Update user permission sets
- adds two domain functions for application roles
This commit is contained in:
Montana
parent
de41afa935
commit
9f266ea4e4
@ -28,3 +28,24 @@ class ApplicationRoles(object):
|
|||||||
|
|
||||||
db.session.add(role)
|
db.session.add(role)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get(cls, user_id, application_id):
|
||||||
|
existing_app_role = (
|
||||||
|
db.session.query(ApplicationRole)
|
||||||
|
.filter_by(user_id=user_id, application_id=application_id)
|
||||||
|
.one_or_none()
|
||||||
|
)
|
||||||
|
|
||||||
|
return existing_app_role
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def update_permission_sets(cls, application_role, new_perm_sets_names):
|
||||||
|
application_role.permission_sets = ApplicationRoles._permission_sets_for_names(
|
||||||
|
new_perm_sets_names
|
||||||
|
)
|
||||||
|
|
||||||
|
db.session.add(application_role)
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
return application_role
|
||||||
|
|||||||
@ -3,6 +3,7 @@ from flask import render_template, request as http_request, g, url_for, redirect
|
|||||||
|
|
||||||
from . import applications_bp
|
from . import applications_bp
|
||||||
from atst.domain.applications import Applications
|
from atst.domain.applications import Applications
|
||||||
|
from atst.domain.application_roles import ApplicationRoles
|
||||||
from atst.domain.environments import Environments
|
from atst.domain.environments import Environments
|
||||||
from atst.domain.environment_roles import EnvironmentRoles
|
from atst.domain.environment_roles import EnvironmentRoles
|
||||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||||
@ -98,6 +99,29 @@ def team(application_id):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@applications_bp.route("/application/<application_id>/team", methods=["POST"])
|
||||||
|
@user_can(Permissions.EDIT_APPLICATION_MEMBER, message="update application member")
|
||||||
|
def update_team(application_id):
|
||||||
|
application = Applications.get(application_id)
|
||||||
|
form = TeamForm(http_request.form)
|
||||||
|
|
||||||
|
if form.validate():
|
||||||
|
# TODO check that all users coming through are app members
|
||||||
|
for member in form.members:
|
||||||
|
app_role = ApplicationRoles.get(member.data["user_id"], application.id)
|
||||||
|
new_perms = [perm for perm in member.data["permission_sets"] if perm != ""]
|
||||||
|
ApplicationRoles.update_permission_sets(app_role, new_perms)
|
||||||
|
|
||||||
|
return redirect(
|
||||||
|
url_for(
|
||||||
|
"applications.team",
|
||||||
|
application_id=application_id,
|
||||||
|
fragment="application-members",
|
||||||
|
_anchor="application-members",
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@applications_bp.route("/application/<application_id>/members/new", methods=["POST"])
|
@applications_bp.route("/application/<application_id>/members/new", methods=["POST"])
|
||||||
@user_can(
|
@user_can(
|
||||||
Permissions.CREATE_APPLICATION_MEMBER, message="create new application member"
|
Permissions.CREATE_APPLICATION_MEMBER, message="create new application member"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user