diff --git a/atst/domain/workspace_roles.py b/atst/domain/workspace_roles.py index 131cbac9..eba673c4 100644 --- a/atst/domain/workspace_roles.py +++ b/atst/domain/workspace_roles.py @@ -33,6 +33,20 @@ class WorkspaceRoles(object): return workspace_role + @classmethod + def get_by_id(cls, id_): + try: + workspace_role = ( + db.session.query(WorkspaceRole) + .join(User) + .filter(WorkspaceRole.id == id_) + .one() + ) + except NoResultFound: + workspace_role = None + + return workspace_role + @classmethod def _get_active_workspace_role(cls, workspace_id, user_id): try: diff --git a/atst/domain/workspaces/workspaces.py b/atst/domain/workspaces/workspaces.py index 97cf1514..8fad3691 100644 --- a/atst/domain/workspaces/workspaces.py +++ b/atst/domain/workspaces/workspaces.py @@ -3,6 +3,7 @@ from atst.domain.authz import Authorization from atst.models.permissions import Permissions from atst.domain.users import Users from atst.domain.workspace_roles import WorkspaceRoles +from atst.domain.environments import Environments from atst.models.workspace_role import Status as WorkspaceRoleStatus from .query import WorkspacesQuery @@ -140,13 +141,15 @@ class Workspaces(object): WorkspacesQuery.add_and_commit(workspace) @classmethod - def revoke_access(cls, user, workspace, target_workspace_role): + def revoke_access(cls, user, workspace_id, workspace_role_id): # TODO: What permission to here? Do we need a new one? # Authorization.check_workspace_permission( # user, workspace, Permissions.REQUEST_NEW_CSP_ROLE, "revoke workspace access" # ) - target_workspace_role.status = WorkspaceRoleStatus.DISABLED + workspace = WorkspacesQuery.get(workspace_id) + workspace_role = WorkspaceRoles.get_by_id(workspace_role_id) + workspace_role.status = WorkspaceRoleStatus.DISABLED for environment in workspace.all_environments: # TODO: Implement Environments.revoke_access - Environments.revoke_access(user, environment, target_workspace_role.user) - return WorkspacesQuery.add_and_commit(target_workspace_role) + Environments.revoke_access(user, environment, workspace_role.user) + return WorkspacesQuery.add_and_commit(workspace_role) diff --git a/templates/workspaces/members/edit.html b/templates/workspaces/members/edit.html index f83149d3..f6950c27 100644 --- a/templates/workspaces/members/edit.html +++ b/templates/workspaces/members/edit.html @@ -53,6 +53,12 @@ confirm_msg="Are you sure? This will send an email to invite the user to join this workspace." )}} {% endif %} + {{ ConfirmationButton ( + "Remove Workspace Access", + url_for("workspaces.revoke_access", workspace_id=workspace.id, member_id=member.id), + form.csrf_token, + confirm_msg="Are you sure? This will remove this user from the workspace.", + )}} diff --git a/tests/domain/test_workspaces.py b/tests/domain/test_workspaces.py index 99d82138..f077eb08 100644 --- a/tests/domain/test_workspaces.py +++ b/tests/domain/test_workspaces.py @@ -307,5 +307,5 @@ def test_can_create_workspaces_with_matching_names(): def test_can_remove_workspace_access(): workspace = WorkspaceFactory.create() workspace_role = WorkspaceRoleFactory.create(workspace=workspace) - Workspaces.revoke_access(workspace.owner, workspace, workspace_role) + Workspaces.revoke_access(workspace.owner, workspace.id, workspace_role.id) assert Workspaces.for_user(workspace_role.user) == []