pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #845 from dod-ccpo/app-settings-role-id

Browse Source 
Use role ID for app settings table
This commit is contained in:
dandds 2019-05-28 11:43:56 -04:00 committed by GitHub
commit 96ae1bba9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 136 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
atst/domain/application_roles.py
View File

@ -57,7 +57,7 @@ class ApplicationRoles(object):
.one() .one()
) )
except NoResultFound: except NoResultFound:
raise NotFoundError("portfolio_role") raise NotFoundError("application_role")
@classmethod @classmethod
def update_permission_sets(cls, application_role, new_perm_sets_names): def update_permission_sets(cls, application_role, new_perm_sets_names):

15
atst/domain/environments.py
View File

@ -6,7 +6,7 @@ from atst.models.environment import Environment
from atst.models.environment_role import EnvironmentRole from atst.models.environment_role import EnvironmentRole
from atst.models.application import Application from atst.models.application import Application
from atst.domain.environment_roles import EnvironmentRoles from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.users import Users from atst.domain.application_roles import ApplicationRoles
from .exceptions import NotFoundError from .exceptions import NotFoundError
@ -99,9 +99,9 @@ class Environments(object):
for member in team_roles: for member in team_roles:
new_role = member["role_name"] new_role = member["role_name"]
user = Users.get(member["user_id"]) app_role = ApplicationRoles.get_by_id(member["application_role_id"])
Environments.update_env_role( Environments.update_env_role(
environment=environment, user=user, new_role=new_role environment=environment, user=app_role.user, new_role=new_role
) )
@classmethod @classmethod
@ -113,15 +113,6 @@ class Environments(object):
environment=environment, user=member, new_role=new_role environment=environment, user=member, new_role=new_role
) )
@classmethod
def get_members_by_role(cls, env, role):
return (
db.session.query(EnvironmentRole)
.filter(EnvironmentRole.environment_id == env.id)
.filter(EnvironmentRole.role == role)
.all()
)
@classmethod @classmethod
def revoke_access(cls, environment, target_user): def revoke_access(cls, environment, target_user):
EnvironmentRoles.delete(environment.id, target_user.id) EnvironmentRoles.delete(environment.id, target_user.id)

2
atst/forms/app_settings.py
View File

@ -6,7 +6,7 @@ from .data import ENV_ROLES, ENV_ROLE_NO_ACCESS as NO_ACCESS
class MemberForm(FlaskForm): class MemberForm(FlaskForm):
user_id = HiddenField() application_role_id = HiddenField()
user_name = StringField() user_name = StringField()
role_name = RadioField(choices=ENV_ROLES, default=NO_ACCESS) role_name = RadioField(choices=ENV_ROLES, default=NO_ACCESS)

20
atst/models/application_role.py
View File

@ -1,12 +1,14 @@
from enum import Enum from enum import Enum
from sqlalchemy import Index, ForeignKey, Column, Enum as SQLAEnum, Table from sqlalchemy import Index, ForeignKey, Column, Enum as SQLAEnum, Table
from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.dialects.postgresql import UUID
from sqlalchemy.orm import relationship from sqlalchemy.orm import object_session, relationship
from sqlalchemy.event import listen from sqlalchemy.event import listen
from atst.utils import first_or_none from atst.utils import first_or_none
from atst.models import Base, mixins from atst.models import Base, mixins
from atst.models.mixins.auditable import record_permission_sets_updates from atst.models.mixins.auditable import record_permission_sets_updates
from atst.models.environment import Environment
from atst.models.environment_role import EnvironmentRole
from .types import Id from .types import Id
@ -91,6 +93,22 @@ class ApplicationRole(
"portfolio": self.application.portfolio.name, "portfolio": self.application.portfolio.name,
} }
@property
def environment_roles(self):
if getattr(self, "_environment_roles", None) is None:
roles = (
object_session(self)
.query(EnvironmentRole)
.join(Environment, Environment.application_id == self.application_id)
.filter(EnvironmentRole.environment_id == Environment.id)
.filter(EnvironmentRole.user_id == self.user_id)
.all()
)
setattr(self, "_environment_roles", roles)
return self._environment_roles
Index( Index(
"application_role_user_application", "application_role_user_application",

117
atst/routes/applications/settings.py
View File

@ -10,7 +10,6 @@ from atst.forms.application import ApplicationForm, EditEnvironmentForm
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
from atst.domain.authz.decorator import user_can_access_decorator as user_can from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.environment_role import CSPRole from atst.models.environment_role import CSPRole
from atst.domain.exceptions import NotFoundError
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
from atst.utils.flash import formatted_flash as flash from atst.utils.flash import formatted_flash as flash
@ -30,62 +29,54 @@ def get_environments_obj_for_app(application):
return environments_obj return environments_obj
def serialize_members(member_list, role):
serialized_list = []
for member in member_list:
serialized_list.append(
{
"user_id": str(member.user_id),
"user_name": member.user.full_name,
"role_name": role,
}
)
return serialized_list
def sort_env_users_by_role(env):
users_list = []
no_access_users = env.application.users - env.users
no_access_list = [
{"user_id": str(user.id), "user_name": user.full_name, "role_name": NO_ACCESS}
for user in no_access_users
]
users_list.append({"role": NO_ACCESS, "members": no_access_list})
for role in CSPRole:
users_list.append(
{
"role": role.value,
"members": serialize_members(
Environments.get_members_by_role(env, role.value), role.value
),
}
)
return users_list
def data_for_app_env_roles_form(application): def data_for_app_env_roles_form(application):
data = {"envs": []} csp_roles = [role.value for role in CSPRole]
for environment in application.environments: csp_roles.insert(0, NO_ACCESS)
data["envs"].append( # dictionary for sorting application members by environments
{ # and roles within those environments
"env_id": environment.id, environments_dict = {
"team_roles": sort_env_users_by_role(environment), e.id: {role_name: [] for role_name in csp_roles}
} for e in application.environments
) }
for member in application.members:
env_ids = set(environments_dict.keys())
for env_role in member.environment_roles:
role_members_list = environments_dict[env_role.environment_id][
env_role.role
]
role_members_list.append(
{
"application_role_id": str(member.id),
"user_name": member.user_name,
"role_name": env_role.role,
}
)
env_ids.remove(env_role.environment_id)
return data # any leftover environment IDs are ones the app member
# does not have access to
for env_id in env_ids:
role_members_list = environments_dict[env_id][NO_ACCESS]
role_members_list.append(
{
"application_role_id": str(member.id),
"user_name": member.user_name,
"role_name": NO_ACCESS,
}
)
# transform the data into the shape the form needs
nested_data = [
{
"env_id": env_id,
"team_roles": [
{"role": role, "members": members} for role, members in roles.items()
],
}
for env_id, roles in environments_dict.items()
]
def check_users_are_in_application(user_ids, application): return {"envs": nested_data}
existing_ids = [str(role.user_id) for role in application.roles]
for user_id in user_ids:
if not user_id in existing_ids:
raise NotFoundError("application user", user_id)
return True
def render_settings_page(application, **kwargs): def render_settings_page(application, **kwargs):
@ -210,22 +201,10 @@ def update_env_roles(environment_id):
if form.validate(): if form.validate():
env_data = [] env_data = []
try: for env in form.envs.data:
for env in form.envs.data: if env["env_id"] == str(environment.id):
if env["env_id"] == str(environment.id): for role in env["team_roles"]:
for role in env["team_roles"]: env_data = env_data + role["members"]
user_ids = [user["user_id"] for user in role["members"]]
check_users_are_in_application(user_ids, application)
env_data = env_data + role["members"]
except NotFoundError as err:
app.logger.warning(
"User {} requested environment role change for unauthorized user {} in application {}.".format(
g.current_user.id, err.resource_id, application.id
),
extra={"tags": ["update", "failure"], "security_warning": True},
)
raise (err)
Environments.update_env_roles_by_environment( Environments.update_env_roles_by_environment(
environment_id=environment_id, team_roles=env_data environment_id=environment_id, team_roles=env_data

18
js/components/__tests__/edit_environment_role.test.js
View File

@ -9,13 +9,13 @@ describe('EditEnvironmentRole', () => {
{ {
role: NO_ACCESS, role: NO_ACCESS,
members: [ members: [
{ role_name: null, user_id: '123' }, { role_name: null, application_role_id: '123' },
{ role_name: null, user_id: '456' }, { role_name: null, application_role_id: '456' },
], ],
}, },
{ {
role: 'Basic Access', role: 'Basic Access',
members: [{ role_name: 'Basic Access', user_id: '789' }], members: [{ role_name: 'Basic Access', application_role_id: '789' }],
}, },
{ {
role: 'Network Admin', role: 'Network Admin',
@ -24,13 +24,15 @@ describe('EditEnvironmentRole', () => {
{ {
role: 'Business Read-only', role: 'Business Read-only',
members: [ members: [
{ role_name: 'Business Read-only', user_id: '012' }, { role_name: 'Business Read-only', application_role_id: '012' },
{ role_name: 'Business Read-only', user_id: '345' }, { role_name: 'Business Read-only', application_role_id: '345' },
], ],
}, },
{ {
role: 'Technical Read-only', role: 'Technical Read-only',
members: [{ role_name: 'Technical Read-only', user_id: '678' }], members: [
{ role_name: 'Technical Read-only', application_role_id: '678' },
],
}, },
] ]
@ -53,7 +55,7 @@ describe('EditEnvironmentRole', () => {
expect(member_data).toEqual({ expect(member_data).toEqual({
role_name: 'Technical Read-only', role_name: 'Technical Read-only',
user_id: '678', application_role_id: '678',
}) })
}) })
@ -73,7 +75,7 @@ describe('EditEnvironmentRole', () => {
}) })
expect(techRole.members.length).toEqual(1) expect(techRole.members.length).toEqual(1)
wrapper.vm.addUser({ user_id: '901' }, 'Technical Read-only') wrapper.vm.addUser({ application_role_id: '901' }, 'Technical Read-only')
expect(techRole.members.length).toEqual(2) expect(techRole.members.length).toEqual(2)
}) })

4
js/components/forms/edit_environment_role.js
View File

@ -57,7 +57,7 @@ export const EditEnvironmentRole = {
getUserInfo: function(userId) { getUserInfo: function(userId) {
for (let role of this.roleCategories) { for (let role of this.roleCategories) {
for (let member of role.members) { for (let member of role.members) {
if (member.user_id === userId) { if (member.application_role_id === userId) {
return member return member
} }
} }
@ -67,7 +67,7 @@ export const EditEnvironmentRole = {
removeUser: function(userId) { removeUser: function(userId) {
for (let role of this.roleCategories) { for (let role of this.roleCategories) {
role.members = role.members.filter(member => { role.members = role.members.filter(member => {
return member.user_id !== userId return member.application_role_id !== userId
}) })
if (!role.members) { if (!role.members) {
role.members = [] role.members = []

12
templates/fragments/applications/edit_environment_team_form.html
View File

@ -36,11 +36,11 @@
v-bind:class="{'unassigned': checkNoAccess(member.role_name)}"> v-bind:class="{'unassigned': checkNoAccess(member.role_name)}">
<span v-html='member.user_name'> <span v-html='member.user_name'>
</span> </span>
<span v-on:click="toggleSection(member.user_id)" class="icon-link right"> <span v-on:click="toggleSection(member.application_role_id)" class="icon-link right">
{{ Icon('edit', classes="icon--medium") }} {{ Icon('edit', classes="icon--medium") }}
</span> </span>
<div <div
v-show="selectedSection === member.user_id" v-show="selectedSection === member.application_role_id"
class='environment-role__user-field'> class='environment-role__user-field'>
<div class="usa-input"> <div class="usa-input">
<fieldset <fieldset
@ -56,7 +56,7 @@
v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name'" v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name'"
v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name-' + roleinputindex" v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name-' + roleinputindex"
type="radio" type="radio"
v-bind:user-id='member.user_id' v-bind:user-id='member.application_role_id'
v-bind:value='roleCategory.role'> v-bind:value='roleCategory.role'>
<label <label
v-bind:for="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name-' + roleinputindex"> v-bind:for="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name-' + roleinputindex">
@ -71,10 +71,10 @@
</div> </div>
</div> </div>
<input <input
v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-user_id'" v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-application_role_id'"
v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-user_id'" v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-application_role_id'"
type="hidden" type="hidden"
v-bind:value='member.user_id'> v-bind:value='member.application_role_id'>
</li> </li>
</ul> </ul>
</div> </div>

47
tests/domain/test_environments.py
View File

@ -67,28 +67,35 @@ def test_update_env_roles_by_environment():
env_role_1 = EnvironmentRoleFactory.create( env_role_1 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.BASIC_ACCESS.value environment=environment, role=CSPRole.BASIC_ACCESS.value
) )
app_role_1 = ApplicationRoleFactory.create(
user=env_role_1.user, application=environment.application
)
env_role_2 = EnvironmentRoleFactory.create( env_role_2 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.NETWORK_ADMIN.value environment=environment, role=CSPRole.NETWORK_ADMIN.value
) )
app_role_2 = ApplicationRoleFactory.create(
user=env_role_2.user, application=environment.application
)
env_role_3 = EnvironmentRoleFactory.create( env_role_3 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.TECHNICAL_READ.value environment=environment, role=CSPRole.TECHNICAL_READ.value
) )
for user in [env_role_1.user, env_role_2.user, env_role_3.user]: app_role_3 = ApplicationRoleFactory.create(
ApplicationRoleFactory.create(user=user, application=environment.application) user=env_role_3.user, application=environment.application
)
team_roles = [ team_roles = [
{ {
"user_id": env_role_1.user.id, "application_role_id": app_role_1.id,
"user_name": env_role_1.user.full_name, "user_name": env_role_1.user.full_name,
"role_name": CSPRole.BUSINESS_READ.value, "role_name": CSPRole.BUSINESS_READ.value,
}, },
{ {
"user_id": env_role_2.user.id, "application_role_id": app_role_2.id,
"user_name": env_role_2.user.full_name, "user_name": env_role_2.user.full_name,
"role_name": CSPRole.NETWORK_ADMIN.value, "role_name": CSPRole.NETWORK_ADMIN.value,
}, },
{ {
"user_id": env_role_3.user.id, "application_role_id": app_role_3.id,
"user_name": env_role_3.user.full_name, "user_name": env_role_3.user.full_name,
"role_name": None, "role_name": None,
}, },
@ -136,36 +143,6 @@ def test_update_env_roles_by_member():
assert not EnvironmentRoles.get(user.id, testing.id) assert not EnvironmentRoles.get(user.id, testing.id)
def test_get_members_by_role(db):
environment = EnvironmentFactory.create()
env_role_1 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.BASIC_ACCESS.value
)
env_role_2 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.TECHNICAL_READ.value
)
env_role_3 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.TECHNICAL_READ.value
)
rando_env = EnvironmentFactory.create()
rando_env_role = EnvironmentRoleFactory.create(
environment=rando_env, role=CSPRole.BASIC_ACCESS.value
)
basic_access_members = Environments.get_members_by_role(
environment, CSPRole.BASIC_ACCESS.value
)
technical_read_members = Environments.get_members_by_role(
environment, CSPRole.TECHNICAL_READ.value
)
assert basic_access_members == [env_role_1]
assert rando_env_role not in basic_access_members
assert technical_read_members == [env_role_2, env_role_3]
assert (
Environments.get_members_by_role(environment, CSPRole.BUSINESS_READ.value) == []
)
def test_get_scoped_environments(db): def test_get_scoped_environments(db):
developer = UserFactory.create() developer = UserFactory.create()
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(

12
tests/models/test_application_role.py
View File

@ -1,7 +1,7 @@
from atst.domain.permission_sets import PermissionSets from atst.domain.permission_sets import PermissionSets
from atst.models.audit_event import AuditEvent from atst.models.audit_event import AuditEvent
from tests.factories import PortfolioFactory, UserFactory from tests.factories import *
def test_has_application_role_history(session): def test_has_application_role_history(session):
@ -38,3 +38,13 @@ def test_has_application_role_history(session):
old_state, new_state = changed_event.changed_state["permission_sets"] old_state, new_state = changed_event.changed_state["permission_sets"]
assert old_state == [PermissionSets.VIEW_APPLICATION] assert old_state == [PermissionSets.VIEW_APPLICATION]
assert new_state == [PermissionSets.EDIT_APPLICATION_TEAM] assert new_state == [PermissionSets.EDIT_APPLICATION_TEAM]
def test_environment_roles():
application = ApplicationFactory.create()
environment = EnvironmentFactory.create(application=application)
user = UserFactory.create()
application_role = ApplicationRoleFactory.create(application=application, user=user)
environment_role = EnvironmentRoleFactory.create(environment=environment, user=user)
assert application_role.environment_roles == [environment_role]

68
tests/routes/applications/test_settings.py
View File

@ -10,7 +10,6 @@ from tests.factories import (
ApplicationFactory, ApplicationFactory,
ApplicationRoleFactory, ApplicationRoleFactory,
) )
from atst.routes.applications.settings import check_users_are_in_application
from atst.domain.applications import Applications from atst.domain.applications import Applications
from atst.domain.environment_roles import EnvironmentRoles from atst.domain.environment_roles import EnvironmentRoles
@ -140,15 +139,19 @@ def test_data_for_app_env_roles_form(app, client, user_session):
{"env"}, {"env"},
) )
env = application.environments[0] env = application.environments[0]
app_role = ApplicationRoleFactory.create(application=application) app_role0 = ApplicationRoleFactory.create(application=application)
env_role1 = EnvironmentRoleFactory.create( env_role1 = EnvironmentRoleFactory.create(
environment=env, role=CSPRole.BASIC_ACCESS.value environment=env, role=CSPRole.BASIC_ACCESS.value
) )
ApplicationRoleFactory.create(application=application, user=env_role1.user) app_role1 = ApplicationRoleFactory.create(
application=application, user=env_role1.user
)
env_role2 = EnvironmentRoleFactory.create( env_role2 = EnvironmentRoleFactory.create(
environment=env, role=CSPRole.NETWORK_ADMIN.value environment=env, role=CSPRole.NETWORK_ADMIN.value
) )
ApplicationRoleFactory.create(application=application, user=env_role2.user) app_role2 = ApplicationRoleFactory.create(
application=application, user=env_role2.user
)
user_session(portfolio.owner) user_session(portfolio.owner)
@ -171,8 +174,8 @@ def test_data_for_app_env_roles_form(app, client, user_session):
"role": NO_ACCESS, "role": NO_ACCESS,
"members": [ "members": [
{ {
"user_id": str(app_role.user_id), "application_role_id": str(app_role0.id),
"user_name": app_role.user.full_name, "user_name": app_role0.user.full_name,
"role_name": None, "role_name": None,
} }
], ],
@ -181,7 +184,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
"role": CSPRole.BASIC_ACCESS.value, "role": CSPRole.BASIC_ACCESS.value,
"members": [ "members": [
{ {
"user_id": str(env_role1.user_id), "application_role_id": str(app_role1.id),
"user_name": env_role1.user.full_name, "user_name": env_role1.user.full_name,
"role_name": CSPRole.BASIC_ACCESS.value, "role_name": CSPRole.BASIC_ACCESS.value,
} }
@ -191,7 +194,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
"role": CSPRole.NETWORK_ADMIN.value, "role": CSPRole.NETWORK_ADMIN.value,
"members": [ "members": [
{ {
"user_id": str(env_role2.user_id), "application_role_id": str(app_role2.id),
"user_name": env_role2.user.full_name, "user_name": env_role2.user.full_name,
"role_name": CSPRole.NETWORK_ADMIN.value, "role_name": CSPRole.NETWORK_ADMIN.value,
} }
@ -260,57 +263,32 @@ def test_user_without_permission_cannot_update_application(client, user_session)
assert application.description == "Cool stuff happening here!" assert application.description == "Cool stuff happening here!"
def test_check_users_are_in_application_raises_NotFoundError():
application = ApplicationFactory.create()
app_user_1 = UserFactory.create()
app_user_2 = UserFactory.create()
for user in [app_user_1, app_user_2]:
ApplicationRoleFactory.create(user=user, application=application)
non_app_user = UserFactory.create()
user_ids = [app_user_1.id, app_user_2.id, non_app_user.id]
with pytest.raises(NotFoundError):
check_users_are_in_application(user_ids, application)
def test_check_users_are_in_application():
application = ApplicationFactory.create()
app_user_1 = UserFactory.create()
app_user_2 = UserFactory.create()
app_user_3 = UserFactory.create()
for user in [app_user_1, app_user_2, app_user_3]:
ApplicationRoleFactory.create(user=user, application=application)
user_ids = [str(app_user_1.id), str(app_user_2.id), str(app_user_3.id)]
assert check_users_are_in_application(user_ids, application)
def test_update_team_env_roles(client, user_session): def test_update_team_env_roles(client, user_session):
environment = EnvironmentFactory.create() environment = EnvironmentFactory.create()
application = environment.application application = environment.application
app_role_1 = ApplicationRoleFactory.create(application=application)
env_role_1 = EnvironmentRoleFactory.create( env_role_1 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.BASIC_ACCESS.value environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_1.user
) )
app_role_2 = ApplicationRoleFactory.create(application=application)
env_role_2 = EnvironmentRoleFactory.create( env_role_2 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.BASIC_ACCESS.value environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_2.user
) )
app_role_3 = ApplicationRoleFactory.create(application=application)
env_role_3 = EnvironmentRoleFactory.create( env_role_3 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.BASIC_ACCESS.value environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_3.user
) )
for user in [env_role_1.user, env_role_2.user, env_role_3.user]:
ApplicationRoleFactory.create(user=user, application=application)
app_role = ApplicationRoleFactory.create(application=application) app_role_4 = ApplicationRoleFactory.create(application=application)
form_data = { form_data = {
"envs-0-env_id": environment.id, "envs-0-env_id": environment.id,
"envs-0-team_roles-0-members-0-user_id": app_role.user.id, "envs-0-team_roles-0-members-0-application_role_id": app_role_4.id,
"envs-0-team_roles-0-members-0-role_name": CSPRole.TECHNICAL_READ.value, "envs-0-team_roles-0-members-0-role_name": CSPRole.TECHNICAL_READ.value,
"envs-0-team_roles-1-members-0-user_id": env_role_1.user.id, "envs-0-team_roles-1-members-0-application_role_id": app_role_1.id,
"envs-0-team_roles-1-members-0-role_name": CSPRole.NETWORK_ADMIN.value, "envs-0-team_roles-1-members-0-role_name": CSPRole.NETWORK_ADMIN.value,
"envs-0-team_roles-1-members-1-user_id": env_role_2.user.id, "envs-0-team_roles-1-members-1-application_role_id": app_role_2.id,
"envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value, "envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value,
"envs-0-team_roles-1-members-2-user_id": env_role_3.user.id, "envs-0-team_roles-1-members-2-application_role_id": app_role_3.id,
"envs-0-team_roles-1-members-2-role_name": NO_ACCESS, "envs-0-team_roles-1-members-2-role_name": NO_ACCESS,
} }
@ -325,7 +303,7 @@ def test_update_team_env_roles(client, user_session):
assert env_role_1.role == CSPRole.NETWORK_ADMIN.value assert env_role_1.role == CSPRole.NETWORK_ADMIN.value
assert env_role_2.role == CSPRole.BASIC_ACCESS.value assert env_role_2.role == CSPRole.BASIC_ACCESS.value
assert not EnvironmentRoles.get(env_role_3.user.id, environment.id) assert not EnvironmentRoles.get(env_role_3.user.id, environment.id)
assert EnvironmentRoles.get(app_role.user.id, environment.id) assert EnvironmentRoles.get(app_role_4.user.id, environment.id)
def test_user_can_only_access_apps_in_their_portfolio(client, user_session): def test_user_can_only_access_apps_in_their_portfolio(client, user_session):