Merge pull request #239 from dod-ccpo/edit-user-role

Edit user role
This commit is contained in:
montana-mil 2018-09-05 16:51:36 -04:00 committed by GitHub
commit 91cb986b8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 332 additions and 264 deletions

View File

@ -1,5 +1,6 @@
from atst.domain.workspace_users import WorkspaceUsers
from atst.models.permissions import Permissions
from atst.domain.exceptions import UnauthorizedError
class Authorization(object):
@ -23,3 +24,8 @@ class Authorization(object):
return True
return False
@classmethod
def check_workspace_permission(cls, user, workspace, permission, message):
if not Authorization.has_workspace_permission(user, workspace, permission):
raise UnauthorizedError(user, message)

View File

@ -30,6 +30,21 @@ class WorkspaceUsers(object):
return WorkspaceUser(user, workspace_role)
@classmethod
def _get_workspace_role(cls, user, workspace_id):
try:
existing_workspace_role = (
db.session.query(WorkspaceRole)
.filter(
WorkspaceRole.user == user,
WorkspaceRole.workspace_id == workspace_id,
)
.one()
)
return existing_workspace_role
except NoResultFound:
raise NotFoundError("workspace role")
@classmethod
def add(cls, user, workspace_id, role_name):
role = Roles.get(role_name)
@ -57,6 +72,16 @@ class WorkspaceUsers(object):
return WorkspaceUser(user, new_workspace_role)
@classmethod
def update_role(cls, member, workspace_id, role_name):
new_role = Roles.get(role_name)
workspace_role = WorkspaceUsers._get_workspace_role(member.user, workspace_id)
workspace_role.role = new_role
db.session.add(workspace_role)
db.session.commit()
return WorkspaceUser(member.user, workspace_role)
@classmethod
def add_many(cls, workspace_id, workspace_user_dicts):
workspace_users = []

View File

@ -38,10 +38,10 @@ class Workspaces(object):
@classmethod
def get_for_update(cls, user, workspace_id):
workspace = Workspaces.get(user, workspace_id)
if not Authorization.has_workspace_permission(
user, workspace, Permissions.ADD_APPLICATION_IN_WORKSPACE
):
raise UnauthorizedError(user, "add project")
Authorization.check_workspace_permission(
user, workspace, Permissions.ADD_APPLICATION_IN_WORKSPACE, "add project"
)
return workspace
@classmethod
@ -65,10 +65,12 @@ class Workspaces(object):
@classmethod
def create_member(cls, user, workspace, data):
if not Authorization.has_workspace_permission(
user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE
):
raise UnauthorizedError(user, "create workspace member")
Authorization.check_workspace_permission(
user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"create workspace member",
)
new_user = Users.get_or_create_by_dod_id(
data["dod_id"],
@ -81,6 +83,17 @@ class Workspaces(object):
)
return workspace_user
@classmethod
def update_member(cls, user, workspace, member, role_name):
Authorization.check_workspace_permission(
user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit workspace member",
)
return WorkspaceUsers.update_role(member, workspace.id, role_name)
@classmethod
def _create_workspace_role(cls, user, workspace, role_name):
role = Roles.get(role_name)

13
atst/forms/edit_member.py Normal file
View File

@ -0,0 +1,13 @@
from flask_wtf import Form
from wtforms.validators import Optional
from atst.forms.fields import SelectField
from .data import WORKSPACE_ROLES
class EditMemberForm(Form):
workspace_role = SelectField(
"Workspace Role", choices=WORKSPACE_ROLES, validators=[Optional()]
)

View File

@ -5,37 +5,7 @@ from atst.models import Base
from atst.models.types import Id
from atst.models.mixins import TimestampsMixin
from atst.utils import first_or_none
MOCK_MEMBERS = [
{
"first_name": "Danny",
"last_name": "Knight",
"email": "dknight@thenavy.mil",
"dod_id": "1257892124",
"workspace_role": "Developer",
"status": "Pending",
"num_projects": "4",
},
{
"first_name": "Mario",
"last_name": "Hudson",
"email": "mhudson@thearmy.mil",
"dod_id": "4357892125",
"workspace_role": "CCPO",
"status": "Active",
"num_projects": "0",
},
{
"first_name": "Louise",
"last_name": "Greer",
"email": "lgreer@theairforce.mil",
"dod_id": "7257892125",
"workspace_role": "Admin",
"status": "Pending",
"num_projects": "43",
},
]
from atst.models.workspace_user import WorkspaceUser
class Workspace(Base, TimestampsMixin):
@ -68,4 +38,4 @@ class Workspace(Base, TimestampsMixin):
@property
def members(self):
return MOCK_MEMBERS
return [WorkspaceUser(role.user, role) for role in self.roles]

View File

@ -16,3 +16,19 @@ class WorkspaceUser(object):
def workspace_id(self):
return self.workspace_role.workspace_id
@property
def user_id(self):
return self.user.id
@property
def user_name(self):
return self.user.full_name
@property
def role(self):
return self.workspace_role.role.name
@property
def status(self):
return "radical"

View File

@ -9,9 +9,11 @@ from flask import (
from atst.domain.exceptions import UnauthorizedError
from atst.domain.workspaces import Workspaces
from atst.domain.workspace_users import WorkspaceUsers
from atst.domain.projects import Projects
from atst.forms.new_project import NewProjectForm
from atst.forms.new_member import NewMemberForm
from atst.forms.edit_member import EditMemberForm
from atst.domain.authz import Authorization
from atst.models.permissions import Permissions
@ -114,8 +116,58 @@ def create_member(workspace_id):
url_for(
"workspaces.workspace_members",
workspace_id=workspace.id,
newMemberName=new_member.user.full_name,
newMemberName=new_member.user_name,
)
)
else:
return render_template("member_new.html", workspace=workspace, form=form)
@bp.route("/workspaces/<workspace_id>/members/<member_id>/member_edit")
def view_member(workspace_id, member_id):
workspace = Workspaces.get(g.current_user, workspace_id)
Authorization.check_workspace_permission(
g.current_user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id)
form = EditMemberForm(workspace_role=member.role)
return render_template(
"member_edit.html", form=form, workspace=workspace, member=member
)
@bp.route(
"/workspaces/<workspace_id>/members/<member_id>/member_edit", methods=["POST"]
)
def update_member(workspace_id, member_id):
workspace = Workspaces.get(g.current_user, workspace_id)
Authorization.check_workspace_permission(
g.current_user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"edit this workspace user",
)
member = WorkspaceUsers.get(workspace_id, member_id)
form = EditMemberForm(http_request.form)
if form.validate():
role = None
if form.data["workspace_role"] != member.role:
role = form.data["workspace_role"]
Workspaces.update_member(g.current_user, workspace, member, role)
return redirect(
url_for(
"workspaces.workspace_members",
workspace_id=workspace.id,
memberName=member.user_name,
updatedRole=role,
)
)
else:
return render_template(
"member_edit.html", form=form, workspace=workspace, member=member
)

View File

@ -14,7 +14,7 @@
width: 100%;
height: $input-height;
margin: 0;
padding: $input-padding-vertical 0.7em;
padding: $input-padding-vertical ($gap*5) $input-padding-vertical 0.7em;
line-height: $input-line-height;
color: $color-base;
font-size: $base-font-size;
@ -42,6 +42,9 @@
label {
padding: 0;
dt {
font-weight: $font-bold;
}
}
}
}

View File

@ -3,23 +3,6 @@
padding: $gap*2;
justify-content: space-between;
dl {
margin: 0;
> div {
margin-bottom: $gap;
}
}
dt {
font-weight: normal;
color: $color-gray;
}
dd {
display: inline;
}
.member-card__header {
display: flex;
flex-direction: column;
@ -35,11 +18,13 @@
margin: 0;
display: flex;
margin-top: $gap;
fieldset {
margin: 0;
}
label {
legend {
flex: none;
margin-top: $gap*1.5;
font-weight: $font-normal;
margin-right: $gap*2;
}
}
@ -51,5 +36,22 @@
.icon-link {
margin: 0 -$gap;
}
dl {
margin: 0;
> div {
margin-bottom: $gap;
}
}
dt {
font-weight: normal;
color: $color-gray;
}
dd {
display: inline;
}
}
}

View File

@ -2,223 +2,142 @@
{% from "components/icon.html" import Icon %}
{% from "components/modal.html" import Modal %}
{% from "components/selector.html" import Selector %}
{% block content %}
<div class='panel member-card'>
<div class='member-card__header'>
<h1 class='member-card__heading'>Danny Knight</h1>
<form method="POST" action="{{ url_for('workspaces.update_member', workspace_id=workspace.id, member_id=member.user_id) }}" autocomplete="false">
{{ form.csrf_token }}
<div class='panel member-card'>
<div class='member-card__header'>
<h1 class='member-card__heading'>{{ member.user.full_name }}</h1>
<div class="usa-input member-card__input">
{{ Selector(form.workspace_role) }}
</div>
<div class="usa-input member-card__input">
<label for="filter-status">Workspace Role</label>
<select id="filter-status" name="filter-status">
<option value="Admin">Admin</option>
<option value="Billing Auditor" selected="selected">Billing Auditor</option>
<option value="CCPO">CCPO</option>
<option value="Developer">Developer</option>
<option value="Owner">Owner</option>
<option value="Security Auditor">Security Auditor</option>
</select>
</div>
<div class='member-card__details'>
<dl>
<div>
<dt>DOD ID:</dt>
<dd>{{ member.user.dod_id }}</dd>
</div>
<div>
<dt>Email:</dt>
<dd>{{ member.user.email }}</dd>
</div>
</dl>
<a href='#' class='icon-link'>edit account details</a>
</div>
</div>
<div class='member-card__details'>
<dl>
<div>
<dt>DOD ID:</dt>
<dd>789</dd>
</div>
<div>
<dt>Email:</dt>
<dd>knight@mil.gov</dd>
</div>
</dl>
<a href='#' class='icon-link'>edit account details</a>
<div class="panel">
<div class="panel__heading panel__heading--tight">
<h2 class="h3">Manage Access <div class="subtitle">Grant access to an environment</div></h2>
</div>
</div>
</div>
<div class="panel">
<div class="panel__heading panel__heading--tight">
<h2 class="h3">Manage Access <div class="subtitle">Grant access to an environment</div></h2>
<div class='search-bar'>
<div class='usa-input search-input'>
<label for='project-search'>Search by project name</label>
<input type='search' id='project-search' name='project-search' placeholder="Search by project name"/>
<button type="submit">
<span class="hide">Search</span>
</button>
</div>
</div>
</div>
<form class='search-bar'>
<div class='usa-input search-input'>
<label for='project-search'>Search by project name</label>
<input type='search' id='project-search' name='project-search' placeholder="Search by project name"/>
<button type="submit">
<span class="hide">Search</span>
</button>
</div>
</form>
{% call Modal(name='rolesModal', dismissable=False) %}
<div class="block-list">
<header class="block-list__header">
<h2 class="block-list__title">
Environment access for Danny Knight
<div class='subtitle'>Project Name - Environment Name</div>
</h2>
</header>
<form method="post" action="">
<ul>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-1' />
<label for='radio-1'>
<dl>
<dt>CCPO</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Fugiat dicta voluptate vitae quasi, cumque rem dolores, quae quas cum in recusandae? Libero deleniti minus ab accusantium vel necessitatibus placeat, rerum?</dd>
</dl>
</label>
<div is='toggler' default-visible class='block-list project-list-item'>
<template slot-scope='{ isVisible, toggle }'>
<header class='block-list__header'>
<button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'>
<template v-if='isVisible'>{{ Icon('caret_down') }}</template>
<template v-else>{{ Icon('caret_right') }}</template>
<h3 class="block-list__title">Code.mil</h3>
</button>
<span><a href="#" class="icon-link icon-link--danger">revoke all access</a></span>
</header>
<ul v-show='isVisible'>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Development
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access </span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-2' />
<label for='radio-2'>
<dl>
<dt>Security</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quaerat vel ea, eaque, odio sint explicabo officia, debitis dolore, et repudiandae possimus deserunt eveniet laborum. Sunt blanditiis deleniti minus. Et, mollitia.</dd>
</dl>
</label>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Sandbox
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-3' />
<label for='radio-3'>
<dl>
<dt>Audit</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem itaque reprehenderit dolorum nobis voluptatibus quae, facilis voluptatum necessitatibus alias laboriosam, esse blanditiis culpa possimus tempore consectetur recusandae. Nihil, vel, dolorem!</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-4' />
<label for='radio-4'>
<dl>
<dt>Application Developer</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Ea esse ab consequuntur aliquam. Porro ea mollitia sapiente blanditiis quaerat quam beatae vitae adipisci quisquam dolore reiciendis tenetur, eius nemo quibusdam!</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-5' />
<label for='radio-5'>
<dl>
<dt>Dev Ops</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Inventore incidunt obcaecati, quidem ullam sint iusto. Natus ex distinctio eveniet cumque laudantium veritatis nemo asperiores, esse hic quis perspiciatis, quia impedit.</dd>
</dl>
</label>
</li>
<li class='block-list__item block-list__item--selectable'>
<input type='radio' name='radio' id='radio-6' />
<label for='radio-6'>
<dl>
<dt>Billing</dt>
<dd>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quidem delectus at, voluptatibus dolores, nobis temporibus. Ipsum dignissimos corrupti qui nisi et alias totam commodi maiores hic possimus ipsam error, ullam.</dd>
</dl>
</label>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Production
</span>
<div class='project-list-item__environment__actions'>
<span class="label label--success">Billing</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
</ul>
<div class='block-list__footer'>
<div class='action-group'>
<a v-on:click="closeModal('rolesModal')" class='action-group__action usa-button'>Select Access Role</a>
<a class='action-group__action icon-link icon-link--danger' v-on:click="closeModal('rolesModal')">No Access</a>
</div>
</div>
</form>
</template>
</div>
{% endcall %}
<div is="toggler" class='block-list project-list-item'>
<template slot-scope='{ isVisible, toggle }'>
<header class='block-list__header'>
<button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'>
<template v-if='isVisible'>{{ Icon('caret_down') }}</template>
<template v-else>{{ Icon('caret_right') }}</template>
<h3 class="block-list__title">Digital Dojo</h3>
</button>
<span class="label">no access</span>
</header>
<ul v-show='isVisible'>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Development
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access </span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Sandbox
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Production
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
</ul>
</template>
</div>
<div is='toggler' default-visible class='block-list project-list-item'>
<template slot-scope='{ isVisible, toggle }'>
<header class='block-list__header'>
<button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'>
<template v-if='isVisible'>{{ Icon('caret_down') }}</template>
<template v-else>{{ Icon('caret_right') }}</template>
<h3 class="block-list__title">Code.mil</h3>
</button>
<span><a href="#" class="icon-link icon-link--danger">revoke all access</a></span>
</header>
<ul v-show='isVisible'>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Development
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access </span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Sandbox
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Production
</span>
<div class='project-list-item__environment__actions'>
<span class="label label--success">Billing</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
</ul>
</template>
</div>
<div class='action-group'>
<button class='action-group__action usa-button usa-button-big'>
{% if is_new_member %}Create{% else %}Save{% endif %}
</button>
<a href='#' class='action-group__action icon-link'>
{{ Icon('x') }}
<span>Cancel</span>
</a>
</div>
<div is="toggler" class='block-list project-list-item'>
<template slot-scope='{ isVisible, toggle }'>
<header class='block-list__header'>
<button v-on:click='toggle' class='icon-link icon-link--large icon-link--default spend-table__project__toggler'>
<template v-if='isVisible'>{{ Icon('caret_down') }}</template>
<template v-else>{{ Icon('caret_right') }}</template>
<h3 class="block-list__title">Digital Dojo</h3>
</button>
<span class="label">no access</span>
</header>
<ul v-show='isVisible'>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Development
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access </span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Sandbox
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
<li class='block-list__item project-list-item__environment'>
<span class='project-list-item__environment'>
Production
</span>
<div class='project-list-item__environment__actions'>
<span class="label">no access</span><button v-on:click="openModal('rolesModal')" type="button" class="icon-link">set role</button>
</div>
</li>
</ul>
</template>
</div>
<div class='action-group'>
<a href='#' class='action-group__action usa-button usa-button-big'>
{% if is_new_member %}Create{% else %}Save{% endif %}
</a>
<a href='#' class='action-group__action icon-link'>
{{ Icon('x') }}
<span>Cancel</span>
</a>
</div>
</form>

View File

@ -33,6 +33,19 @@
) }}
{% endif %}
{% set member_name = request.args.get("memberName") %}
{% set updated_role = request.args.get("updatedRole") %}
{% if updated_role %}
{% set message -%}
<p>{{ member_name }}'s role was successfully updated to {{ updated_role }}</p>
{%- endset %}
{{ Alert('Workspace role updated successfully',
message=message,
level='success'
) }}
{% endif %}
<form class='search-bar'>
<div class='usa-input search-input'>
<label for='members-search'>Search members by name</label>
@ -77,10 +90,10 @@
<tbody>
{% for m in workspace.members %}
<tr>
<td><a href="/member_edit" class="icon-link icon-link--large">{{ m['first_name'] }} {{ m['last_name'] }}</a></td>
<td><a href="{{ url_for('workspaces.update_member', workspace_id=workspace.id, member_id=m.user_id) }}" class="icon-link icon-link--large">{{ m.user_name }}</a></td>
<td class='table-cell--shrink'>{% if m['num_projects'] == '0' %} <span class="label label--info">No Project Access</span> {% endif %}</td>
<td>{{ m['status'] }}</a></td>
<td>{{ m['workspace_role'] }}</a></td>
<td>{{ m.status }}</a></td>
<td>{{ m.role }}</a></td>
</tr>
{% endfor %}
</tbody>

View File

@ -119,3 +119,39 @@ def test_need_permission_to_create_workspace_user():
with pytest.raises(UnauthorizedError):
Workspaces.create_member(random_user, workspace, user_data)
def test_update_workspace_user_role():
owner = UserFactory.create()
workspace = Workspaces.create(RequestFactory.create(creator=owner))
user_data = {
"first_name": "New",
"last_name": "User",
"email": "new.user@mail.com",
"workspace_role": "developer",
"dod_id": "1234567890",
}
member = Workspaces.create_member(owner, workspace, user_data)
role_name = "admin"
updated_member = Workspaces.update_member(owner, workspace, member, role_name)
assert updated_member.workspace == workspace
assert updated_member.role == role_name
def test_need_permission_to_update_workspace_user_role():
owner = UserFactory.create()
workspace = Workspaces.create(RequestFactory.create(creator=owner))
random_user = UserFactory.create()
user_data = {
"first_name": "New",
"last_name": "User",
"email": "new.user@mail.com",
"workspace_role": "developer",
"dod_id": "1234567890",
}
member = Workspaces.create_member(owner, workspace, user_data)
role_name = "developer"
with pytest.raises(UnauthorizedError):
Workspaces.update_member(random_user, workspace, member, role_name)