pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use application_role.id to reference users in team page forms.

Browse Source 
Membership in a resource should be decoupled from the users table.
This commit is contained in:
dandds 2019-05-23 09:51:25 -04:00
parent da6ac57812
commit a332d1432e
6 changed files with 39 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
atst/domain/application_roles.py
View File

@ -47,6 +47,18 @@ class ApplicationRoles(object):
return app_role return app_role
@classmethod
def get_by_id(cls, id_):
try:
return (
db.session.query(ApplicationRole)
.filter(ApplicationRole.id == id_)
.filter(ApplicationRole.status != ApplicationRoleStatus.DISABLED)
.one()
)
except NoResultFound:
raise NotFoundError("portfolio_role")
@classmethod @classmethod
def update_permission_sets(cls, application_role, new_perm_sets_names): def update_permission_sets(cls, application_role, new_perm_sets_names):
application_role.permission_sets = ApplicationRoles._permission_sets_for_names( application_role.permission_sets = ApplicationRoles._permission_sets_for_names(

2
atst/forms/team.py
View File

@ -61,7 +61,7 @@ class PermissionsForm(FlaskForm):
class MemberForm(FlaskForm): class MemberForm(FlaskForm):
user_id = HiddenField(validators=[Required()]) role_id = HiddenField(validators=[Required()])
user_name = StringField() user_name = StringField()
environment_roles = FieldList(FormField(EnvironmentForm)) environment_roles = FieldList(FormField(EnvironmentForm))
permission_sets = FormField(PermissionsForm) permission_sets = FormField(PermissionsForm)

11
atst/routes/applications/team.py
View File

@ -27,8 +27,6 @@ def get_form_permission_value(member, edit_perm_set):
def get_team_form(application): def get_team_form(application):
team_data = [] team_data = []
for member in application.members: for member in application.members:
user_id = member.user.id
user_name = member.user.full_name
permission_sets = { permission_sets = {
"perms_team_mgmt": get_form_permission_value( "perms_team_mgmt": get_form_permission_value(
member, PermissionSets.EDIT_APPLICATION_TEAM member, PermissionSets.EDIT_APPLICATION_TEAM
@ -53,8 +51,8 @@ def get_team_form(application):
] ]
team_data.append( team_data.append(
{ {
"user_id": str(user_id), "role_id": member.id,
"user_name": user_name, "user_name": member.user_name,
"permission_sets": permission_sets, "permission_sets": permission_sets,
"environment_roles": environment_roles, "environment_roles": environment_roles,
} }
@ -99,7 +97,7 @@ def update_team(application_id):
if form.validate(): if form.validate():
for member_form in form.members: for member_form in form.members:
app_role = ApplicationRoles.get(member_form.user_id.data, application.id) app_role = ApplicationRoles.get_by_id(member_form.role_id.data)
new_perms = [ new_perms = [
perm perm
for perm in member_form.data["permission_sets"] for perm in member_form.data["permission_sets"]
@ -108,12 +106,11 @@ def update_team(application_id):
ApplicationRoles.update_permission_sets(app_role, new_perms) ApplicationRoles.update_permission_sets(app_role, new_perms)
for environment_role_form in member_form.environment_roles: for environment_role_form in member_form.environment_roles:
user = Users.get(member_form.user_id.data)
environment = Environments.get( environment = Environments.get(
environment_role_form.environment_id.data environment_role_form.environment_id.data
) )
Environments.update_env_role( Environments.update_env_role(
environment, user, environment_role_form.data.get("role") environment, app_role.user, environment_role_form.data.get("role")
) )
flash("updated_application_team_settings", application_name=application.name) flash("updated_application_team_settings", application_name=application.name)

2
templates/fragments/applications/edit_team.html
View File

@ -92,7 +92,7 @@
{% endif %} {% endif %}
</div> </div>
{% endcall %} {% endcall %}
{{ member_form.user_id() }} {{ member_form.role_id() }}
</li> </li>
</toggler> </toggler>
{% endfor %} {% endfor %}

12
tests/domain/test_application_roles.py
View File

@ -71,3 +71,15 @@ def test_update_permission_sets():
assert app_role.permission_sets == view_app assert app_role.permission_sets == view_app
assert ApplicationRoles.update_permission_sets(app_role, new_perms_names) assert ApplicationRoles.update_permission_sets(app_role, new_perms_names)
assert set(app_role.permission_sets) == set(new_perms + view_app) assert set(app_role.permission_sets) == set(new_perms + view_app)
def test_get_by_id():
user = UserFactory.create()
application = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user, application=application)
assert ApplicationRoles.get_by_id(app_role.id) == app_role
app_role.status = ApplicationRoleStatus.DISABLED
with pytest.raises(NotFoundError):
ApplicationRoles.get_by_id(app_role.id)

27
tests/routes/applications/test_team.py
View File

@ -25,12 +25,11 @@ def test_update_team_permissions(client, user_session):
app_role = ApplicationRoleFactory.create( app_role = ApplicationRoleFactory.create(
application=application, permission_sets=[] application=application, permission_sets=[]
) )
app_user = app_role.user
user_session(owner) user_session(owner)
response = client.post( response = client.post(
url_for("applications.update_team", application_id=application.id), url_for("applications.update_team", application_id=application.id),
data={ data={
"members-0-user_id": app_user.id, "members-0-role_id": app_role.id,
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
@ -54,36 +53,30 @@ def test_update_team_with_bad_permission_sets(client, user_session):
app_role = ApplicationRoleFactory.create( app_role = ApplicationRoleFactory.create(
application=application, permission_sets=[] application=application, permission_sets=[]
) )
app_user = app_role.user permission_sets = app_role.permission_sets
permission_sets = app_user.permission_sets
user_session(owner) user_session(owner)
response = client.post( response = client.post(
url_for("applications.update_team", application_id=application.id), url_for("applications.update_team", application_id=application.id),
data={ data={
"members-0-user_id": app_user.id, "members-0-role_id": app_role.id,
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"members-0-permission_sets-perms_env_mgmt": "some random string", "members-0-permission_sets-perms_env_mgmt": "some random string",
}, },
) )
assert response.status_code == 400 assert response.status_code == 400
assert app_user.permission_sets == permission_sets assert app_role.permission_sets == permission_sets
def test_update_team_with_non_app_user(client, user_session): def test_update_team_with_non_app_user(client, user_session):
application = ApplicationFactory.create() application = ApplicationFactory.create()
owner = application.portfolio.owner owner = application.portfolio.owner
app_role = ApplicationRoleFactory.create(
application=application, permission_sets=[]
)
non_app_user = UserFactory.create()
app_user = app_role.user
user_session(owner) user_session(owner)
response = client.post( response = client.post(
url_for("applications.update_team", application_id=application.id), url_for("applications.update_team", application_id=application.id),
data={ data={
"members-0-user_id": non_app_user.id, "members-0-role_id": str(uuid.uuid4()),
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
@ -99,16 +92,15 @@ def test_update_team_environment_roles(client, user_session):
app_role = ApplicationRoleFactory.create( app_role = ApplicationRoleFactory.create(
application=application, permission_sets=[] application=application, permission_sets=[]
) )
app_user = app_role.user
environment = EnvironmentFactory.create(application=application) environment = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create( env_role = EnvironmentRoleFactory.create(
user=app_user, environment=environment, role=CSPRole.NETWORK_ADMIN.value user=app_role.user, environment=environment, role=CSPRole.NETWORK_ADMIN.value
) )
user_session(owner) user_session(owner)
response = client.post( response = client.post(
url_for("applications.update_team", application_id=application.id), url_for("applications.update_team", application_id=application.id),
data={ data={
"members-0-user_id": app_user.id, "members-0-role_id": app_role.id,
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
@ -127,16 +119,15 @@ def test_update_team_revoke_environment_access(client, user_session, db, session
app_role = ApplicationRoleFactory.create( app_role = ApplicationRoleFactory.create(
application=application, permission_sets=[] application=application, permission_sets=[]
) )
app_user = app_role.user
environment = EnvironmentFactory.create(application=application) environment = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create( env_role = EnvironmentRoleFactory.create(
user=app_user, environment=environment, role=CSPRole.BASIC_ACCESS.value user=app_role.user, environment=environment, role=CSPRole.BASIC_ACCESS.value
) )
user_session(owner) user_session(owner)
response = client.post( response = client.post(
url_for("applications.update_team", application_id=application.id), url_for("applications.update_team", application_id=application.id),
data={ data={
"members-0-user_id": app_user.id, "members-0-role_id": app_role.id,
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, "members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,