diff --git a/atst/domain/workspace_users.py b/atst/domain/workspace_users.py index 940cf2a4..6fb761c3 100644 --- a/atst/domain/workspace_users.py +++ b/atst/domain/workspace_users.py @@ -33,6 +33,8 @@ class WorkspaceUsers(object): @classmethod def add(cls, user, workspace_id, role_name): role = Roles.get(role_name) + + new_workspace_role = None try: existing_workspace_role = ( db.session.query(WorkspaceRole) @@ -53,6 +55,8 @@ class WorkspaceUsers(object): db.session.add(user) db.session.commit() + return WorkspaceUser(user, new_workspace_role) + @classmethod def add_many(cls, workspace_id, workspace_user_dicts): workspace_users = [] diff --git a/atst/domain/workspaces.py b/atst/domain/workspaces.py index 6a513607..6570a831 100644 --- a/atst/domain/workspaces.py +++ b/atst/domain/workspaces.py @@ -7,6 +7,8 @@ from atst.domain.exceptions import NotFoundError, UnauthorizedError from atst.domain.roles import Roles from atst.domain.authz import Authorization from atst.models.permissions import Permissions +from atst.domain.users import Users +from atst.domain.workspace_users import WorkspaceUsers class Workspaces(object): @@ -61,6 +63,24 @@ class Workspaces(object): ) return workspaces + @classmethod + def create_member(cls, user, workspace, data): + if not Authorization.has_workspace_permission( + user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE + ): + raise UnauthorizedError(user, "create workspace member") + + new_user = Users.get_or_create_by_dod_id( + data["dod_id"], + first_name=data["first_name"], + last_name=data["last_name"], + email=data["email"], + ) + workspace_user = WorkspaceUsers.add( + new_user, workspace.id, data["workspace_role"] + ) + return workspace_user + @classmethod def _create_workspace_role(cls, user, workspace, role_name): role = Roles.get(role_name) diff --git a/atst/models/workspace_user.py b/atst/models/workspace_user.py index 6faba2d6..5e3ee1ed 100644 --- a/atst/models/workspace_user.py +++ b/atst/models/workspace_user.py @@ -10,5 +10,9 @@ class WorkspaceUser(object): ) return set(workspace_permissions).union(atat_permissions) + @property + def workspace(self): + return self.workspace_role.workspace + def workspace_id(self): return self.workspace_role.workspace_id diff --git a/tests/domain/test_workspaces.py b/tests/domain/test_workspaces.py index 468536a8..4fdfa88b 100644 --- a/tests/domain/test_workspaces.py +++ b/tests/domain/test_workspaces.py @@ -87,3 +87,35 @@ def test_get_for_update_blocks_developer(): with pytest.raises(UnauthorizedError): Workspaces.get_for_update(developer, workspace.id) + + +def test_can_create_workspace_user(): + owner = UserFactory.create() + workspace = Workspaces.create(RequestFactory.create(creator=owner)) + + user_data = { + "first_name": "New", + "last_name": "User", + "email": "new.user@mail.com", + "workspace_role": "developer", + "dod_id": "1234567890" + } + + new_member = Workspaces.create_member(owner, workspace, user_data) + assert new_member.workspace == workspace + + +def test_need_permission_to_create_workspace_user(): + workspace = Workspaces.create(request=RequestFactory.create()) + random_user = UserFactory.create() + + user_data = { + "first_name": "New", + "last_name": "User", + "email": "new.user@mail.com", + "workspace_role": "developer", + "dod_id": "1234567890" + } + + with pytest.raises(UnauthorizedError): + Workspaces.create_member(random_user, workspace, user_data)