pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update form to nest all envs in one form

Browse Source
This commit is contained in:
leigh-mil 2019-05-06 13:00:01 -04:00
parent 060c6834bf
commit addf2e97a1
9 changed files with 244 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
atst/domain/environments.py
View File

@ -73,7 +73,7 @@ class Environments(object):
def update_env_role(cls, environment, user, new_role): def update_env_role(cls, environment, user, new_role):
updated = False updated = False
if new_role == "no_access": if new_role == None:
updated = EnvironmentRoles.delete(user.id, environment.id) updated = EnvironmentRoles.delete(user.id, environment.id)
else: else:
env_role = EnvironmentRoles.get(user.id, environment.id) env_role = EnvironmentRoles.get(user.id, environment.id)
@ -113,6 +113,27 @@ class Environments(object):
environment=environment, user=member, new_role=new_role environment=environment, user=member, new_role=new_role
) )
@classmethod
def get_members_by_role(cls, env, role):
env_roles = (
db.session.query(EnvironmentRole)
.filter(EnvironmentRole.environment_id == env.id)
.filter(EnvironmentRole.role == role)
.all()
)
members_list = []
for env_role in env_roles:
members_list.append(
{
"user_id": env_role.user_id,
"user_name": env_role.user.full_name,
"role": role,
}
)
return members_list
@classmethod @classmethod
def revoke_access(cls, environment, target_user): def revoke_access(cls, environment, target_user):
EnvironmentRoles.delete(environment.id, target_user.id) EnvironmentRoles.delete(environment.id, target_user.id)

22
atst/forms/app_settings.py
View File

@ -1,21 +1,33 @@
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
from wtforms.fields import FieldList, FormField, HiddenField, RadioField from wtforms.fields import FieldList, FormField, HiddenField, RadioField, StringField
from .forms import BaseForm from .forms import BaseForm
from .data import ENV_ROLES from .data import ENV_ROLES
class EnvMemberRoleForm(FlaskForm): class MemberForm(FlaskForm):
user_id = HiddenField() user_id = HiddenField()
user_name = StringField()
role = RadioField(choices=ENV_ROLES, default="no_access") role = RadioField(choices=ENV_ROLES, default="no_access")
@property @property
def data(self): def data(self):
_data = super().data _data = super().data
_data.pop("csrf_token", None) for field in _data:
if field == "role" and _data[field] == "no_access":
_data[field] = None
return _data return _data
class EnvironmentRolesForm(BaseForm): class RoleForm(FlaskForm):
team_roles = FieldList(FormField(EnvMemberRoleForm)) role = HiddenField()
members = FieldList(FormField(MemberForm))
class EnvironmentRolesForm(FlaskForm):
team_roles = FieldList(FormField(RoleForm))
env_id = HiddenField() env_id = HiddenField()
class AppEnvRolesForm(BaseForm):
envs = FieldList(FormField(EnvironmentRolesForm))

2
atst/models/environment.py
View File

@ -21,7 +21,7 @@ class Environment(
@property @property
def users(self): def users(self):
return [r.user for r in self.roles] return {r.user for r in self.roles}
@property @property
def num_users(self): def num_users(self):

75
atst/routes/applications/settings.py
View File

@ -1,10 +1,9 @@
from flask import redirect, render_template, request as http_request, url_for from flask import redirect, render_template, request as http_request, url_for
from . import applications_bp from . import applications_bp
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.environments import Environments from atst.domain.environments import Environments
from atst.domain.applications import Applications from atst.domain.applications import Applications
from atst.forms.app_settings import EnvironmentRolesForm from atst.forms.app_settings import AppEnvRolesForm
from atst.forms.application import ApplicationForm, EditEnvironmentForm from atst.forms.application import ApplicationForm, EditEnvironmentForm
from atst.domain.authz.decorator import user_can_access_decorator as user_can from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.environment_role import CSPRole from atst.models.environment_role import CSPRole
@ -20,8 +19,8 @@ def get_environments_obj_for_app(application):
"id": env.id, "id": env.id,
"name": env.name, "name": env.name,
"edit_form": EditEnvironmentForm(obj=env), "edit_form": EditEnvironmentForm(obj=env),
"members_form": EnvironmentRolesForm(data=data_for_env_members_form(env)), "member_count": len(env.users),
"members": sort_env_users_by_role(env), "members": [user.full_name for user in env.users],
} }
environments_obj.append(env_data) environments_obj.append(env_data)
@ -29,33 +28,34 @@ def get_environments_obj_for_app(application):
def sort_env_users_by_role(env): def sort_env_users_by_role(env):
users_dict = {"no_access": []} users_list = []
no_access_users = env.application.users - env.users
no_access_list = [
{"user_id": user.id, "user_name": user.full_name, "role": "no_access"}
for user in no_access_users
]
users_list.append({"role": "no_access", "members": no_access_list})
for role in CSPRole: for role in CSPRole:
users_dict[role.value] = [] users_list.append(
{
"role": role.value,
"members": Environments.get_members_by_role(env, role.value),
}
)
for user in env.application.users: return users_list
if user in env.users:
role = EnvironmentRoles.get(user.id, env.id)
users_dict[role.displayname].append(
{"name": user.full_name, "user_id": user.id}
)
else:
users_dict["no_access"].append({"name": user.full_name, "user_id": user.id})
return users_dict
def data_for_env_members_form(environment): def data_for_app_env_roles_form(application):
data = {"env_id": environment.id, "team_roles": []} data = {"envs": []}
for user in environment.application.users: for environment in application.environments:
env_role = EnvironmentRoles.get(user.id, environment.id) data["envs"].append(
{
if env_role: "env_id": environment.id,
role = env_role.displayname "team_roles": sort_env_users_by_role(environment),
else: }
role = "no_access" )
data["team_roles"].append({"user_id": user.id, "role": role})
return data return data
@ -73,12 +73,15 @@ def check_users_are_in_application(user_ids, application):
def settings(application_id): def settings(application_id):
application = Applications.get(application_id) application = Applications.get(application_id)
form = ApplicationForm(name=application.name, description=application.description) form = ApplicationForm(name=application.name, description=application.description)
environments_obj = get_environments_obj_for_app(application=application)
members_form = AppEnvRolesForm(data=data_for_app_env_roles_form(application))
return render_template( return render_template(
"portfolios/applications/settings.html", "portfolios/applications/settings.html",
application=application, application=application,
form=form, form=form,
environments_obj=get_environments_obj_for_app(application=application), environments_obj=environments_obj,
members_form=members_form,
) )
@ -146,13 +149,17 @@ def update(application_id):
def update_env_roles(environment_id): def update_env_roles(environment_id):
environment = Environments.get(environment_id) environment = Environments.get(environment_id)
application = environment.application application = environment.application
form = EnvironmentRolesForm(formdata=http_request.form) form = AppEnvRolesForm(formdata=http_request.form)
if form.validate(): if form.validate():
env_data = []
try: try:
user_ids = [user["user_id"] for user in form.data["team_roles"]] for env in form.envs.data:
check_users_are_in_application(user_ids, application) if env["env_id"] == str(environment.id):
for role in env["team_roles"]:
user_ids = [user["user_id"] for user in role["members"]]
check_users_are_in_application(user_ids, application)
env_data = env_data + role["members"]
except NotFoundError as err: except NotFoundError as err:
app.logger.warning( app.logger.warning(
"User {} requested environment role change for unauthorized user {} in application {}.".format( "User {} requested environment role change for unauthorized user {} in application {}.".format(
@ -162,9 +169,9 @@ def update_env_roles(environment_id):
) )
raise (err) raise (err)
env_data = form.data
Environments.update_env_roles_by_environment( Environments.update_env_roles_by_environment(
environment_id=environment_id, team_roles=env_data["team_roles"] environment_id=environment_id, team_roles=env_data
) )
flash("application_environment_members_updated") flash("application_environment_members_updated")

2
styles/sections/_application_edit.scss
View File

@ -133,7 +133,7 @@
.action-group-cancel__action { .action-group-cancel__action {
position: absolute; position: absolute;
right: ($search-button-width * 2) + ($gap * 2); right: $search-button-width * 2 + $gap * 2;
top: -($gap * 8); top: -($gap * 8);
} }
} }

40
templates/fragments/applications/edit_environments.html
View File

@ -6,7 +6,8 @@
{% from "components/text_input.html" import TextInput %} {% from "components/text_input.html" import TextInput %}
{% from "components/toggle_list.html" import ToggleButton, ToggleSection %} {% from "components/toggle_list.html" import ToggleButton, ToggleSection %}
{% macro RolePanel(users=[], role='no_access', members_form=[]) %} {% macro RolePanel(role_form) %}
{% set role = role_form.role.data %}
{% if role == 'no_access' %} {% if role == 'no_access' %}
{% set role = 'Unassigned (No Access)' %} {% set role = 'Unassigned (No Access)' %}
{% set unassigned = True %} {% set unassigned = True %}
@ -15,11 +16,11 @@
<div class='environment-role'> <div class='environment-role'>
<h4>{{ role }}</h4> <h4>{{ role }}</h4>
<ul class='environment-role__users'> <ul class='environment-role__users'>
{% for user in users %} {% for member in role_form.members %}
{% set section_name = "env_member_{}".format(user.user_id) %} {% set section_name = "env_member_{}".format(member.user_id) %}
<li class="environment-role__user {{ 'unassigned' if unassigned }}"> <li class="environment-role__user {{ 'unassigned' if unassigned }}">
{{ user.name }} {{ member.user_name.data }}
<span class="icon-link right"> <span class="icon-link right">
{% set edit_env_members_button %} {% set edit_env_members_button %}
{{ Icon('edit', classes="icon--medium") }} {{ Icon('edit', classes="icon--medium") }}
@ -34,17 +35,13 @@
}} }}
</span> </span>
{% call ToggleSection(section_name=section_name, classes="environment-role__user-field") %} {% call ToggleSection(section_name=section_name, classes="environment-role__user-field") %}
{% for member in members_form %} {{ OptionsInput(member.role, label=False) }}
{% if member.user_id.data == user.user_id %} {{ member.user_id() }}
{{ OptionsInput(member.role, label=False) }}
{{ member.user_id() }}
{% endif %}
{% endfor %}
{% endcall %} {% endcall %}
</li> </li>
{% endfor %} {% endfor %}
{% if users == [] %} {% if role_form.members.data == [] %}
<div class='environment-role__no-user'>Currently no members are in this role</div> <div class='environment-role__no-user'>Currently no members are in this role</div>
{% endif %} {% endif %}
</ul> </ul>
@ -74,10 +71,6 @@
<ul class="accordion-table__items"> <ul class="accordion-table__items">
{% for env in environments_obj %} {% for env in environments_obj %}
{% set edit_form = env['edit_form'] %}
{% set member_count = env['members_form'].data['team_roles'] | length %}
{% set members_by_role = env['members'] %}
{% set unassigned = members_by_role['no_access'] %}
{% set delete_environment_modal_id = "delete_modal_environment{}".format(env['id']) %} {% set delete_environment_modal_id = "delete_modal_environment{}".format(env['id']) %}
<toggler inline-template {% if edit_form.errors %}initial-selected-section="edit"{% endif %}> <toggler inline-template {% if edit_form.errors %}initial-selected-section="edit"{% endif %}>
@ -108,11 +101,11 @@
</div> </div>
<div class="col col--grow icon-link icon-link--large accordion-table__item__toggler"> <div class="col col--grow icon-link icon-link--large accordion-table__item__toggler">
{% set open_members_button %} {% set open_members_button %}
{{ "common.members" | translate }} ({{ member_count }}) {{ Icon('caret_down') }} {{ "common.members" | translate }} ({{ env['member_count'] }}) {{ Icon('caret_down') }}
{% endset %} {% endset %}
{% set close_members_button %} {% set close_members_button %}
{{ "common.members" | translate }} ({{ member_count }}) {{ Icon('caret_up') }} {{ "common.members" | translate }} ({{ env['member_count'] }}) {{ Icon('caret_up') }}
{% endset %} {% endset %}
{{ {{
@ -128,13 +121,16 @@
{% call ToggleSection(section_name="members", classes="environment-roles") %} {% call ToggleSection(section_name="members", classes="environment-roles") %}
<div class='app-team-settings-link'>Need to add someone new to the team? <a href='{{ url_for("applications.team", application_id=application.id) }}'>Jump to Team Settings</a></div> <div class='app-team-settings-link'>Need to add someone new to the team? <a href='{{ url_for("applications.team", application_id=application.id) }}'>Jump to Team Settings</a></div>
<toggler inline-template> <toggler inline-template>
{% set members_form = env['members_form'] %}
<form action="{{ url_for('applications.update_env_roles', environment_id=env['id']) }}" method="post"> <form action="{{ url_for('applications.update_env_roles', environment_id=env['id']) }}" method="post">
{{ members_form.csrf_token }} {{ members_form.csrf_token }}
{% for role, members in members_by_role.items() %} {% for env_form in members_form.envs %}
{{ RolePanel(users=members, role=role, members_form=env['members_form']['team_roles']) }} {{ env_form.env_id() }}
{% if env_form.env_id.data == env['id'] %}
{% for role_form in env_form.team_roles %}
{{ RolePanel(role_form) }}
{% endfor %}
{% endif %}
{% endfor %} {% endfor %}
{{ env['members_form'].env_id() }}
<div class='action-group'> <div class='action-group'>
{{ {{
SaveButton( SaveButton(
@ -199,7 +195,7 @@
<div class="action-group"> <div class="action-group">
<a class='icon-link'> <a class='icon-link'>
{{ "portfolios.applications.add_environment" | translate }} {{ "portfolios.applications.add_environment" | translate }}
{{ Icon('plus-circle-solid') }} {{ Icon('plus') }}
</a> </a>
</div> </div>
</div> </div>

6
templates/fragments/applications/read_only_environments.html
View File

@ -26,11 +26,11 @@
<span class="icon-link icon-link--large accordion-table__item__toggler"> <span class="icon-link icon-link--large accordion-table__item__toggler">
{% set open_members_button %} {% set open_members_button %}
{{ "common.members" | translate }} ({{ env['members'] | length }}) {{ Icon('caret_down') }} {{ "common.members" | translate }} ({{ env['member_count'] }}) {{ Icon('caret_down') }}
{% endset %} {% endset %}
{% set close_members_button %} {% set close_members_button %}
{{ "common.members" | translate }} ({{ env['members'] | length }}) {{ Icon('caret_up') }} {{ "common.members" | translate }} ({{ env['member_count'] }}) {{ Icon('caret_up') }}
{% endset %} {% endset %}
{{ {{
@ -47,7 +47,7 @@
<ul> <ul>
{% for member in env['members'] %} {% for member in env['members'] %}
<li class="accordion-table__item__expanded"> <li class="accordion-table__item__expanded">
<div class="accordion-table__item__expanded_first">{{ member.name }}</div> <div class="accordion-table__item__expanded_first">{{ member }}</div>
</li> </li>
{% endfor %} {% endfor %}
</ul> </ul>

58
tests/domain/test_environments.py
View File

@ -39,9 +39,7 @@ def test_update_env_role_no_access():
user=env_role.user, application=env_role.environment.application user=env_role.user, application=env_role.environment.application
) )
assert Environments.update_env_role( assert Environments.update_env_role(env_role.environment, env_role.user, None)
env_role.environment, env_role.user, "no_access"
)
assert not EnvironmentRoles.get(env_role.user.id, env_role.environment.id) assert not EnvironmentRoles.get(env_role.user.id, env_role.environment.id)
@ -92,7 +90,7 @@ def test_update_env_roles_by_environment():
{ {
"user_id": env_role_3.user.id, "user_id": env_role_3.user.id,
"name": env_role_3.user.full_name, "name": env_role_3.user.full_name,
"role": "no_access", "role": None,
}, },
] ]
@ -127,7 +125,7 @@ def test_update_env_roles_by_member():
{"id": dev.id, "role": CSPRole.NETWORK_ADMIN.value}, {"id": dev.id, "role": CSPRole.NETWORK_ADMIN.value},
{"id": staging.id, "role": CSPRole.BUSINESS_READ.value}, {"id": staging.id, "role": CSPRole.BUSINESS_READ.value},
{"id": prod.id, "role": CSPRole.TECHNICAL_READ.value}, {"id": prod.id, "role": CSPRole.TECHNICAL_READ.value},
{"id": testing.id, "role": "no_access"}, {"id": testing.id, "role": None},
] ]
Environments.update_env_roles_by_member(user, env_roles) Environments.update_env_roles_by_member(user, env_roles)
@ -138,6 +136,56 @@ def test_update_env_roles_by_member():
assert not EnvironmentRoles.get(user.id, testing.id) assert not EnvironmentRoles.get(user.id, testing.id)
def test_get_members_by_role(db):
environment = EnvironmentFactory.create()
env_role_1 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.BASIC_ACCESS.value
)
env_role_2 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.TECHNICAL_READ.value
)
env_role_3 = EnvironmentRoleFactory.create(
environment=environment, role=CSPRole.TECHNICAL_READ.value
)
rando_env = EnvironmentFactory.create()
rando_env_role = EnvironmentRoleFactory.create(
environment=rando_env, role=CSPRole.BASIC_ACCESS.value
)
basic_access_members = Environments.get_members_by_role(
environment, CSPRole.BASIC_ACCESS.value
)
assert basic_access_members == [
{
"user_id": env_role_1.user_id,
"user_name": env_role_1.user.full_name,
"role": CSPRole.BASIC_ACCESS.value,
}
]
assert {
"user_id": rando_env_role.user_id,
"user_name": rando_env_role.user.full_name,
"role": CSPRole.BASIC_ACCESS.value,
} not in basic_access_members
assert Environments.get_members_by_role(
environment, CSPRole.TECHNICAL_READ.value
) == [
{
"user_id": env_role_2.user_id,
"user_name": env_role_2.user.full_name,
"role": CSPRole.TECHNICAL_READ.value,
},
{
"user_id": env_role_3.user_id,
"user_name": env_role_3.user.full_name,
"role": CSPRole.TECHNICAL_READ.value,
},
]
assert (
Environments.get_members_by_role(environment, CSPRole.BUSINESS_READ.value) == []
)
def test_get_scoped_environments(db): def test_get_scoped_environments(db):
developer = UserFactory.create() developer = UserFactory.create()
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(

111
tests/routes/applications/test_settings.py
View File

@ -22,7 +22,7 @@ from atst.domain.exceptions import NotFoundError
from atst.models.environment_role import CSPRole from atst.models.environment_role import CSPRole
from atst.models.portfolio_role import Status as PortfolioRoleStatus from atst.models.portfolio_role import Status as PortfolioRoleStatus
from atst.forms.application import EditEnvironmentForm from atst.forms.application import EditEnvironmentForm
from atst.forms.app_settings import EnvironmentRolesForm from atst.forms.app_settings import AppEnvRolesForm
from tests.utils import captured_templates from tests.utils import captured_templates
@ -116,23 +116,88 @@ def test_edit_application_environments_obj(app, client, user_session):
assert response.status_code == 200 assert response.status_code == 200
_, context = templates[0] _, context = templates[0]
assert isinstance(context["members_form"], AppEnvRolesForm)
env_obj = context["environments_obj"][0] env_obj = context["environments_obj"][0]
assert env_obj["name"] == env.name assert env_obj["name"] == env.name
assert env_obj["id"] == env.id assert env_obj["id"] == env.id
assert isinstance(env_obj["edit_form"], EditEnvironmentForm) assert isinstance(env_obj["edit_form"], EditEnvironmentForm)
assert isinstance(env_obj["members_form"], EnvironmentRolesForm) assert (
assert env_obj["members"] == { env_obj["members"].sort()
"no_access": [ == [env_role1.user.full_name, env_role2.user.full_name].sort()
{"user_id": app_role.user_id, "name": app_role.user.full_name} )
],
CSPRole.BASIC_ACCESS.value: [
{"user_id": env_role1.user_id, "name": env_role1.user.full_name} def test_data_for_app_env_roles_form(app, client, user_session):
], portfolio = PortfolioFactory.create()
CSPRole.NETWORK_ADMIN.value: [ application = Applications.create(
{"user_id": env_role2.user_id, "name": env_role2.user.full_name} portfolio,
], "Snazzy Application",
CSPRole.BUSINESS_READ.value: [], "A new application for me and my friends",
CSPRole.TECHNICAL_READ.value: [], {"env"},
)
env = application.environments[0]
app_role = ApplicationRoleFactory.create(application=application)
env_role1 = EnvironmentRoleFactory.create(
environment=env, role=CSPRole.BASIC_ACCESS.value
)
ApplicationRoleFactory.create(application=application, user=env_role1.user)
env_role2 = EnvironmentRoleFactory.create(
environment=env, role=CSPRole.NETWORK_ADMIN.value
)
ApplicationRoleFactory.create(application=application, user=env_role2.user)
user_session(portfolio.owner)
with captured_templates(app) as templates:
response = app.test_client().get(
url_for("applications.settings", application_id=application.id)
)
assert response.status_code == 200
_, context = templates[0]
members_form = context["members_form"]
assert isinstance(members_form, AppEnvRolesForm)
assert members_form.data == {
"envs": [
{
"env_id": env.id,
"team_roles": [
{
"role": "no_access",
"members": [
{
"user_id": app_role.user_id,
"user_name": app_role.user.full_name,
"role": None,
}
],
},
{
"role": CSPRole.BASIC_ACCESS.value,
"members": [
{
"user_id": env_role1.user_id,
"user_name": env_role1.user.full_name,
"role": CSPRole.BASIC_ACCESS.value,
}
],
},
{
"role": CSPRole.NETWORK_ADMIN.value,
"members": [
{
"user_id": env_role2.user_id,
"user_name": env_role2.user.full_name,
"role": CSPRole.NETWORK_ADMIN.value,
}
],
},
{"role": CSPRole.BUSINESS_READ.value, "members": []},
{"role": CSPRole.TECHNICAL_READ.value, "members": []},
],
}
]
} }
@ -234,15 +299,15 @@ def test_update_team_env_roles(client, user_session):
app_role = ApplicationRoleFactory.create(application=application) app_role = ApplicationRoleFactory.create(application=application)
form_data = { form_data = {
"env_id": environment.id, "envs-0-env_id": environment.id,
"team_roles-0-user_id": env_role_1.user.id, "envs-0-team_roles-0-members-0-user_id": app_role.user.id,
"team_roles-0-role": CSPRole.NETWORK_ADMIN.value, "envs-0-team_roles-0-members-0-role": CSPRole.TECHNICAL_READ.value,
"team_roles-1-user_id": env_role_2.user.id, "envs-0-team_roles-1-members-0-user_id": env_role_1.user.id,
"team_roles-1-role": CSPRole.BASIC_ACCESS.value, "envs-0-team_roles-1-members-0-role": CSPRole.NETWORK_ADMIN.value,
"team_roles-2-user_id": env_role_3.user.id, "envs-0-team_roles-1-members-1-user_id": env_role_2.user.id,
"team_roles-2-role": "no_access", "envs-0-team_roles-1-members-1-role": CSPRole.BASIC_ACCESS.value,
"team_roles-3-user_id": app_role.user.id, "envs-0-team_roles-1-members-2-user_id": env_role_3.user.id,
"team_roles-3-role": CSPRole.TECHNICAL_READ.value, "envs-0-team_roles-1-members-2-role": "no_access",
} }
user_session(application.portfolio.owner) user_session(application.portfolio.owner)