Merge pull request #845 from dod-ccpo/app-settings-role-id
Use role ID for app settings table
This commit is contained in:
dandds
GitHub
commit
96ae1bba9d
@ -57,7 +57,7 @@ class ApplicationRoles(object):
|
||||
.one()
|
||||
)
|
||||
except NoResultFound:
|
||||
raise NotFoundError("portfolio_role")
|
||||
raise NotFoundError("application_role")
|
||||
|
||||
@classmethod
|
||||
def update_permission_sets(cls, application_role, new_perm_sets_names):
|
||||
|
||||
@ -6,7 +6,7 @@ from atst.models.environment import Environment
|
||||
from atst.models.environment_role import EnvironmentRole
|
||||
from atst.models.application import Application
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.domain.users import Users
|
||||
from atst.domain.application_roles import ApplicationRoles
|
||||
|
||||
from .exceptions import NotFoundError
|
||||
|
||||
@ -99,9 +99,9 @@ class Environments(object):
|
||||
|
||||
for member in team_roles:
|
||||
new_role = member["role_name"]
|
||||
user = Users.get(member["user_id"])
|
||||
app_role = ApplicationRoles.get_by_id(member["application_role_id"])
|
||||
Environments.update_env_role(
|
||||
environment=environment, user=user, new_role=new_role
|
||||
environment=environment, user=app_role.user, new_role=new_role
|
||||
)
|
||||
|
||||
@classmethod
|
||||
@ -113,15 +113,6 @@ class Environments(object):
|
||||
environment=environment, user=member, new_role=new_role
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def get_members_by_role(cls, env, role):
|
||||
return (
|
||||
db.session.query(EnvironmentRole)
|
||||
.filter(EnvironmentRole.environment_id == env.id)
|
||||
.filter(EnvironmentRole.role == role)
|
||||
.all()
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def revoke_access(cls, environment, target_user):
|
||||
EnvironmentRoles.delete(environment.id, target_user.id)
|
||||
|
||||
@ -6,7 +6,7 @@ from .data import ENV_ROLES, ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
|
||||
|
||||
class MemberForm(FlaskForm):
|
||||
user_id = HiddenField()
|
||||
application_role_id = HiddenField()
|
||||
user_name = StringField()
|
||||
role_name = RadioField(choices=ENV_ROLES, default=NO_ACCESS)
|
||||
|
||||
|
||||
@ -1,12 +1,14 @@
|
||||
from enum import Enum
|
||||
from sqlalchemy import Index, ForeignKey, Column, Enum as SQLAEnum, Table
|
||||
from sqlalchemy.dialects.postgresql import UUID
|
||||
from sqlalchemy.orm import relationship
|
||||
from sqlalchemy.orm import object_session, relationship
|
||||
from sqlalchemy.event import listen
|
||||
|
||||
from atst.utils import first_or_none
|
||||
from atst.models import Base, mixins
|
||||
from atst.models.mixins.auditable import record_permission_sets_updates
|
||||
from atst.models.environment import Environment
|
||||
from atst.models.environment_role import EnvironmentRole
|
||||
from .types import Id
|
||||
|
||||
|
||||
@ -91,6 +93,22 @@ class ApplicationRole(
|
||||
"portfolio": self.application.portfolio.name,
|
||||
}
|
||||
|
||||
@property
|
||||
def environment_roles(self):
|
||||
if getattr(self, "_environment_roles", None) is None:
|
||||
roles = (
|
||||
object_session(self)
|
||||
.query(EnvironmentRole)
|
||||
.join(Environment, Environment.application_id == self.application_id)
|
||||
.filter(EnvironmentRole.environment_id == Environment.id)
|
||||
.filter(EnvironmentRole.user_id == self.user_id)
|
||||
.all()
|
||||
)
|
||||
|
||||
setattr(self, "_environment_roles", roles)
|
||||
|
||||
return self._environment_roles
|
||||
|
||||
|
||||
Index(
|
||||
"application_role_user_application",
|
||||
|
||||
@ -10,7 +10,6 @@ from atst.forms.application import ApplicationForm, EditEnvironmentForm
|
||||
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||
from atst.models.environment_role import CSPRole
|
||||
from atst.domain.exceptions import NotFoundError
|
||||
from atst.models.permissions import Permissions
|
||||
from atst.utils.flash import formatted_flash as flash
|
||||
|
||||
@ -30,62 +29,54 @@ def get_environments_obj_for_app(application):
|
||||
return environments_obj
|
||||
|
||||
|
||||
def serialize_members(member_list, role):
|
||||
serialized_list = []
|
||||
|
||||
for member in member_list:
|
||||
serialized_list.append(
|
||||
{
|
||||
"user_id": str(member.user_id),
|
||||
"user_name": member.user.full_name,
|
||||
"role_name": role,
|
||||
}
|
||||
)
|
||||
|
||||
return serialized_list
|
||||
|
||||
|
||||
def sort_env_users_by_role(env):
|
||||
users_list = []
|
||||
no_access_users = env.application.users - env.users
|
||||
no_access_list = [
|
||||
{"user_id": str(user.id), "user_name": user.full_name, "role_name": NO_ACCESS}
|
||||
for user in no_access_users
|
||||
]
|
||||
users_list.append({"role": NO_ACCESS, "members": no_access_list})
|
||||
|
||||
for role in CSPRole:
|
||||
users_list.append(
|
||||
{
|
||||
"role": role.value,
|
||||
"members": serialize_members(
|
||||
Environments.get_members_by_role(env, role.value), role.value
|
||||
),
|
||||
}
|
||||
)
|
||||
|
||||
return users_list
|
||||
|
||||
|
||||
def data_for_app_env_roles_form(application):
|
||||
data = {"envs": []}
|
||||
for environment in application.environments:
|
||||
data["envs"].append(
|
||||
csp_roles = [role.value for role in CSPRole]
|
||||
csp_roles.insert(0, NO_ACCESS)
|
||||
# dictionary for sorting application members by environments
|
||||
# and roles within those environments
|
||||
environments_dict = {
|
||||
e.id: {role_name: [] for role_name in csp_roles}
|
||||
for e in application.environments
|
||||
}
|
||||
for member in application.members:
|
||||
env_ids = set(environments_dict.keys())
|
||||
for env_role in member.environment_roles:
|
||||
role_members_list = environments_dict[env_role.environment_id][
|
||||
env_role.role
|
||||
]
|
||||
role_members_list.append(
|
||||
{
|
||||
"env_id": environment.id,
|
||||
"team_roles": sort_env_users_by_role(environment),
|
||||
"application_role_id": str(member.id),
|
||||
"user_name": member.user_name,
|
||||
"role_name": env_role.role,
|
||||
}
|
||||
)
|
||||
env_ids.remove(env_role.environment_id)
|
||||
|
||||
# any leftover environment IDs are ones the app member
|
||||
# does not have access to
|
||||
for env_id in env_ids:
|
||||
role_members_list = environments_dict[env_id][NO_ACCESS]
|
||||
role_members_list.append(
|
||||
{
|
||||
"application_role_id": str(member.id),
|
||||
"user_name": member.user_name,
|
||||
"role_name": NO_ACCESS,
|
||||
}
|
||||
)
|
||||
|
||||
return data
|
||||
# transform the data into the shape the form needs
|
||||
nested_data = [
|
||||
{
|
||||
"env_id": env_id,
|
||||
"team_roles": [
|
||||
{"role": role, "members": members} for role, members in roles.items()
|
||||
],
|
||||
}
|
||||
for env_id, roles in environments_dict.items()
|
||||
]
|
||||
|
||||
|
||||
def check_users_are_in_application(user_ids, application):
|
||||
existing_ids = [str(role.user_id) for role in application.roles]
|
||||
for user_id in user_ids:
|
||||
if not user_id in existing_ids:
|
||||
raise NotFoundError("application user", user_id)
|
||||
return True
|
||||
return {"envs": nested_data}
|
||||
|
||||
|
||||
def render_settings_page(application, **kwargs):
|
||||
@ -210,22 +201,10 @@ def update_env_roles(environment_id):
|
||||
|
||||
if form.validate():
|
||||
env_data = []
|
||||
try:
|
||||
for env in form.envs.data:
|
||||
if env["env_id"] == str(environment.id):
|
||||
for role in env["team_roles"]:
|
||||
user_ids = [user["user_id"] for user in role["members"]]
|
||||
check_users_are_in_application(user_ids, application)
|
||||
env_data = env_data + role["members"]
|
||||
except NotFoundError as err:
|
||||
app.logger.warning(
|
||||
"User {} requested environment role change for unauthorized user {} in application {}.".format(
|
||||
g.current_user.id, err.resource_id, application.id
|
||||
),
|
||||
extra={"tags": ["update", "failure"], "security_warning": True},
|
||||
)
|
||||
|
||||
raise (err)
|
||||
|
||||
Environments.update_env_roles_by_environment(
|
||||
environment_id=environment_id, team_roles=env_data
|
||||
|
||||
@ -9,13 +9,13 @@ describe('EditEnvironmentRole', () => {
|
||||
{
|
||||
role: NO_ACCESS,
|
||||
members: [
|
||||
{ role_name: null, user_id: '123' },
|
||||
{ role_name: null, user_id: '456' },
|
||||
{ role_name: null, application_role_id: '123' },
|
||||
{ role_name: null, application_role_id: '456' },
|
||||
],
|
||||
},
|
||||
{
|
||||
role: 'Basic Access',
|
||||
members: [{ role_name: 'Basic Access', user_id: '789' }],
|
||||
members: [{ role_name: 'Basic Access', application_role_id: '789' }],
|
||||
},
|
||||
{
|
||||
role: 'Network Admin',
|
||||
@ -24,13 +24,15 @@ describe('EditEnvironmentRole', () => {
|
||||
{
|
||||
role: 'Business Read-only',
|
||||
members: [
|
||||
{ role_name: 'Business Read-only', user_id: '012' },
|
||||
{ role_name: 'Business Read-only', user_id: '345' },
|
||||
{ role_name: 'Business Read-only', application_role_id: '012' },
|
||||
{ role_name: 'Business Read-only', application_role_id: '345' },
|
||||
],
|
||||
},
|
||||
{
|
||||
role: 'Technical Read-only',
|
||||
members: [{ role_name: 'Technical Read-only', user_id: '678' }],
|
||||
members: [
|
||||
{ role_name: 'Technical Read-only', application_role_id: '678' },
|
||||
],
|
||||
},
|
||||
]
|
||||
|
||||
@ -53,7 +55,7 @@ describe('EditEnvironmentRole', () => {
|
||||
|
||||
expect(member_data).toEqual({
|
||||
role_name: 'Technical Read-only',
|
||||
user_id: '678',
|
||||
application_role_id: '678',
|
||||
})
|
||||
})
|
||||
|
||||
@ -73,7 +75,7 @@ describe('EditEnvironmentRole', () => {
|
||||
})
|
||||
|
||||
expect(techRole.members.length).toEqual(1)
|
||||
wrapper.vm.addUser({ user_id: '901' }, 'Technical Read-only')
|
||||
wrapper.vm.addUser({ application_role_id: '901' }, 'Technical Read-only')
|
||||
expect(techRole.members.length).toEqual(2)
|
||||
})
|
||||
|
||||
|
||||
@ -57,7 +57,7 @@ export const EditEnvironmentRole = {
|
||||
getUserInfo: function(userId) {
|
||||
for (let role of this.roleCategories) {
|
||||
for (let member of role.members) {
|
||||
if (member.user_id === userId) {
|
||||
if (member.application_role_id === userId) {
|
||||
return member
|
||||
}
|
||||
}
|
||||
@ -67,7 +67,7 @@ export const EditEnvironmentRole = {
|
||||
removeUser: function(userId) {
|
||||
for (let role of this.roleCategories) {
|
||||
role.members = role.members.filter(member => {
|
||||
return member.user_id !== userId
|
||||
return member.application_role_id !== userId
|
||||
})
|
||||
if (!role.members) {
|
||||
role.members = []
|
||||
|
||||
@ -36,11 +36,11 @@
|
||||
v-bind:class="{'unassigned': checkNoAccess(member.role_name)}">
|
||||
<span v-html='member.user_name'>
|
||||
</span>
|
||||
<span v-on:click="toggleSection(member.user_id)" class="icon-link right">
|
||||
<span v-on:click="toggleSection(member.application_role_id)" class="icon-link right">
|
||||
{{ Icon('edit', classes="icon--medium") }}
|
||||
</span>
|
||||
<div
|
||||
v-show="selectedSection === member.user_id"
|
||||
v-show="selectedSection === member.application_role_id"
|
||||
class='environment-role__user-field'>
|
||||
<div class="usa-input">
|
||||
<fieldset
|
||||
@ -56,7 +56,7 @@
|
||||
v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name'"
|
||||
v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name-' + roleinputindex"
|
||||
type="radio"
|
||||
v-bind:user-id='member.user_id'
|
||||
v-bind:user-id='member.application_role_id'
|
||||
v-bind:value='roleCategory.role'>
|
||||
<label
|
||||
v-bind:for="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-role_name-' + roleinputindex">
|
||||
@ -71,10 +71,10 @@
|
||||
</div>
|
||||
</div>
|
||||
<input
|
||||
v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-user_id'"
|
||||
v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-user_id'"
|
||||
v-bind:id="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-application_role_id'"
|
||||
v-bind:name="'envs-{{ loop.index0 }}-team_roles-' + roleindex + '-members-' + memberindex + '-application_role_id'"
|
||||
type="hidden"
|
||||
v-bind:value='member.user_id'>
|
||||
v-bind:value='member.application_role_id'>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
@ -67,28 +67,35 @@ def test_update_env_roles_by_environment():
|
||||
env_role_1 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||
)
|
||||
app_role_1 = ApplicationRoleFactory.create(
|
||||
user=env_role_1.user, application=environment.application
|
||||
)
|
||||
env_role_2 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.NETWORK_ADMIN.value
|
||||
)
|
||||
app_role_2 = ApplicationRoleFactory.create(
|
||||
user=env_role_2.user, application=environment.application
|
||||
)
|
||||
env_role_3 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.TECHNICAL_READ.value
|
||||
)
|
||||
for user in [env_role_1.user, env_role_2.user, env_role_3.user]:
|
||||
ApplicationRoleFactory.create(user=user, application=environment.application)
|
||||
app_role_3 = ApplicationRoleFactory.create(
|
||||
user=env_role_3.user, application=environment.application
|
||||
)
|
||||
|
||||
team_roles = [
|
||||
{
|
||||
"user_id": env_role_1.user.id,
|
||||
"application_role_id": app_role_1.id,
|
||||
"user_name": env_role_1.user.full_name,
|
||||
"role_name": CSPRole.BUSINESS_READ.value,
|
||||
},
|
||||
{
|
||||
"user_id": env_role_2.user.id,
|
||||
"application_role_id": app_role_2.id,
|
||||
"user_name": env_role_2.user.full_name,
|
||||
"role_name": CSPRole.NETWORK_ADMIN.value,
|
||||
},
|
||||
{
|
||||
"user_id": env_role_3.user.id,
|
||||
"application_role_id": app_role_3.id,
|
||||
"user_name": env_role_3.user.full_name,
|
||||
"role_name": None,
|
||||
},
|
||||
@ -136,36 +143,6 @@ def test_update_env_roles_by_member():
|
||||
assert not EnvironmentRoles.get(user.id, testing.id)
|
||||
|
||||
|
||||
def test_get_members_by_role(db):
|
||||
environment = EnvironmentFactory.create()
|
||||
env_role_1 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||
)
|
||||
env_role_2 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.TECHNICAL_READ.value
|
||||
)
|
||||
env_role_3 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.TECHNICAL_READ.value
|
||||
)
|
||||
rando_env = EnvironmentFactory.create()
|
||||
rando_env_role = EnvironmentRoleFactory.create(
|
||||
environment=rando_env, role=CSPRole.BASIC_ACCESS.value
|
||||
)
|
||||
|
||||
basic_access_members = Environments.get_members_by_role(
|
||||
environment, CSPRole.BASIC_ACCESS.value
|
||||
)
|
||||
technical_read_members = Environments.get_members_by_role(
|
||||
environment, CSPRole.TECHNICAL_READ.value
|
||||
)
|
||||
assert basic_access_members == [env_role_1]
|
||||
assert rando_env_role not in basic_access_members
|
||||
assert technical_read_members == [env_role_2, env_role_3]
|
||||
assert (
|
||||
Environments.get_members_by_role(environment, CSPRole.BUSINESS_READ.value) == []
|
||||
)
|
||||
|
||||
|
||||
def test_get_scoped_environments(db):
|
||||
developer = UserFactory.create()
|
||||
portfolio = PortfolioFactory.create(
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.models.audit_event import AuditEvent
|
||||
|
||||
from tests.factories import PortfolioFactory, UserFactory
|
||||
from tests.factories import *
|
||||
|
||||
|
||||
def test_has_application_role_history(session):
|
||||
@ -38,3 +38,13 @@ def test_has_application_role_history(session):
|
||||
old_state, new_state = changed_event.changed_state["permission_sets"]
|
||||
assert old_state == [PermissionSets.VIEW_APPLICATION]
|
||||
assert new_state == [PermissionSets.EDIT_APPLICATION_TEAM]
|
||||
|
||||
|
||||
def test_environment_roles():
|
||||
application = ApplicationFactory.create()
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
user = UserFactory.create()
|
||||
application_role = ApplicationRoleFactory.create(application=application, user=user)
|
||||
environment_role = EnvironmentRoleFactory.create(environment=environment, user=user)
|
||||
|
||||
assert application_role.environment_roles == [environment_role]
|
||||
|
||||
@ -10,7 +10,6 @@ from tests.factories import (
|
||||
ApplicationFactory,
|
||||
ApplicationRoleFactory,
|
||||
)
|
||||
from atst.routes.applications.settings import check_users_are_in_application
|
||||
|
||||
from atst.domain.applications import Applications
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
@ -140,15 +139,19 @@ def test_data_for_app_env_roles_form(app, client, user_session):
|
||||
{"env"},
|
||||
)
|
||||
env = application.environments[0]
|
||||
app_role = ApplicationRoleFactory.create(application=application)
|
||||
app_role0 = ApplicationRoleFactory.create(application=application)
|
||||
env_role1 = EnvironmentRoleFactory.create(
|
||||
environment=env, role=CSPRole.BASIC_ACCESS.value
|
||||
)
|
||||
ApplicationRoleFactory.create(application=application, user=env_role1.user)
|
||||
app_role1 = ApplicationRoleFactory.create(
|
||||
application=application, user=env_role1.user
|
||||
)
|
||||
env_role2 = EnvironmentRoleFactory.create(
|
||||
environment=env, role=CSPRole.NETWORK_ADMIN.value
|
||||
)
|
||||
ApplicationRoleFactory.create(application=application, user=env_role2.user)
|
||||
app_role2 = ApplicationRoleFactory.create(
|
||||
application=application, user=env_role2.user
|
||||
)
|
||||
|
||||
user_session(portfolio.owner)
|
||||
|
||||
@ -171,8 +174,8 @@ def test_data_for_app_env_roles_form(app, client, user_session):
|
||||
"role": NO_ACCESS,
|
||||
"members": [
|
||||
{
|
||||
"user_id": str(app_role.user_id),
|
||||
"user_name": app_role.user.full_name,
|
||||
"application_role_id": str(app_role0.id),
|
||||
"user_name": app_role0.user.full_name,
|
||||
"role_name": None,
|
||||
}
|
||||
],
|
||||
@ -181,7 +184,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
|
||||
"role": CSPRole.BASIC_ACCESS.value,
|
||||
"members": [
|
||||
{
|
||||
"user_id": str(env_role1.user_id),
|
||||
"application_role_id": str(app_role1.id),
|
||||
"user_name": env_role1.user.full_name,
|
||||
"role_name": CSPRole.BASIC_ACCESS.value,
|
||||
}
|
||||
@ -191,7 +194,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
|
||||
"role": CSPRole.NETWORK_ADMIN.value,
|
||||
"members": [
|
||||
{
|
||||
"user_id": str(env_role2.user_id),
|
||||
"application_role_id": str(app_role2.id),
|
||||
"user_name": env_role2.user.full_name,
|
||||
"role_name": CSPRole.NETWORK_ADMIN.value,
|
||||
}
|
||||
@ -260,57 +263,32 @@ def test_user_without_permission_cannot_update_application(client, user_session)
|
||||
assert application.description == "Cool stuff happening here!"
|
||||
|
||||
|
||||
def test_check_users_are_in_application_raises_NotFoundError():
|
||||
application = ApplicationFactory.create()
|
||||
app_user_1 = UserFactory.create()
|
||||
app_user_2 = UserFactory.create()
|
||||
for user in [app_user_1, app_user_2]:
|
||||
ApplicationRoleFactory.create(user=user, application=application)
|
||||
|
||||
non_app_user = UserFactory.create()
|
||||
user_ids = [app_user_1.id, app_user_2.id, non_app_user.id]
|
||||
with pytest.raises(NotFoundError):
|
||||
check_users_are_in_application(user_ids, application)
|
||||
|
||||
|
||||
def test_check_users_are_in_application():
|
||||
application = ApplicationFactory.create()
|
||||
app_user_1 = UserFactory.create()
|
||||
app_user_2 = UserFactory.create()
|
||||
app_user_3 = UserFactory.create()
|
||||
|
||||
for user in [app_user_1, app_user_2, app_user_3]:
|
||||
ApplicationRoleFactory.create(user=user, application=application)
|
||||
|
||||
user_ids = [str(app_user_1.id), str(app_user_2.id), str(app_user_3.id)]
|
||||
assert check_users_are_in_application(user_ids, application)
|
||||
|
||||
|
||||
def test_update_team_env_roles(client, user_session):
|
||||
environment = EnvironmentFactory.create()
|
||||
application = environment.application
|
||||
app_role_1 = ApplicationRoleFactory.create(application=application)
|
||||
env_role_1 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_1.user
|
||||
)
|
||||
app_role_2 = ApplicationRoleFactory.create(application=application)
|
||||
env_role_2 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_2.user
|
||||
)
|
||||
app_role_3 = ApplicationRoleFactory.create(application=application)
|
||||
env_role_3 = EnvironmentRoleFactory.create(
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value
|
||||
environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_3.user
|
||||
)
|
||||
for user in [env_role_1.user, env_role_2.user, env_role_3.user]:
|
||||
ApplicationRoleFactory.create(user=user, application=application)
|
||||
|
||||
app_role = ApplicationRoleFactory.create(application=application)
|
||||
app_role_4 = ApplicationRoleFactory.create(application=application)
|
||||
form_data = {
|
||||
"envs-0-env_id": environment.id,
|
||||
"envs-0-team_roles-0-members-0-user_id": app_role.user.id,
|
||||
"envs-0-team_roles-0-members-0-application_role_id": app_role_4.id,
|
||||
"envs-0-team_roles-0-members-0-role_name": CSPRole.TECHNICAL_READ.value,
|
||||
"envs-0-team_roles-1-members-0-user_id": env_role_1.user.id,
|
||||
"envs-0-team_roles-1-members-0-application_role_id": app_role_1.id,
|
||||
"envs-0-team_roles-1-members-0-role_name": CSPRole.NETWORK_ADMIN.value,
|
||||
"envs-0-team_roles-1-members-1-user_id": env_role_2.user.id,
|
||||
"envs-0-team_roles-1-members-1-application_role_id": app_role_2.id,
|
||||
"envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value,
|
||||
"envs-0-team_roles-1-members-2-user_id": env_role_3.user.id,
|
||||
"envs-0-team_roles-1-members-2-application_role_id": app_role_3.id,
|
||||
"envs-0-team_roles-1-members-2-role_name": NO_ACCESS,
|
||||
}
|
||||
|
||||
@ -325,7 +303,7 @@ def test_update_team_env_roles(client, user_session):
|
||||
assert env_role_1.role == CSPRole.NETWORK_ADMIN.value
|
||||
assert env_role_2.role == CSPRole.BASIC_ACCESS.value
|
||||
assert not EnvironmentRoles.get(env_role_3.user.id, environment.id)
|
||||
assert EnvironmentRoles.get(app_role.user.id, environment.id)
|
||||
assert EnvironmentRoles.get(app_role_4.user.id, environment.id)
|
||||
|
||||
|
||||
def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user