Prevent error from being raised when user is not trying to update a
disabled env role We were only checking to see if a role was disabled or deleted before raising an error, so I added in a check to see if the user was trying to update the env role before raising an error. The error should only be raised if the role is disabled or deleted AND the user is trying to assign a new role to the env role. I also added in a disabled property to the EnvironmentRole model to make things more readable.
This commit is contained in:
leigh-mil
parent
b034d668a1
commit
a4f21dc7e6
@ -10,7 +10,6 @@ from atst.models import (
|
|||||||
Portfolio,
|
Portfolio,
|
||||||
TaskOrder,
|
TaskOrder,
|
||||||
CLIN,
|
CLIN,
|
||||||
EnvironmentRole,
|
|
||||||
)
|
)
|
||||||
from atst.domain.environment_roles import EnvironmentRoles
|
from atst.domain.environment_roles import EnvironmentRoles
|
||||||
|
|
||||||
@ -58,16 +57,11 @@ class Environments(object):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def update_env_role(cls, environment, application_role, new_role):
|
def update_env_role(cls, environment, application_role, new_role):
|
||||||
env_role = EnvironmentRoles.get_for_update(application_role.id, environment.id)
|
env_role = EnvironmentRoles.get_for_update(application_role.id, environment.id)
|
||||||
if env_role and (
|
|
||||||
env_role.status == EnvironmentRole.Status.DISABLED or env_role.deleted
|
if env_role and new_role and (env_role.disabled or env_role.deleted):
|
||||||
):
|
|
||||||
raise DisabledError("environment_role", env_role.id)
|
raise DisabledError("environment_role", env_role.id)
|
||||||
|
|
||||||
if (
|
if env_role and env_role.role != new_role and not env_role.disabled:
|
||||||
env_role
|
|
||||||
and env_role.role != new_role
|
|
||||||
and env_role.status != EnvironmentRole.Status.DISABLED
|
|
||||||
):
|
|
||||||
env_role.role = new_role
|
env_role.role = new_role
|
||||||
db.session.add(env_role)
|
db.session.add(env_role)
|
||||||
elif not env_role and new_role:
|
elif not env_role and new_role:
|
||||||
@ -78,7 +72,7 @@ class Environments(object):
|
|||||||
)
|
)
|
||||||
db.session.add(env_role)
|
db.session.add(env_role)
|
||||||
|
|
||||||
if env_role and not new_role:
|
if env_role and not new_role and not env_role.disabled:
|
||||||
EnvironmentRoles.disable(env_role.id)
|
EnvironmentRoles.disable(env_role.id)
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|||||||
@ -66,6 +66,10 @@ class EnvironmentRole(
|
|||||||
def displayname(self):
|
def displayname(self):
|
||||||
return self.role
|
return self.role
|
||||||
|
|
||||||
|
@property
|
||||||
|
def disabled(self):
|
||||||
|
return self.status == EnvironmentRole.Status.DISABLED
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def event_details(self):
|
def event_details(self):
|
||||||
return {
|
return {
|
||||||
|
|||||||
@ -14,7 +14,6 @@ from atst.forms.application import NameAndDescriptionForm, EditEnvironmentForm
|
|||||||
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||||
from atst.forms.member import NewForm as MemberForm
|
from atst.forms.member import NewForm as MemberForm
|
||||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||||
from atst.models.environment_role import EnvironmentRole
|
|
||||||
from atst.models.permissions import Permissions
|
from atst.models.permissions import Permissions
|
||||||
from atst.domain.permission_sets import PermissionSets
|
from atst.domain.permission_sets import PermissionSets
|
||||||
from atst.utils.flash import formatted_flash as flash
|
from atst.utils.flash import formatted_flash as flash
|
||||||
@ -92,7 +91,7 @@ def filter_env_roles_form_data(member, environments):
|
|||||||
if len(env_roles_set) == 1:
|
if len(env_roles_set) == 1:
|
||||||
(env_role,) = env_roles_set
|
(env_role,) = env_roles_set
|
||||||
env_data["role"] = env_role.role
|
env_data["role"] = env_role.role
|
||||||
env_data["disabled"] = env_role.status == EnvironmentRole.Status.DISABLED
|
env_data["disabled"] = env_role.disabled
|
||||||
|
|
||||||
env_roles_form_data.append(env_data)
|
env_roles_form_data.append(env_data)
|
||||||
|
|
||||||
|
|||||||
@ -88,7 +88,7 @@ def test_disable_completed(application_role, environment):
|
|||||||
|
|
||||||
environment_role = EnvironmentRoles.disable(environment_role.id)
|
environment_role = EnvironmentRoles.disable(environment_role.id)
|
||||||
|
|
||||||
assert environment_role.status == EnvironmentRole.Status.DISABLED
|
assert environment_role.disabled
|
||||||
|
|
||||||
|
|
||||||
def test_get_for_update(application_role, environment):
|
def test_get_for_update(application_role, environment):
|
||||||
|
|||||||
@ -42,21 +42,26 @@ def test_update_env_role_no_access():
|
|||||||
env_role.application_role.id, env_role.environment.id
|
env_role.application_role.id, env_role.environment.id
|
||||||
)
|
)
|
||||||
assert env_role.role is None
|
assert env_role.role is None
|
||||||
assert env_role.status == EnvironmentRole.Status.DISABLED
|
assert env_role.disabled
|
||||||
|
|
||||||
|
|
||||||
def test_update_env_role_disabled_role():
|
def test_update_env_role_disabled_role():
|
||||||
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
|
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
|
||||||
Environments.update_env_role(env_role.environment, env_role.application_role, None)
|
Environments.update_env_role(env_role.environment, env_role.application_role, None)
|
||||||
|
|
||||||
|
# An exception should be raised when a new role is passed to Environments.update_env_role
|
||||||
with pytest.raises(DisabledError):
|
with pytest.raises(DisabledError):
|
||||||
Environments.update_env_role(
|
Environments.update_env_role(
|
||||||
env_role.environment,
|
env_role.environment,
|
||||||
env_role.application_role,
|
env_role.application_role,
|
||||||
CSPRole.TECHNICAL_READ.value,
|
CSPRole.TECHNICAL_READ.value,
|
||||||
)
|
)
|
||||||
|
|
||||||
assert env_role.role is None
|
assert env_role.role is None
|
||||||
assert env_role.status == EnvironmentRole.Status.DISABLED
|
assert env_role.disabled
|
||||||
|
|
||||||
|
# An exception should not be raised when no new role is passed
|
||||||
|
Environments.update_env_role(env_role.environment, env_role.application_role, None)
|
||||||
|
|
||||||
|
|
||||||
def test_get_excludes_deleted():
|
def test_get_excludes_deleted():
|
||||||
|
|||||||
@ -563,7 +563,7 @@ def test_update_member(client, user_session, session):
|
|||||||
# check that the user has roles in the correct envs
|
# check that the user has roles in the correct envs
|
||||||
assert len(environment_roles) == 3
|
assert len(environment_roles) == 3
|
||||||
assert updated_role.role == CSPRole.TECHNICAL_READ.value
|
assert updated_role.role == CSPRole.TECHNICAL_READ.value
|
||||||
assert suspended_role.status == EnvironmentRole.Status.DISABLED
|
assert suspended_role.disabled
|
||||||
|
|
||||||
|
|
||||||
def test_revoke_invite(client, user_session):
|
def test_revoke_invite(client, user_session):
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user