diff --git a/atst/domain/roles.py b/atst/domain/roles.py index 1ca32d8e..0d459822 100644 --- a/atst/domain/roles.py +++ b/atst/domain/roles.py @@ -1,10 +1,153 @@ from sqlalchemy.orm.exc import NoResultFound from atst.database import db -from atst.models import Role +from atst.models import Role, Permissions from .exceptions import NotFoundError +DEFINITIONS = [ + { + "name": "ccpo", + "display_name": "CCPO", + "description": "", + "permissions": [ + Permissions.VIEW_ORIGINAL_JEDI_REQEUST, + Permissions.REVIEW_AND_APPROVE_JEDI_WORKSPACE_REQUEST, + Permissions.MODIFY_ATAT_ROLE_PERMISSIONS, + Permissions.CREATE_CSP_ROLE, + Permissions.DELETE_CSP_ROLE, + Permissions.DEACTIVE_CSP_ROLE, + Permissions.MODIFY_CSP_ROLE_PERMISSIONS, + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.ADD_AND_ASSIGN_CSP_ROLES, + Permissions.REMOVE_CSP_ROLES, + Permissions.REQUEST_NEW_CSP_ROLE, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + Permissions.DEACTIVATE_WORKSPACE, + Permissions.VIEW_ATAT_PERMISSIONS, + Permissions.TRANSFER_OWNERSHIP_OF_WORKSPACE, + Permissions.VIEW_WORKSPACE, + Permissions.VIEW_WORKSPACE_MEMBERS, + Permissions.ADD_APPLICATION_IN_WORKSPACE, + Permissions.DELETE_APPLICATION_IN_WORKSPACE, + Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.RENAME_APPLICATION_IN_WORKSPACE, + Permissions.ADD_ENVIRONMENT_IN_APPLICATION, + Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, + Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, + Permissions.ADD_TAG_TO_WORKSPACE, + Permissions.REMOVE_TAG_FROM_WORKSPACE, + Permissions.VIEW_AUDIT_LOG, + ], + }, + { + "name": "owner", + "display_name": "Workspace Owner", + "description": "Adds, edits, deactivates access to all projects, environments, and members. Views budget reports. Initiates and edits JEDI Cloud requests.", + "permissions": [ + Permissions.REQUEST_JEDI_WORKSPACE, + Permissions.VIEW_ORIGINAL_JEDI_REQEUST, + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.ADD_AND_ASSIGN_CSP_ROLES, + Permissions.REMOVE_CSP_ROLES, + Permissions.REQUEST_NEW_CSP_ROLE, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + Permissions.DEACTIVATE_WORKSPACE, + Permissions.VIEW_ATAT_PERMISSIONS, + Permissions.VIEW_WORKSPACE, + Permissions.VIEW_WORKSPACE_MEMBERS, + Permissions.EDIT_WORKSPACE_INFORMATION, + Permissions.ADD_APPLICATION_IN_WORKSPACE, + Permissions.DELETE_APPLICATION_IN_WORKSPACE, + Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.RENAME_APPLICATION_IN_WORKSPACE, + Permissions.ADD_ENVIRONMENT_IN_APPLICATION, + Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, + Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, + ], + }, + { + "name": "admin", + "display_name": "Administrator", + "description": "Adds and edits projects, environments, members, but cannot deactivate. Cannot view budget reports or JEDI Cloud requests.", + "permissions": [ + Permissions.VIEW_USAGE_REPORT, + Permissions.ADD_AND_ASSIGN_CSP_ROLES, + Permissions.REMOVE_CSP_ROLES, + Permissions.REQUEST_NEW_CSP_ROLE, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + Permissions.VIEW_WORKSPACE, + Permissions.VIEW_WORKSPACE_MEMBERS, + Permissions.EDIT_WORKSPACE_INFORMATION, + Permissions.ADD_APPLICATION_IN_WORKSPACE, + Permissions.DELETE_APPLICATION_IN_WORKSPACE, + Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.RENAME_APPLICATION_IN_WORKSPACE, + Permissions.ADD_ENVIRONMENT_IN_APPLICATION, + Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, + Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, + ], + }, + { + "name": "developer", + "display_name": "Developer", + "description": "Views only the projects and environments they are granted access to. Can also view members associated with each environment.", + "permissions": [ + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.VIEW_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + ], + }, + { + "name": "billing_auditor", + "display_name": "Billing Auditor", + "description": "Views only the projects and environments they are granted access to. Can also view budgets and reports associated with the workspace.", + "permissions": [ + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.VIEW_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + ], + }, + { + "name": "security_auditor", + "description": "Views only the projects and environments they are granted access to. Can also view activity logs.", + "display_name": "Security Auditor", + "permissions": [ + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + Permissions.VIEW_ATAT_PERMISSIONS, + Permissions.VIEW_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + ], + }, + { + "name": "default", + "display_name": "Default", + "description": "", + "permissions": [Permissions.REQUEST_JEDI_WORKSPACE], + }, +] + + class Roles(object): @classmethod def get(cls, role_name): diff --git a/atst/forms/data.py b/atst/forms/data.py index ebdeacbb..d916af86 100644 --- a/atst/forms/data.py +++ b/atst/forms/data.py @@ -1,3 +1,5 @@ +from atst.domain.roles import DEFINITIONS as ROLE_DEFINITIONS + SERVICE_BRANCHES = [ (None, "Select an option"), ("Air Force, Department of the", "Air Force, Department of the"), @@ -104,41 +106,9 @@ COMPLETION_DATE_RANGES = [ ] WORKSPACE_ROLES = [ - ( - "owner", - { - "name": "Workspace Owner", - "description": "Adds, edits, deactivates access to all projects, environments, and members. Views budget reports. Initiates and edits JEDI Cloud requests.", - }, - ), - ( - "admin", - { - "name": "Administrator", - "description": "Adds and edits projects, environments, members, but cannot deactivate. Cannot view budget reports or JEDI Cloud requests.", - }, - ), - ( - "developer", - { - "name": "Developer", - "description": "Views only the projects and environments they are granted access to. Can also view members associated with each environment.", - }, - ), - ( - "billing_auditor", - { - "name": "Billing Auditor", - "description": "Views only the projects and environments they are granted access to. Can also view budgets and reports associated with the workspace.", - }, - ), - ( - "security_auditor", - { - "name": "Security Auditor", - "description": "Views only the projects and environments they are granted access to. Can also view activity logs.", - }, - ), + (role["name"], {"name": role["display_name"], "description": role["description"]}) + for role in ROLE_DEFINITIONS + if role["name"] not in ["ccpo", "default"] ] ENVIRONMENT_ROLES = [ diff --git a/script/seed_roles.py b/script/seed_roles.py index 17cadfbc..80896b33 100644 --- a/script/seed_roles.py +++ b/script/seed_roles.py @@ -9,152 +9,12 @@ from sqlalchemy.orm.exc import NoResultFound from atst.app import make_config, make_app from atst.database import db from atst.models import Role, Permissions - -roles = [ - Role( - name="ccpo", - display_name="CCPO", - description="", - permissions=[ - Permissions.VIEW_ORIGINAL_JEDI_REQEUST, - Permissions.REVIEW_AND_APPROVE_JEDI_WORKSPACE_REQUEST, - Permissions.MODIFY_ATAT_ROLE_PERMISSIONS, - Permissions.CREATE_CSP_ROLE, - Permissions.DELETE_CSP_ROLE, - Permissions.DEACTIVE_CSP_ROLE, - Permissions.MODIFY_CSP_ROLE_PERMISSIONS, - Permissions.VIEW_USAGE_REPORT, - Permissions.VIEW_USAGE_DOLLARS, - Permissions.ADD_AND_ASSIGN_CSP_ROLES, - Permissions.REMOVE_CSP_ROLES, - Permissions.REQUEST_NEW_CSP_ROLE, - Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, - Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, - Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, - Permissions.DEACTIVATE_WORKSPACE, - Permissions.VIEW_ATAT_PERMISSIONS, - Permissions.TRANSFER_OWNERSHIP_OF_WORKSPACE, - Permissions.VIEW_WORKSPACE, - Permissions.VIEW_WORKSPACE_MEMBERS, - Permissions.ADD_APPLICATION_IN_WORKSPACE, - Permissions.DELETE_APPLICATION_IN_WORKSPACE, - Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, - Permissions.VIEW_APPLICATION_IN_WORKSPACE, - Permissions.RENAME_APPLICATION_IN_WORKSPACE, - Permissions.ADD_ENVIRONMENT_IN_APPLICATION, - Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, - Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, - Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, - Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, - Permissions.ADD_TAG_TO_WORKSPACE, - Permissions.REMOVE_TAG_FROM_WORKSPACE, - Permissions.VIEW_AUDIT_LOG - ], - ), - Role( - name="owner", - display_name="Owner", - description="", - permissions=[ - Permissions.REQUEST_JEDI_WORKSPACE, - Permissions.VIEW_ORIGINAL_JEDI_REQEUST, - Permissions.VIEW_USAGE_REPORT, - Permissions.VIEW_USAGE_DOLLARS, - Permissions.ADD_AND_ASSIGN_CSP_ROLES, - Permissions.REMOVE_CSP_ROLES, - Permissions.REQUEST_NEW_CSP_ROLE, - Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, - Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, - Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, - Permissions.DEACTIVATE_WORKSPACE, - Permissions.VIEW_ATAT_PERMISSIONS, - Permissions.VIEW_WORKSPACE, - Permissions.VIEW_WORKSPACE_MEMBERS, - Permissions.EDIT_WORKSPACE_INFORMATION, - Permissions.ADD_APPLICATION_IN_WORKSPACE, - Permissions.DELETE_APPLICATION_IN_WORKSPACE, - Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, - Permissions.VIEW_APPLICATION_IN_WORKSPACE, - Permissions.RENAME_APPLICATION_IN_WORKSPACE, - Permissions.ADD_ENVIRONMENT_IN_APPLICATION, - Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, - Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, - Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, - Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, - ], - ), - Role( - name="admin", - display_name="Admin", - description="", - permissions=[ - Permissions.VIEW_USAGE_REPORT, - Permissions.ADD_AND_ASSIGN_CSP_ROLES, - Permissions.REMOVE_CSP_ROLES, - Permissions.REQUEST_NEW_CSP_ROLE, - Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, - Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, - Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, - Permissions.VIEW_WORKSPACE, - Permissions.VIEW_WORKSPACE_MEMBERS, - Permissions.EDIT_WORKSPACE_INFORMATION, - Permissions.ADD_APPLICATION_IN_WORKSPACE, - Permissions.DELETE_APPLICATION_IN_WORKSPACE, - Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, - Permissions.VIEW_APPLICATION_IN_WORKSPACE, - Permissions.RENAME_APPLICATION_IN_WORKSPACE, - Permissions.ADD_ENVIRONMENT_IN_APPLICATION, - Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, - Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, - Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, - Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, - ], - ), - Role( - name="developer", - display_name="Developer", - description="", - permissions=[ - Permissions.VIEW_USAGE_REPORT, - Permissions.VIEW_USAGE_DOLLARS, - Permissions.VIEW_WORKSPACE, - Permissions.VIEW_APPLICATION_IN_WORKSPACE, - ], - ), - Role( - name="billing_auditor", - display_name="Billing Auditor", - description="", - permissions=[ - Permissions.VIEW_USAGE_REPORT, - Permissions.VIEW_USAGE_DOLLARS, - Permissions.VIEW_WORKSPACE, - Permissions.VIEW_APPLICATION_IN_WORKSPACE, - ], - ), - Role( - name="security_auditor", - description="", - display_name="Security Auditor", - permissions=[ - Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, - Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, - Permissions.VIEW_ATAT_PERMISSIONS, - Permissions.VIEW_WORKSPACE, - Permissions.VIEW_APPLICATION_IN_WORKSPACE, - ], - ), - Role( - name="default", - display_name="Default", - description="", - permissions=[Permissions.REQUEST_JEDI_WORKSPACE], - ), -] +from atst.domain.roles import DEFINITIONS def seed_roles(): - for role in roles: + for role_info in DEFINITIONS: + role = Role(**role_info) try: existing_role = db.session.query(Role).filter_by(name=role.name).one() existing_role.description = role.description