Update user permission sets

- adds two domain functions for application roles
2019-05-02 15:09:12 -04:00 · 2019-05-02 15:09:12 -04:00 · 9f266ea4e4
commit 9f266ea4e4
parent de41afa935
2 changed files with 45 additions and 0 deletions
--- a/atst/domain/application_roles.py
+++ b/atst/domain/application_roles.py
@ -28,3 +28,24 @@ class ApplicationRoles(object):

        db.session.add(role)
        db.session.commit()
+
+    @classmethod
+    def get(cls, user_id, application_id):
+        existing_app_role = (
+            db.session.query(ApplicationRole)
+            .filter_by(user_id=user_id, application_id=application_id)
+            .one_or_none()
+        )
+
+        return existing_app_role
+
+    @classmethod
+    def update_permission_sets(cls, application_role, new_perm_sets_names):
+        application_role.permission_sets = ApplicationRoles._permission_sets_for_names(
+            new_perm_sets_names
+        )
+
+        db.session.add(application_role)
+        db.session.commit()
+
+        return application_role
--- a/atst/routes/applications/team.py
+++ b/atst/routes/applications/team.py
@ -3,6 +3,7 @@ from flask import render_template, request as http_request, g, url_for, redirect

 from . import applications_bp
 from atst.domain.applications import Applications
+from atst.domain.application_roles import ApplicationRoles
 from atst.domain.environments import Environments
 from atst.domain.environment_roles import EnvironmentRoles
 from atst.domain.authz.decorator import user_can_access_decorator as user_can
@ -98,6 +99,29 @@ def team(application_id):
    )


+@applications_bp.route("/application/<application_id>/team", methods=["POST"])
+@user_can(Permissions.EDIT_APPLICATION_MEMBER, message="update application member")
+def update_team(application_id):
+    application = Applications.get(application_id)
+    form = TeamForm(http_request.form)
+
+    if form.validate():
+        # TODO check that all users coming through are app members
+        for member in form.members:
+            app_role = ApplicationRoles.get(member.data["user_id"], application.id)
+            new_perms = [perm for perm in member.data["permission_sets"] if perm != ""]
+            ApplicationRoles.update_permission_sets(app_role, new_perms)
+
+    return redirect(
+        url_for(
+            "applications.team",
+            application_id=application_id,
+            fragment="application-members",
+            _anchor="application-members",
+        )
+    )
+
+
@applications_bp.route("/application/<application_id>/members/new", methods=["POST"])
@user_can(
    Permissions.CREATE_APPLICATION_MEMBER, message="create new application member"