' />
<label for='radio-1'>
<dl>
<dt>CCPO</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Fugiat dicta voluptate vitae quasi, cumque rem dolores, quae quas cum in recusandae? Libero deleniti minus ab accusantium vel necessitatibus placeat, rerum?</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-2' />
<label for='radio-2'>
<dl>
<dt>Security</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quaerat vel ea, eaque, odio sint explicabo officia, debitis dolore, et repudiandae possimus deserunt eveniet laborum. Sunt blanditiis deleniti minus. Et, mollitia.</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-3' />
<label for='radio-3'>
<dl>
<dt>Audit</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem itaque reprehenderit dolorum nobis voluptatibus quae, facilis voluptatum necessitatibus alias laboriosam, esse blanditiis culpa possimus tempore consectetur recusandae. Nihil, vel, dolorem!</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-4' />
<label for='radio-4'>
<dl>
<dt>Application Developer</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Ea esse ab consequuntur aliquam. Porro ea mollitia sapiente blanditiis quaerat quam beatae vitae adipisci quisquam dolore reiciendis tenetur, eius nemo quibusdam!</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-5' />
<label for='radio-5'>
<dl>
<dt>Dev Ops</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Inventore incidunt obcaecati, quidem ullam sint iusto. Natus ex distinctio eveniet cumque laudantium veritatis nemo asperiores, esse hic quis perspiciatis, quia impedit.</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-6' />
<label for='radio-6'>
<dl>
<dt>Billing</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quidem delectus at, voluptatibus dolores, nobis temporibus. Ipsum dignissimos corrupti qui nisi et alias totam commodi maiores hic possimus ipsam error, ullam.</dd>
</dl>
</label>
</li>
</ul>
<div class='block-list__footer'>
<div class='action-group'>
<a v-on:click="closeModal('rolesModal')" class='action-group__action usa-button'>Select Access Role</a>
<a class='action-group__action icon-link icon-link--danger' v-on:click="closeModal('rolesModal')">No Access</a>
</div>
</div>
</form>
</div> </div>
{% endcall %} <div is='toggler' default-visible class='block-list project-list-item'>
<div is='toggler' default-visible class='block-list project-list-item'>
<template slot-scope='{ isVisible, toggle }'> <template slot-scope='{ isVisible, toggle }'>
<header class='block-list__header'> <header class='block-list__header'>
<button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'> <button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'>
@ -169,9 +86,9 @@
</li> </li>
</ul> </ul>
</template> </template>
</div> </div>
<div is="toggler" class='block-list project-list-item'> <div is="toggler" class='block-list project-list-item'>
<template slot-scope='{ isVisible, toggle }'> <template slot-scope='{ isVisible, toggle }'>
<header class='block-list__header'> <header class='block-list__header'>
<button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'> <button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'>
@ -208,17 +125,19 @@
</li> </li>
</ul> </ul>
</template> </template>
</div> </div>
<div class='action-group'> <div class='action-group'>
<a href='#' class='action-group__action usa-button usa-button-big'> <button class='action-group__action usa-button usa-button-big'>
{% if is_new_member %}Create{% else %}Save{% endif %} {% if is_new_member %}Create{% else %}Save{% endif %}
</a> </button>
<a href='#' class='action-group__action icon-link'> <a href='#' class='action-group__action icon-link'>
{{ Icon('x') }} {{ Icon('x') }}
<span>Cancel</span> <span>Cancel</span>
</a> </a>
</div> </div>
</form>

19
templates/workspace_members.html
View File

@ -33,6 +33,19 @@
) }} ) }}
{% endif %} {% endif %}
{% set member_name = request.args.get("memberName") %}
{% set updated_role = request.args.get("updatedRole") %}
{% if updated_role %}
{% set message -%}
<p>{{ member_name }}'s role was successfully updated to {{ updated_role }}</p>
{%- endset %}
{{ Alert('Workspace role updated successfully',
message=message,
level='success'
) }}
{% endif %}
<form class='search-bar'> <form class='search-bar'>
<div class='usa-input search-input'> <div class='usa-input search-input'>
<label for='members-search'>Search members by name</label> <label for='members-search'>Search members by name</label>
@ -77,10 +90,10 @@
<tbody> <tbody>
{% for m in workspace.members %} {% for m in workspace.members %}
<tr> <tr>
<td><a href="/member_edit" class="icon-link icon-link--large">{{ m['first_name'] }} {{ m['last_name'] }}</a></td> <td><a href="{{ url_for('workspaces.update_member', workspace_id=workspace.id, member_id=m.user_id) }}" class="icon-link icon-link--large">{{ m.user_name }}</a></td>
<td class='table-cell--shrink'>{% if m['num_projects'] == '0' %} <span class="label label--info">No Project Access</span> {% endif %}</td> <td class='table-cell--shrink'>{% if m['num_projects'] == '0' %} <span class="label label--info">No Project Access</span> {% endif %}</td>
<td>{{ m['status'] }}</a></td> <td>{{ m.status }}</a></td>
<td>{{ m['workspace_role'] }}</a></td> <td>{{ m.role }}</a></td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>

36
tests/domain/test_workspaces.py
View File

@ -119,3 +119,39 @@ def test_need_permission_to_create_workspace_user():
with pytest.raises(UnauthorizedError): with pytest.raises(UnauthorizedError):
Workspaces.create_member(random_user, workspace, user_data) Workspaces.create_member(random_user, workspace, user_data)
def test_update_workspace_user_role():
owner = UserFactory.create()
workspace = Workspaces.create(RequestFactory.create(creator=owner))
user_data = {
"first_name": "New",
"last_name": "User",
"email": "new.user@mail.com",
"workspace_role": "developer",
"dod_id": "1234567890",
}
member = Workspaces.create_member(owner, workspace, user_data)
role_name = "admin"
updated_member = Workspaces.update_member(owner, workspace, member, role_name)
assert updated_member.workspace == workspace
assert updated_member.role == role_name
def test_need_permission_to_update_workspace_user_role():
owner = UserFactory.create()
workspace = Workspaces.create(RequestFactory.create(creator=owner))
random_user = UserFactory.create()
user_data = {
"first_name": "New",
"last_name": "User",
"email": "new.user@mail.com",
"workspace_role": "developer",
"dod_id": "1234567890",
}
member = Workspaces.create_member(owner, workspace, user_data)
role_name = "developer"
with pytest.raises(UnauthorizedError):
Workspaces.update_member(random_user, workspace, member, role_name)