Update route to include environment_id

atst/domain/authz/decorator.py

@@ -7,6 +7,7 @@ from atst.domain.portfolios import Portfolios
 from atst.domain.task_orders import TaskOrders
 from atst.domain.applications import Applications
 from atst.domain.invitations import Invitations
+from atst.domain.environments import Environments
 from atst.domain.exceptions import UnauthorizedError
 
 
@@ -31,6 +32,11 @@ def check_access(permission, message, override, *args, **kwargs):
             g.current_user, kwargs["portfolio_id"]
         )
 
+    elif "environment_id" in kwargs:
+        environment = Environments.get(kwargs["environment_id"])
+        access_args["application"] = environment.application
+        access_args["portfolio"] = environment.application.portfolio
+
     if override is not None and override(g.current_user, **access_args, **kwargs):
         return True
 

atst/routes/applications/settings.py

@@ -92,18 +92,17 @@ def update(application_id):
         )
 
 
-@applications_bp.route(
+@applications_bp.route("/environments/<environment_id>/roles", methods=["POST"])
-    "/applications/<application_id>/update_env_roles", methods=["POST"]
+@user_can(Permissions.ASSIGN_ENVIRONMENT_MEMBER, message="update environment roles")
-)
+def update_env_roles(environment_id):
-@user_can(Permissions.ASSIGN_ENVIRONMENT_MEMBER, message="update application")
+    environment = Environments.get(environment_id)
-def update_env_roles(application_id):
+    application = environment.application
-    application = Applications.get(application_id)
     env_roles_form = EnvironmentRolesForm(http_request.form)
 
     if env_roles_form.validate():
         env_data = env_roles_form.data
         Environments.update_env_roles_by_environment(
-            environment_id=env_data["env_id"], team_roles=env_data["team_roles"]
+            environment_id=environment_id, team_roles=env_data["team_roles"]
         )
         return redirect(url_for("applications.settings", application_id=application.id))
     else:

atst/utils/context_processors.py

@@ -5,7 +5,7 @@ from sqlalchemy.orm.exc import NoResultFound
 
 from atst.database import db
 from atst.domain.authz import Authorization
-from atst.models import Application, Portfolio, TaskOrder
+from atst.models import Application, Environment, Portfolio, TaskOrder
 from atst.models.permissions import Permissions
 from atst.domain.portfolios.scopes import ScopedPortfolio
 
@@ -25,6 +25,14 @@ def get_portfolio_from_context(view_args):
             .filter(Application.id == view_args["application_id"])
         )
 
+    elif "environment_id" in view_args:
+        query = (
+            db.session.query(Portfolio)
+            .join(Application, Application.portfolio_id == Portfolio.id)
+            .join(Environment, Environment.application_id == Application.id)
+            .filter(Environment.id == view_args["environment_id"])
+        )
+
     elif "task_order_id" in view_args:
         query = (
             db.session.query(Portfolio)

tests/routes/applications/test_settings.py

@@ -197,7 +197,7 @@ def test_user_with_permission_can_update_team_env_roles(client, user_session):
 
     user_session(application.portfolio.owner)
     response = client.post(
-        url_for("applications.update_env_roles", application_id=application.id),
+        url_for("applications.update_env_roles", environment_id=environment.id),
         data=form_data,
         follow_redirects=True,
     )
@@ -235,7 +235,7 @@ def test_user_without_permission_cannot_update_team_env_roles(client, user_sessi
 
     user_session(app_role_without_perms.user)
     response = client.post(
-        url_for("applications.update_env_roles", application_id=application.id),
+        url_for("applications.update_env_roles", environment_id=environment.id),
         data=form_data,
         follow_redirects=True,
     )