From 9f266ea4e4defa5b37c341819fe5d6d2472df774 Mon Sep 17 00:00:00 2001
From: Montana <montana-ctr@friends.dds.mil>
Date: Thu, 2 May 2019 15:09:12 -0400
Subject: [PATCH] Update user permission sets

- adds two domain functions for application roles
---
 atst/domain/application_roles.py | 21 +++++++++++++++++++++
 atst/routes/applications/team.py | 24 ++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/atst/domain/application_roles.py b/atst/domain/application_roles.py
index af000706..ae157ecf 100644
--- a/atst/domain/application_roles.py
+++ b/atst/domain/application_roles.py
@@ -28,3 +28,24 @@ class ApplicationRoles(object):
 
         db.session.add(role)
         db.session.commit()
+
+    @classmethod
+    def get(cls, user_id, application_id):
+        existing_app_role = (
+            db.session.query(ApplicationRole)
+            .filter_by(user_id=user_id, application_id=application_id)
+            .one_or_none()
+        )
+
+        return existing_app_role
+
+    @classmethod
+    def update_permission_sets(cls, application_role, new_perm_sets_names):
+        application_role.permission_sets = ApplicationRoles._permission_sets_for_names(
+            new_perm_sets_names
+        )
+
+        db.session.add(application_role)
+        db.session.commit()
+
+        return application_role
diff --git a/atst/routes/applications/team.py b/atst/routes/applications/team.py
index 22b5b78e..ea548d07 100644
--- a/atst/routes/applications/team.py
+++ b/atst/routes/applications/team.py
@@ -3,6 +3,7 @@ from flask import render_template, request as http_request, g, url_for, redirect
 
 from . import applications_bp
 from atst.domain.applications import Applications
+from atst.domain.application_roles import ApplicationRoles
 from atst.domain.environments import Environments
 from atst.domain.environment_roles import EnvironmentRoles
 from atst.domain.authz.decorator import user_can_access_decorator as user_can
@@ -98,6 +99,29 @@ def team(application_id):
     )
 
 
+@applications_bp.route("/application/<application_id>/team", methods=["POST"])
+@user_can(Permissions.EDIT_APPLICATION_MEMBER, message="update application member")
+def update_team(application_id):
+    application = Applications.get(application_id)
+    form = TeamForm(http_request.form)
+
+    if form.validate():
+        # TODO check that all users coming through are app members
+        for member in form.members:
+            app_role = ApplicationRoles.get(member.data["user_id"], application.id)
+            new_perms = [perm for perm in member.data["permission_sets"] if perm != ""]
+            ApplicationRoles.update_permission_sets(app_role, new_perms)
+
+    return redirect(
+        url_for(
+            "applications.team",
+            application_id=application_id,
+            fragment="application-members",
+            _anchor="application-members",
+        )
+    )
+
+
 @applications_bp.route("/application/<application_id>/members/new", methods=["POST"])
 @user_can(
     Permissions.CREATE_APPLICATION_MEMBER, message="create new application member"