diff --git a/alembic/versions/49e12ae7c9ca_add_last_login_to_user.py b/alembic/versions/49e12ae7c9ca_add_last_login_to_user.py new file mode 100644 index 00000000..5c49b24b --- /dev/null +++ b/alembic/versions/49e12ae7c9ca_add_last_login_to_user.py @@ -0,0 +1,28 @@ +"""add last login to user + +Revision ID: 49e12ae7c9ca +Revises: fc08d99bb7f7 +Create Date: 2019-03-28 15:46:58.226281 + +""" +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = '49e12ae7c9ca' +down_revision = 'fc08d99bb7f7' +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.add_column('users', sa.Column('last_login', sa.TIMESTAMP(timezone=True), nullable=True)) + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column('users', 'last_login') + # ### end Alembic commands ### diff --git a/atst/app.py b/atst/app.py index adf018ed..13c801f8 100644 --- a/atst/app.py +++ b/atst/app.py @@ -29,11 +29,16 @@ from atst.utils.form_cache import FormCache from atst.utils.json import CustomJSONEncoder from atst.queue import queue +from logging.config import dictConfig +from atst.utils.logging import JsonFormatter, RequestContextFilter + ENV = os.getenv("FLASK_ENV", "dev") def make_app(config): + if ENV == "prod" or config.get("LOG_JSON"): + apply_json_logger() parent_dir = Path().parent @@ -143,6 +148,7 @@ def map_config(config): "RQ_QUEUES": [config["default"]["RQ_QUEUES"]], "DISABLE_CRL_CHECK": config.getboolean("default", "DISABLE_CRL_CHECK"), "CRL_FAIL_OPEN": config.getboolean("default", "CRL_FAIL_OPEN"), + "LOG_JSON": config.getboolean("default", "LOG_JSON"), } @@ -228,3 +234,22 @@ def make_mailer(app): ) sender = app.config.get("MAIL_SENDER") app.mailer = mailer.Mailer(mailer_connection, sender) + + +def apply_json_logger(): + dictConfig( + { + "version": 1, + "formatters": {"default": {"()": lambda *a, **k: JsonFormatter()}}, + "filters": {"requests": {"()": lambda *a, **k: RequestContextFilter()}}, + "handlers": { + "wsgi": { + "class": "logging.StreamHandler", + "stream": "ext://flask.logging.wsgi_errors_stream", + "formatter": "default", + "filters": ["requests"], + } + }, + "root": {"level": "INFO", "handlers": ["wsgi"]}, + } + ) diff --git a/atst/domain/auth.py b/atst/domain/auth.py index 8be8429f..1737763f 100644 --- a/atst/domain/auth.py +++ b/atst/domain/auth.py @@ -22,6 +22,8 @@ def apply_authentication(app): user = get_current_user() if user: g.current_user = user + g.last_login = get_last_login() + if should_redirect_to_user_profile(request, user): return redirect(url_for("users.user", next=request.path)) elif not _unprotected_route(request): @@ -50,9 +52,14 @@ def get_current_user(): return False +def get_last_login(): + return session.get("user_id") and session.get("last_login") + + def logout(): if session.get("user_id"): # pragma: no branch del session["user_id"] + del session["last_login"] def _unprotected_route(request): diff --git a/atst/domain/authnid/crl/__init__.py b/atst/domain/authnid/crl/__init__.py index 3451e30e..6a5addd2 100644 --- a/atst/domain/authnid/crl/__init__.py +++ b/atst/domain/authnid/crl/__init__.py @@ -2,6 +2,7 @@ import sys import os import re import hashlib +import logging from flask import current_app as app from datetime import datetime from OpenSSL import crypto, SSL @@ -30,9 +31,9 @@ class CRLInterface: def __init__(self, *args, logger=None, **kwargs): self.logger = logger - def _log_info(self, message): + def _log(self, message, level=logging.INFO): if self.logger: - self.logger.info(message) + self.logger.log(level, message, extras={"tags": ["authorization", "crl"]}) def crl_check(self, cert): raise NotImplementedError() @@ -50,7 +51,7 @@ class NoOpCRLCache(CRLInterface): def crl_check(self, cert): cn = self._get_cn(cert) - self._log_info( + self._log( "Did not perform CRL validation for certificate with Common Name '{}'".format( cn ) @@ -111,11 +112,14 @@ class CRLCache(CRLInterface): try: return crypto.load_crl(crypto.FILETYPE_ASN1, crl_file.read()) except crypto.Error: - self._log_info("Could not load CRL at location {}".format(crl_location)) + self._log( + "Could not load CRL at location {}".format(crl_location), + level=logging.WARNING, + ) def _build_store(self, issuer): store = self.store_class() - self._log_info("STORE ID: {}. Building store.".format(id(store))) + self._log("STORE ID: {}. Building store.".format(id(store))) store.set_flags(crypto.X509StoreFlags.CRL_CHECK) crl_info = self.crl_cache.get(issuer.der(), {}) issuer_name = get_common_name(issuer) @@ -132,7 +136,7 @@ class CRLCache(CRLInterface): crl = self._load_crl(crl_info["location"]) store.add_crl(crl) - self._log_info( + self._log( "STORE ID: {}. Adding CRL with issuer Common Name {}".format( id(store), issuer_name ) @@ -158,7 +162,7 @@ class CRLCache(CRLInterface): def _add_certificate_chain_to_store(self, store, issuer): ca = self.certificate_authorities.get(issuer.der()) store.add_cert(ca) - self._log_info( + self._log( "STORE ID: {}. Adding CA with subject {}".format( id(store), ca.get_subject() ) @@ -182,10 +186,11 @@ class CRLCache(CRLInterface): except crypto.X509StoreContextError as err: if err.args[0][0] == CRL_EXPIRED_ERROR_CODE: if app.config.get("CRL_FAIL_OPEN"): - self._log_info( + self._log( "Encountered expired CRL for certificate with CN {} and issuer CN {}, failing open.".format( parsed.get_subject().CN, parsed.get_issuer().CN - ) + ), + level=logging.WARNING, ) return True else: diff --git a/atst/domain/authz/__init__.py b/atst/domain/authz/__init__.py index 6e8cdfea..38e3fa38 100644 --- a/atst/domain/authz/__init__.py +++ b/atst/domain/authz/__init__.py @@ -1,6 +1,7 @@ from atst.utils import first_or_none from atst.models.permissions import Permissions from atst.domain.exceptions import UnauthorizedError +from atst.models.portfolio_role import Status as PortfolioRoleStatus class Authorization(object): @@ -9,7 +10,7 @@ class Authorization(object): port_role = first_or_none( lambda pr: pr.portfolio == portfolio, user.portfolio_roles ) - if port_role: + if port_role and port_role.status is not PortfolioRoleStatus.DISABLED: return permission in port_role.permissions else: return False diff --git a/atst/domain/authz/decorator.py b/atst/domain/authz/decorator.py index e9efac3a..980ee04c 100644 --- a/atst/domain/authz/decorator.py +++ b/atst/domain/authz/decorator.py @@ -45,17 +45,19 @@ def user_can_access_decorator(permission, message=None, override=None): try: check_access(permission, message, override, *args, **kwargs) app.logger.info( - "[access] User {} accessed {} {}".format( + "User {} accessed {} {}".format( g.current_user.id, request.method, request.path - ) + ), + extra={"tags": ["access", "success"]}, ) return f(*args, **kwargs) except UnauthorizedError as err: app.logger.warning( - "[access] User {} denied access {} {}".format( + "User {} denied access {} {}".format( g.current_user.id, request.method, request.path - ) + ), + extra={"tags": ["access", "failure"]}, ) raise (err) diff --git a/atst/domain/portfolio_roles.py b/atst/domain/portfolio_roles.py index 153d4707..cb123b4a 100644 --- a/atst/domain/portfolio_roles.py +++ b/atst/domain/portfolio_roles.py @@ -121,6 +121,15 @@ class PortfolioRoles(object): ) return PermissionSets.get_many(perms_set_names) + @classmethod + def disable(cls, portfolio_role): + portfolio_role.status = PortfolioRoleStatus.DISABLED + + db.session.add(portfolio_role) + db.session.commit() + + return portfolio_role + @classmethod def update(cls, portfolio_role, set_names): new_permission_sets = PortfolioRoles._permission_sets_for_names(set_names) diff --git a/atst/domain/users.py b/atst/domain/users.py index 21a896a3..baf5acb0 100644 --- a/atst/domain/users.py +++ b/atst/domain/users.py @@ -1,5 +1,6 @@ from sqlalchemy.orm.exc import NoResultFound from sqlalchemy.exc import IntegrityError +from datetime import datetime from atst.database import db from atst.models import User @@ -82,6 +83,12 @@ class Users(object): return user + @classmethod + def update_last_login(cls, user): + user.last_login = datetime.now() + db.session.add(user) + db.session.commit() + @classmethod def finalize(cls, user): user.provisional = False diff --git a/atst/forms/edit_user.py b/atst/forms/edit_user.py index ec9db68a..835db7e3 100644 --- a/atst/forms/edit_user.py +++ b/atst/forms/edit_user.py @@ -29,16 +29,14 @@ USER_FIELDS = { translate("forms.edit_user.service_branch_label"), choices=SERVICE_BRANCHES ), "citizenship": RadioField( - description=translate("forms.edit_user.citizenship_description"), choices=[ ("United States", "United States"), ("Foreign National", "Foreign National"), ("Other", "Other"), - ], + ] ), "designation": RadioField( translate("forms.edit_user.designation_label"), - description=translate("forms.edit_user.designation_description"), choices=[ ("military", "Military"), ("civilian", "Civilian"), diff --git a/atst/forms/portfolio_member.py b/atst/forms/portfolio_member.py index 2293deed..10009759 100644 --- a/atst/forms/portfolio_member.py +++ b/atst/forms/portfolio_member.py @@ -1,6 +1,6 @@ -from wtforms.fields import StringField, FormField, FieldList from wtforms.fields.html5 import EmailField, TelField from wtforms.validators import Required, Email, Length, Optional +from wtforms.fields import StringField, FormField, FieldList, HiddenField from atst.domain.permission_sets import PermissionSets from .forms import BaseForm @@ -11,32 +11,33 @@ from atst.utils.localization import translate class PermissionsForm(BaseForm): member = StringField() + user_id = HiddenField() perms_app_mgmt = SelectField( None, choices=[ - (PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT, "View Only"), - (PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT, "Edit Access"), + (PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT, "View only"), + (PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT, "Edit access"), ], ) perms_funding = SelectField( None, choices=[ - (PermissionSets.VIEW_PORTFOLIO_FUNDING, "View Only"), - (PermissionSets.EDIT_PORTFOLIO_FUNDING, "Edit Access"), + (PermissionSets.VIEW_PORTFOLIO_FUNDING, "View only"), + (PermissionSets.EDIT_PORTFOLIO_FUNDING, "Edit access"), ], ) perms_reporting = SelectField( None, choices=[ - (PermissionSets.VIEW_PORTFOLIO_REPORTS, "View Only"), - (PermissionSets.EDIT_PORTFOLIO_REPORTS, "Edit Access"), + (PermissionSets.VIEW_PORTFOLIO_REPORTS, "View only"), + (PermissionSets.EDIT_PORTFOLIO_REPORTS, "Edit access"), ], ) perms_portfolio_mgmt = SelectField( None, choices=[ - (PermissionSets.VIEW_PORTFOLIO_ADMIN, "View Only"), - (PermissionSets.EDIT_PORTFOLIO_ADMIN, "Edit Access"), + (PermissionSets.VIEW_PORTFOLIO_ADMIN, "View only"), + (PermissionSets.EDIT_PORTFOLIO_ADMIN, "Edit access"), ], ) diff --git a/atst/models/user.py b/atst/models/user.py index 22806c7d..1a156fec 100644 --- a/atst/models/user.py +++ b/atst/models/user.py @@ -1,4 +1,4 @@ -from sqlalchemy import String, ForeignKey, Column, Date, Boolean, Table +from sqlalchemy import String, ForeignKey, Column, Date, Boolean, Table, TIMESTAMP from sqlalchemy.orm import relationship from sqlalchemy.dialects.postgresql import UUID @@ -36,6 +36,7 @@ class User( citizenship = Column(String) designation = Column(String) date_latest_training = Column(Date) + last_login = Column(TIMESTAMP(timezone=True), nullable=True) provisional = Column(Boolean) diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index 2f1ad3c2..b4543d07 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -122,6 +122,12 @@ def redirect_after_login_url(): return url_for("atst.home") +def current_user_setup(user): + session["user_id"] = user.id + session["last_login"] = user.last_login + Users.update_last_login(user) + + @bp.route("/login-redirect") def login_redirect(): auth_context = _make_authentication_context() @@ -131,8 +137,7 @@ def login_redirect(): if user.provisional: Users.finalize(user) - session["user_id"] = user.id - + current_user_setup(user) return redirect(redirect_after_login_url()) diff --git a/atst/routes/dev.py b/atst/routes/dev.py index 6a9631d5..72a9b75f 100644 --- a/atst/routes/dev.py +++ b/atst/routes/dev.py @@ -1,7 +1,6 @@ from flask import ( Blueprint, request, - session, redirect, render_template, url_for, @@ -9,7 +8,7 @@ from flask import ( ) import pendulum -from . import redirect_after_login_url +from . import redirect_after_login_url, current_user_setup from atst.domain.users import Users from atst.domain.permission_sets import PermissionSets from atst.queue import queue @@ -124,8 +123,7 @@ def login_dev(): user_data, ), ) - session["user_id"] = user.id - + current_user_setup(user) return redirect(redirect_after_login_url()) diff --git a/atst/routes/errors.py b/atst/routes/errors.py index d00c7f0a..c129e08d 100644 --- a/atst/routes/errors.py +++ b/atst/routes/errors.py @@ -15,7 +15,7 @@ from atst.utils.flash import formatted_flash as flash def log_error(e): error_message = e.message if hasattr(e, "message") else str(e) - current_app.logger.error(error_message) + current_app.logger.exception(error_message) def handle_error(e, message="Not Found", code=404): diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py index 78f0ba68..daf768ae 100644 --- a/atst/routes/portfolios/index.py +++ b/atst/routes/portfolios/index.py @@ -5,6 +5,7 @@ from flask import render_template, request as http_request, g, redirect, url_for from . import portfolios_bp from atst.domain.reports import Reports from atst.domain.portfolios import Portfolios +from atst.domain.portfolio_roles import PortfolioRoles from atst.domain.audit_log import AuditLog from atst.domain.common import Paginator from atst.forms.portfolio import PortfolioForm @@ -12,6 +13,8 @@ import atst.forms.portfolio_member as member_forms from atst.models.permissions import Permissions from atst.domain.permission_sets import PermissionSets from atst.domain.authz.decorator import user_can_access_decorator as user_can +from atst.utils.flash import formatted_flash as flash +from atst.domain.exceptions import UnauthorizedError @portfolios_bp.route("/portfolios") @@ -34,6 +37,7 @@ def permission_str(member, edit_perm_set, view_perm_set): def serialize_member_form_data(member): return { "member": member.user.full_name, + "user_id": member.user_id, "perms_app_mgmt": permission_str( member, PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT, @@ -86,6 +90,33 @@ def portfolio_admin(portfolio_id): return render_admin_page(portfolio) +@portfolios_bp.route("/portfolios//admin", methods=["POST"]) +@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="view portfolio admin page") +def edit_portfolio_members(portfolio_id): + portfolio = Portfolios.get_for_update(portfolio_id) + member_perms_form = member_forms.MembersPermissionsForm(http_request.form) + + if member_perms_form.validate(): + for subform in member_perms_form.members_permissions: + new_perm_set = subform.data["permission_sets"] + user_id = subform.user_id.data + portfolio_role = PortfolioRoles.get(portfolio.id, user_id) + PortfolioRoles.update(portfolio_role, new_perm_set) + + flash("update_portfolio_members", portfolio=portfolio) + + return redirect( + url_for( + "portfolios.portfolio_admin", + portfolio_id=portfolio.id, + fragment="portfolio-members", + _anchor="portfolio-members", + ) + ) + else: + return render_admin_page(portfolio) + + @portfolios_bp.route("/portfolios//edit", methods=["POST"]) @user_can(Permissions.EDIT_PORTFOLIO_NAME, message="edit portfolio") def edit_portfolio(portfolio_id): @@ -143,3 +174,28 @@ def portfolio_reports(portfolio_id): expiration_date=expiration_date, remaining_days=remaining_days, ) + + +@portfolios_bp.route( + "/portfolios//members//delete", methods=["POST"] +) +@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio members") +def remove_member(portfolio_id, user_id): + if str(g.current_user.id) == user_id: + raise UnauthorizedError( + g.current_user, "you cant remove yourself from the portfolio" + ) + + portfolio_role = PortfolioRoles.get(portfolio_id=portfolio_id, user_id=user_id) + PortfolioRoles.disable(portfolio_role=portfolio_role) + + flash("portfolio_member_removed", member_name=portfolio_role.user.full_name) + + return redirect( + url_for( + "portfolios.portfolio_admin", + portfolio_id=portfolio_id, + _anchor="portfolio-members", + fragment="portfolio-members", + ) + ) diff --git a/atst/routes/portfolios/task_orders.py b/atst/routes/portfolios/task_orders.py index 553d226d..a3c77631 100644 --- a/atst/routes/portfolios/task_orders.py +++ b/atst/routes/portfolios/task_orders.py @@ -231,6 +231,7 @@ def task_order_invitations(portfolio_id, task_order_id): portfolio=portfolio, task_order=task_order, form=form, + user=g.current_user, ) else: raise NotFoundError("task_order") diff --git a/atst/services/invitation.py b/atst/services/invitation.py index 0953d42a..b7c3c217 100644 --- a/atst/services/invitation.py +++ b/atst/services/invitation.py @@ -52,7 +52,7 @@ class Invitation: inviter, member, email, - subject="{} has invited you to a JEDI Cloud Portfolio", + subject="{} has invited you to a JEDI cloud portfolio", email_template="emails/invitation.txt", ): self.inviter = inviter diff --git a/atst/utils/flash.py b/atst/utils/flash.py index 1159e4c8..bae2821a 100644 --- a/atst/utils/flash.py +++ b/atst/utils/flash.py @@ -21,6 +21,13 @@ MESSAGES = { """, "category": "success", }, + "update_portfolio_members": { + "title_template": "Success!", + "message_template": """ +

You have successfully updated access permissions for members of {{ portfolio.name }}.

+ """, + "category": "success", + }, "new_portfolio_member": { "title_template": "Success!", "message_template": """ @@ -131,6 +138,11 @@ MESSAGES = { """, "category": "error", }, + "portfolio_member_removed": { + "title_template": "Portfolio Member Removed", + "message_template": "You have successfully removed {{ member_name }} from the portfolio.", + "category": "success", + }, } diff --git a/atst/utils/logging.py b/atst/utils/logging.py new file mode 100644 index 00000000..1ef84d0a --- /dev/null +++ b/atst/utils/logging.py @@ -0,0 +1,47 @@ +import datetime +import json +import logging + +from flask import g, request, has_request_context + + +class RequestContextFilter(logging.Filter): + def filter(self, record): + if has_request_context(): + if getattr(g, "current_user", None): + record.user_id = str(g.current_user.id) + + if request.environ.get("HTTP_X_REQUEST_ID"): + record.request_id = request.environ.get("HTTP_X_REQUEST_ID") + + return True + + +def epoch_to_iso8601(ts): + dt = datetime.datetime.utcfromtimestamp(ts) + return dt.replace(tzinfo=datetime.timezone.utc).isoformat() + + +class JsonFormatter(logging.Formatter): + _DEFAULT_RECORD_FIELDS = [ + ("timestamp", lambda r: epoch_to_iso8601(r.created)), + ("version", lambda r: 1), + ("request_id", lambda r: r.__dict__.get("request_id")), + ("user_id", lambda r: r.__dict__.get("user_id")), + ("severity", lambda r: r.levelname), + ("tags", lambda r: r.__dict__.get("tags")), + ("message", lambda r: r.msg), + ] + + def format(self, record): + message_dict = {} + for field, func in self._DEFAULT_RECORD_FIELDS: + message_dict[field] = func(record) + + if record.__dict__.get("exc_info") is not None: + message_dict["details"] = { + "backtrace": self.formatException(record.exc_info), + "exception": str(record.exc_info[1]), + } + + return json.dumps(message_dict) diff --git a/config/base.ini b/config/base.ini index 37f5df0a..7e41e672 100644 --- a/config/base.ini +++ b/config/base.ini @@ -10,6 +10,7 @@ DISABLE_CRL_CHECK = false CRL_FAIL_OPEN = false DEBUG = true ENVIRONMENT = dev +LOG_JSON = false PERMANENT_SESSION_LIFETIME = 600 PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv PGAPPNAME = atst diff --git a/script/alpine_setup b/script/alpine_setup index a06b5694..9b8613b5 100755 --- a/script/alpine_setup +++ b/script/alpine_setup @@ -10,7 +10,7 @@ APP_USER="atst" APP_UID="8010" # Add additional packages required by app dependencies -ADDITIONAL_PACKAGES="postgresql-libs python3 rsync uwsgi uwsgi-python3" +ADDITIONAL_PACKAGES="postgresql-libs python3 rsync uwsgi uwsgi-python3 uwsgi-logfile" # add sync-crl cronjob for atst user echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst diff --git a/styles/components/_footer.scss b/styles/components/_footer.scss index 0915d67b..7ab3ba50 100644 --- a/styles/components/_footer.scss +++ b/styles/components/_footer.scss @@ -11,6 +11,8 @@ bottom: 0; width: 100%; height: $footer-height; + color: $color-gray-dark; + font-size: 1.5rem; .app-footer__info { flex-grow: 1; diff --git a/styles/components/_portfolio_layout.scss b/styles/components/_portfolio_layout.scss index 539ef47b..7a33345b 100644 --- a/styles/components/_portfolio_layout.scss +++ b/styles/components/_portfolio_layout.scss @@ -291,6 +291,10 @@ height: 4rem; } + .usa-button-danger { + background: $color-red; + } + .members-table-footer { float: right; padding: 3 * $gap; diff --git a/templates/footer.html b/templates/footer.html index ff1f807a..39e1bf96 100644 --- a/templates/footer.html +++ b/templates/footer.html @@ -7,4 +7,9 @@ {{ "footer.jedi_help_link_text" | translate }} + {% if g.last_login %} +
+ Last Login: +
+ {% endif %} diff --git a/templates/fragments/admin/members_edit.html b/templates/fragments/admin/members_edit.html index c64dafcb..2c4df95f 100644 --- a/templates/fragments/admin/members_edit.html +++ b/templates/fragments/admin/members_edit.html @@ -1,4 +1,8 @@ +{% from "components/confirmation_button.html" import ConfirmationButton %} + {% for subform in member_perms_form.members_permissions %} + {% set modal_id = "portfolio_id_{}_user_id_{}".format(portfolio.id, subform.user_id.data) %} + {{ subform.member.data }} {% if subform.member.data == user.full_name %} @@ -14,7 +18,11 @@ {{ OptionsInput(subform.perms_reporting, label=False) }} {{ OptionsInput(subform.perms_portfolio_mgmt, label=False) }} - + + + {{ "portfolios.members.archive_button" | translate }} + + {{ subform.user_id() }} {% endfor %} diff --git a/templates/fragments/admin/portfolio_members.html b/templates/fragments/admin/portfolio_members.html index 63e44680..0763aad0 100644 --- a/templates/fragments/admin/portfolio_members.html +++ b/templates/fragments/admin/portfolio_members.html @@ -1,23 +1,28 @@ {% from "components/icon.html" import Icon %} {% from "components/options_input.html" import OptionsInput %} +{% from "components/modal.html" import Modal %} +{% from "components/alert.html" import Alert %} +
{% if g.matchesPath("portfolio-members") %} {% include "fragments/flash.html" %} {% endif %} -
-
-
-
{{ "portfolios.admin.portfolio_members_title" | translate }}
-
- {{ "portfolios.admin.portfolio_members_subheading" | translate }} -
+ + {{ member_perms_form.csrf_token }} + +
+
+
{{ "portfolios.admin.portfolio_members_title" | translate }}
+
+ {{ "portfolios.admin.portfolio_members_subheading" | translate }}
- - {{ Icon('info') }} - {{ "portfolios.admin.settings_info" | translate }} - +
+ + {{ Icon('info') }} + {{ "portfolios.admin.settings_info" | translate }} +
{% if not portfolio.members %} @@ -49,6 +54,34 @@ {% endif %} + + {% if user_can(permissions.EDIT_PORTFOLIO_USERS) %} + {% for member in portfolio.members %} + {% set modal_id = "portfolio_id_{}_user_id_{}".format(portfolio.id, member.user_id) %} + {% call Modal(name=modal_id, dismissable=False) %} +

Are you sure you want to archive this user?

+ + {{ + Alert( + title="Warning! You are about to archive a user from the portfolio admin.", + message="User will be removed from the portfolio, but their log history will be retained.", + level="warning" + ) + }} + +
+
+ {{ member_perms_form.csrf_token }} + +
+ Cancel +
+ {% endcall %} + {% endfor %} + {% endif %} +
{% if user_can(permissions.EDIT_PORTFOLIO_USERS) %} diff --git a/templates/navigation/global_sidenav.html b/templates/navigation/global_sidenav.html index 7844f6c2..c494622f 100644 --- a/templates/navigation/global_sidenav.html +++ b/templates/navigation/global_sidenav.html @@ -31,7 +31,7 @@
- Fund a New Portfolio + Fund a new portfolio {{ Icon("plus", classes="sidenav__link-icon icon--circle") }}
diff --git a/templates/portfolios/task_orders/index.html b/templates/portfolios/task_orders/index.html index c26bd969..1d92eca2 100644 --- a/templates/portfolios/task_orders/index.html +++ b/templates/portfolios/task_orders/index.html @@ -93,7 +93,7 @@
- Start a New Task Order + Start a new task order
{% for task_order in pending_task_orders %} diff --git a/templates/portfolios/task_orders/invitations.html b/templates/portfolios/task_orders/invitations.html index b5d46386..92955268 100644 --- a/templates/portfolios/task_orders/invitations.html +++ b/templates/portfolios/task_orders/invitations.html @@ -99,21 +99,23 @@ {{ Link("Update", "edit", onClick="edit") }} {% set invite_type = [prefix + "_invite"] %} - {{ - ConfirmationButton( - btn_text="Resend Invitation", - confirm_btn=('task_orders.invitations.resend_btn' | translate), - confirm_msg=('task_orders.invitations.resend_confirmation_message' | translate), - action=url_for( - "portfolios.resend_invite", - portfolio_id=portfolio.id, - task_order_id=task_order.id, - invite_type=invite_type, - ), - btn_icon=Icon('avatar'), - btn_class="icon-link", - ) - }} + {% if not (user == task_order.creator and user == task_order[officer_type]) %} + {{ + ConfirmationButton( + btn_text="Resend Invitation", + confirm_btn=('task_orders.invitations.resend_btn' | translate), + confirm_msg=('task_orders.invitations.resend_confirmation_message' | translate), + action=url_for( + "portfolios.resend_invite", + portfolio_id=portfolio.id, + task_order_id=task_order.id, + invite_type=invite_type, + ), + btn_icon=Icon('avatar'), + btn_class="icon-link", + ) + }} + {% endif %} {{ Link("Remove", "trash", classes="remove") }}
diff --git a/templates/portfolios/task_orders/show.html b/templates/portfolios/task_orders/show.html index 990f3589..0b2da5b5 100644 --- a/templates/portfolios/task_orders/show.html +++ b/templates/portfolios/task_orders/show.html @@ -12,9 +12,9 @@ {% macro officer_name(officer) -%} {%- if not officer -%} - Not specified + not yet invited {%- elif officer == g.current_user -%} - You + you {%- else -%} {{ officer.full_name }} {%- endif -%} @@ -27,7 +27,7 @@ {% if complete %} Completed {% else %} - Not Started + Not started {% endif %}
@@ -91,7 +91,7 @@
{{ officer_info.phone_number | usPhone }}
{% else %} - Not specified + not yet invited {% endif %}
@@ -118,7 +118,7 @@
-
Task Order Value
+
Task order value
{{ task_order.budget | dollars }}
diff --git a/templates/task_orders/new/app_info.html b/templates/task_orders/new/app_info.html index 1833ea1f..3f9c0f87 100644 --- a/templates/task_orders/new/app_info.html +++ b/templates/task_orders/new/app_info.html @@ -23,7 +23,6 @@ {% endif %} {{ TextInput(form.scope, paragraph=True) }} -

{{ "task_orders.new.app_info.sample_scope" | translate | safe }}

{% if portfolio %} diff --git a/templates/user/edit.html b/templates/user/edit.html index f1091963..fc4ac64f 100644 --- a/templates/user/edit.html +++ b/templates/user/edit.html @@ -9,8 +9,7 @@

{{ user.first_name }} {{ user.last_name }}
-
DOD ID: {{ user.dod_id }}
-
Edit user details
+
DoD ID: {{ user.dod_id }}

diff --git a/tests/domain/test_authz.py b/tests/domain/test_authz.py index bbd6ecba..bfebe562 100644 --- a/tests/domain/test_authz.py +++ b/tests/domain/test_authz.py @@ -11,6 +11,7 @@ from atst.domain.authz.decorator import user_can_access_decorator from atst.domain.permission_sets import PermissionSets from atst.domain.exceptions import UnauthorizedError from atst.models.permissions import Permissions +from atst.domain.portfolio_roles import PortfolioRoles from tests.utils import FakeLogger @@ -75,7 +76,7 @@ def test_user_can_access(): portfolio = PortfolioFactory.create(owner=edit_admin) # factory gives view perms by default - PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio) + view_admin_pr = PortfolioRoleFactory.create(user=view_admin, portfolio=portfolio) # check a site-wide permission assert user_can_access(ccpo, Permissions.VIEW_AUDIT_LOG) @@ -101,6 +102,13 @@ def test_user_can_access(): view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio ) + # check when portfolio_role is disabled + PortfolioRoles.disable(portfolio_role=view_admin_pr) + with pytest.raises(UnauthorizedError): + user_can_access( + view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio + ) + @pytest.fixture def set_current_user(request_ctx): diff --git a/tests/domain/test_portfolio_roles.py b/tests/domain/test_portfolio_roles.py index 5bdc9bc0..fedd7faf 100644 --- a/tests/domain/test_portfolio_roles.py +++ b/tests/domain/test_portfolio_roles.py @@ -29,3 +29,11 @@ def test_add_portfolio_role_with_permission_sets(): ] actual_names = [prms.name for prms in port_role.permission_sets] assert expected_names == expected_names + + +def test_disable_portfolio_role(): + portfolio_role = PortfolioRoleFactory.create(status=PortfolioRoleStatus.ACTIVE) + assert portfolio_role.status == PortfolioRoleStatus.ACTIVE + + PortfolioRoles.disable(portfolio_role=portfolio_role) + assert portfolio_role.status == PortfolioRoleStatus.DISABLED diff --git a/tests/domain/test_users.py b/tests/domain/test_users.py index c83cbd1e..116e5294 100644 --- a/tests/domain/test_users.py +++ b/tests/domain/test_users.py @@ -1,4 +1,5 @@ import pytest +from datetime import datetime from uuid import uuid4 from atst.domain.users import Users @@ -65,3 +66,11 @@ def test_update_user_with_dod_id(): Users.update(new_user, {"dod_id": "1234567890"}) assert "dod_id" in str(excinfo.value) + + +def test_update_user_with_last_login(): + new_user = UserFactory.create() + Users.update_last_login(new_user) + last_login = new_user.last_login + Users.update_last_login(new_user) + assert new_user.last_login > last_login diff --git a/tests/routes/portfolios/test_admin.py b/tests/routes/portfolios/test_admin.py index 7f141fe8..522dcb0c 100644 --- a/tests/routes/portfolios/test_admin.py +++ b/tests/routes/portfolios/test_admin.py @@ -26,3 +26,107 @@ def test_member_table_access(client, user_session): user_session(rando) view_resp = client.get(url) assert " session["last_login"] + assert isinstance(session["last_login"], datetime) diff --git a/tests/utils.py b/tests/utils.py index 0615aec7..636f08b9 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -20,11 +20,14 @@ class FakeLogger: def __init__(self): self.messages = [] - def info(self, msg): + def log(self, _lvl, msg, *args, **kwargs): self.messages.append(msg) - def warning(self, msg): + def info(self, msg, *args, **kwargs): self.messages.append(msg) - def error(self, msg): + def warning(self, msg, *args, **kwargs): + self.messages.append(msg) + + def error(self, msg, *args, **kwargs): self.messages.append(msg) diff --git a/tests/utils/test_logging.py b/tests/utils/test_logging.py new file mode 100644 index 00000000..cb8198d3 --- /dev/null +++ b/tests/utils/test_logging.py @@ -0,0 +1,74 @@ +from io import StringIO +import json +import logging +from uuid import uuid4 + +import pytest + +from atst.utils.logging import JsonFormatter, RequestContextFilter + +from tests.factories import UserFactory + + +@pytest.fixture +def log_stream(): + return StringIO() + + +@pytest.fixture +def log_stream_content(log_stream): + def _log_stream_content(): + log_stream.seek(0) + return log_stream.read() + + return _log_stream_content + + +@pytest.fixture +def logger(log_stream): + logger = logging.getLogger() + for handler in logger.handlers: + logger.removeHandler(handler) + + logHandler = logging.StreamHandler(log_stream) + formatter = JsonFormatter() + logHandler.setFormatter(formatter) + logger.setLevel(logging.INFO) + logger.addFilter(RequestContextFilter()) + logger.addHandler(logHandler) + + return logger + + +def test_json_formatter(logger, log_stream_content): + logger.warning("do or do not", extra={"tags": ["wisdom", "jedi"]}) + + log = json.loads(log_stream_content()) + + assert log["tags"] == ["wisdom", "jedi"] + assert log["message"] == "do or do not" + assert log["severity"] == "WARNING" + assert log.get("details") is None + + +def test_json_formatter_for_exceptions(logger, log_stream_content): + try: + raise Exception() + except Exception: + logger.exception("you found the ventilation shaft!") + + log = json.loads(log_stream_content()) + assert log["severity"] == "ERROR" + assert log.get("details") + + +def test_request_context_filter(logger, log_stream_content, request_ctx): + user = UserFactory.create() + uuid = str(uuid4()) + + request_ctx.g.current_user = user + request_ctx.request.environ["HTTP_X_REQUEST_ID"] = uuid + logger.info("this user is doing something") + log = json.loads(log_stream_content()) + assert log["user_id"] == str(user.id) + assert log["request_id"] == uuid diff --git a/translations.yaml b/translations.yaml index 6cb36a17..03894cae 100644 --- a/translations.yaml +++ b/translations.yaml @@ -48,7 +48,7 @@ components: footer: about_link_text: Joint Enterprise Defense Infrastructure browser_support: JEDI Cloud supported on these web browsers - jedi_help_link_text: Questions? Contact your CCPO Representative + jedi_help_link_text: Questions? Contact your CCPO representative forms: ccpo_review: comment_description: Provide instructions or notes for additional information that is necessary to approve the request here. The requestor may then re-submit the updated request or initiate contact outside of AT-AT if further discussion is required. This message will be shared with the person making the JEDI request.. @@ -81,7 +81,7 @@ forms: website. date_latest_training_label: Latest Information Assurance (IA) training completion date designation_description: What is your designation within the DoD? - designation_label: Designation of Person + designation_label: Designation of person email_label: Email Address first_name_label: First Name last_name_label: Last Name @@ -146,18 +146,18 @@ forms: average_daily_traffic_label: Average Daily Traffic (Number of Requests) cloud_native_description: Are your software systems being developed cloud native? data_transfers_description: How much data is being transferred to the cloud? - dod_component_description: Identify the DoD component that is requesting access to the JEDI Cloud + dod_component_description: Identify the DoD component that is requesting access to the JEDI cloud dod_component_label: DoD Component dodid_poc_label: DoD ID - dollar_value_description: What is your total expected budget for this JEDI Cloud Request? + dollar_value_description: What is your total expected budget for this JEDI cloud Request? dollar_value_label: Total Spend email_poc_label: Email Address engineering_assessment_description: Have you completed an engineering assessment of your systems for cloud readiness? estimated_monthly_spend_description: 'Use the JEDI CSP Calculator to estimate your monthly cloud resource usage and enter the dollar amount below. Note these estimates are for initial approval only. After the request is approved, you will be asked to provide a valid task order number with specific CLIN amounts for cloud services.' estimated_monthly_spend_label: Estimated Monthly Spend - expected_completion_date_description: When do you expect to complete your migration to the JEDI Cloud? + expected_completion_date_description: When do you expect to complete your migration to the JEDI cloud? fname_poc_label: First Name - jedi_migration_description: Are you using the JEDI Cloud to migrate existing systems? + jedi_migration_description: Are you using the JEDI cloud to migrate existing systems? jedi_migration_label: JEDI Migration jedi_usage_description: Your answer will help us provide tangible examples to DoD leadership how and why commercial cloud resources are accelerating the Department's missions jedi_usage_label: JEDI Usage @@ -165,14 +165,14 @@ forms: name_description: This name serves as a reference for your initial request and the associated portfolio that will be created once this request is approved. You may edit this name later. name_label: Name Your Request name_length_validation_message: Request names must be at least 4 and not more than 100 characters - num_software_systems_description: Estimate the number of software systems that will be supported by this JEDI Cloud access request + num_software_systems_description: Estimate the number of software systems that will be supported by this JEDI cloud access request num_software_systems_label: Number of Software Systems number_user_sessions_description: How many user sessions do you expect on these systems each day? organization_providing_assistance_description: 'If you are receiving migration assistance, what is the type of organization providing assistance?' rationalization_software_systems_description: Have you completed a “rationalization” of your software systems to move to the cloud? reviewed_label: I have reviewed this data and it is correct. start_date_date_range_validation_message: Must be a date in the future. - start_date_label: When do you expect to start using the JEDI Cloud (not for billing purposes)? + start_date_label: When do you expect to start using the JEDI cloud (not for billing purposes)? technical_support_team_description: Are you working with a technical support team experienced in cloud migrations? application: description_label: Description @@ -181,13 +181,13 @@ forms: environment_names_unique_validation_message: Environment names must be unique. name_label: Name task_order: - portfolio_name_label: Organization Portfolio Name + portfolio_name_label: Portfolio name portfolio_name_description: The name of your office or organization. You can add multiple applications to your portfolio. Your task orders are used to pay for these applications and their environments. - scope_label: Cloud Project Scope - scope_description: Your team's plan for using the cloud, such as migrating an existing application or creating a prototype. - defense_component_label: Department of Defense Component + scope_label: Cloud project scope + scope_description: Your team's plan for using the cloud, such as migrating an existing application or creating a prototype.

Not sure how to describe your scope? Read some examples to get some inspiration.

+ defense_component_label: Department of Defense component app_migration: - label: App Migration + label: App migration description: Do you plan to migrate one or more existing application(s) to the cloud? on_premise: Yes, migrating from an on-premise data center cloud: Yes, migrating from another cloud provider @@ -195,43 +195,43 @@ forms: none: Not planning to migrate any applications not_sure: "Not sure" native_apps: - label: Native Apps + label: Native apps description: Do you plan to develop any applications natively in the cloud? 'yes': Yes, planning to develop natively in the cloud 'no': No, not planning to develop natively in the cloud not_sure: Not sure, unsure if planning to develop natively in the cloud complexity: - label: Project Complexity + label: Project complexity description: Which of these describes how complex your team's use of the cloud will be? Select all that apply. storage: Storage - data_analytics: Data Analytics - conus: CONUS Access - oconus: OCONUS Access - tactical_edge: Tactical Edge Access + data_analytics: Data analytics + conus: CONUS access + oconus: OCONUS access + tactical_edge: Tactical edge access not_sure: Not sure other: Other complexity_other_label: Project Complexity Other dev_team: - label: Development Team + label: Development team description: Who will be completing the development work for your cloud application(s)? Select all that apply. - civilians: Government Civilians + civilians: Government civilians military: Military contractor: Contractor other: "Other (E.g. University or other partner)" dev_team_other_label: Development Team Other team_experience: - label: Team Experience - description: How much experience does your team have with development in the cloud? + label: Team experience + description: How much experience does your team have with development in the cloud? none: No previous experience planned: Researched or planned a cloud build or migration built_1: Built or migrated 1-2 applications built_3: Built or migrated 3-5 applications built_many: Built or migrated many applications, or consulted on several such projects performance_length: - label: Period of Performance length + label: Period of performance length start_date_label: Start Date end_date_label: End Date - csp_estimate_label: Upload a copy of your CSP Cost Estimate Research + csp_estimate_label: Upload a copy of your CSP cost estimate research csp_estimate_description: Upload a PDF or screenshot of your usage estimate from the calculator. file_format_not_allowed: Only PDF or PNG files can be uploaded. clin_01_label: 'CLIN 01 : Unclassified' @@ -273,7 +273,7 @@ forms: phone_number_message: Please enter a valid 5 or 10 digit phone number. is_required: This field is required. portfolio: - name_label: Portfolio Name + name_label: Portfolio name name_length_validation_message: Portfolio names can be between 4-100 characters officers: contracting_officer_invite: Invite KO to Task Order Builder @@ -287,15 +287,15 @@ fragments: date_last_training_tooltip: When was the last time you completed the IA training?
Information Assurance (IA) training is an important step in cyber awareness. save_details_button: Save Details pending_ccpo_acceptance_alert: - learn_more_link_text: Learn more about the JEDI Cloud task order and the financial verification process. + learn_more_link_text: Learn more about the JEDI cloud task order and the financial verification process. paragraph_1: The CCPO will review and respond to your request in 3 business days. You’ll be notified via email or phone. Please note if your request is for over $1M of JEDI cloud resources it will require a manual review by the CCPO. - paragraph_2: 'While your request is being reviewed, your next step is to create a task order (TO) associated with the JEDI Cloud. Please contact a Contracting Officer (KO), Contracting Officer Representative (COR), or a Financial Manager to help with this step.' + paragraph_2: 'While your request is being reviewed, your next step is to create a task order (TO) associated with the JEDI cloud. Please contact a Contracting Officer (KO), Contracting Officer Representative (COR), or a Financial Manager to help with this step.' pending_ccpo_approval_modal: paragraph_1: The CCPO will review and respond to your Financial Verification submission in 3 business days. You will be notified via email or phone. paragraph_2: Once the financial verification is approved you will be invited to create your JEDI Portfolio and set-up your applications. Click here for more details. pending_financial_verification: - learn_more_link_text: Learn more about the JEDI Cloud task order and the financial verification process. - paragraph_1: 'The next step is to create a task order associated with JEDI Cloud. Please contact a Contracting Officer (KO), Contracting Officer Representative (COR), or a Financial Manager to help with this step.' + learn_more_link_text: Learn more about the JEDI cloud task order and the financial verification process. + paragraph_1: 'The next step is to create a task order associated with JEDI cloud. Please contact a Contracting Officer (KO), Contracting Officer Representative (COR), or a Financial Manager to help with this step.' paragraph_2: 'Once the task order has been created, you will be asked to provide details about the task order in the Financial Verification step.' ko_review_message: title: Steps @@ -314,13 +314,13 @@ login: learn_more: Learn more message: 'When you are prompted to select a certificate, please select Email Certificate from the provided choices.' title: Certificate Selection - h1_title: Access the JEDI Cloud + h1_title: Access the JEDI cloud login_button: Sign in with CAC - title_tag: Sign in | JEDI Cloud + title_tag: Sign in | JEDI cloud navigation: topbar: jedi_cloud_link_text: JEDI - logout_link_title: Log out of JEDI Cloud + logout_link_title: Log out of JEDI cloud named_portfolio: 'Portfolio {portfolio}' no_other_active_portfolios: You have no other active JEDI portfolios. other_active_portfolios: Other Active Portfolios @@ -329,7 +329,7 @@ navigation: add_new_member_label: Add new member add_new_application_label: Add new application budget_report: Budget Report - activity_log: Activity Log + activity_log: Activity log members: Members applications: Applications portfolio_funding: Funding @@ -456,44 +456,44 @@ task_orders: project_title: About your project team_title: About your team market_research_title: Market research - market_research_paragraph: 'The JEDI Cloud Computing Program Office (CCPO) has completed the market research requirements for all related task orders. The Department of Defense CIO has approved this research.
View JEDI Market Research Memo' + market_research_paragraph: 'The JEDI Cloud Computing Program Office (CCPO) has completed the market research requirements for all related task orders. The Department of Defense CIO has approved this research.
View JEDI market research memo' funding: section_title: Funding - performance_period_title: Period of Performance + performance_period_title: Period of performance performance_period_description: Choose the length of time your task order will cover. performance_period_paragraph: Be aware that your funds will be lost if you don’t use them. Because of this, we strongly recommend submitting small, short-duration task orders, usually around a three month period. We’ll notify you when your period of performance is nearing its end so you can request your next set of funds with a new task order. - estimate_usage_title: Estimate Your Cloud Usage + estimate_usage_title: Estimate your cloud usage estimate_usage_description: Calculate how much your cloud usage will cost. A technical representative from your team should help you complete this calculation. These calculations will become your CLINs. estimate_usage_paragraph: This is only an estimation tool to help you make an informed evaluation of what you expect to use. While you're tied to the dollar amount you specify in your task order, you're not obligated by the resources you indicate in the calculator. - cloud_calculations_title: Cloud Usage Calculations + cloud_calculations_title: Cloud usage calculations cloud_calculations_paragraph: Enter the results of your cloud usage calculations below. - cloud_offerings_title: Cloud Offerings + cloud_offerings_title: Cloud offerings cloud_offerings_paragraph: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings - support_assistance_title: Cloud Support and Assistance + support_assistance_title: Cloud support and assistance support_assistance_paragraph: Technical guidance from the cloud service provider, including architecture, configuration of IaaS and PaaS, integration, troubleshooting assistance, and other services. - total: 'Total Task Order Value:' + total: 'Total task order value:' oversight: section_title: Oversight ko_info_title: Contracting Officer (KO) Information - ko_info_paragraph: Your KO will need to approve funding for this task order by logging into the JEDI Cloud Portal, submitting the task order documents within their official system of record, and then finally providing a digital signature. It might be helpful to work with your program's Financial Manager to get your TO documents moving. + ko_info_paragraph: Your KO will need to approve funding for this task order by logging into the JEDI cloud portal, submitting the task order documents within their official system of record, and then finally providing a digital signature. It might be helpful to work with your program's Financial Manager to get your TO documents moving. skip_ko_label: "Skip for now (We'll remind you to enter one later)" dod_id_tooltip: "The DoD ID is needed to verify the identity of the indicated officer or representative." cor_info_title: Contracting Officer Representative (COR) Information - cor_info_paragraph: Your COR may assist in submitting the task order documents within their official system of record. They may also be invited to log in and manage the Task Order entry within the JEDI Cloud portal. + cor_info_paragraph: Your COR may assist in submitting the task order documents within their official system of record. They may also be invited to log in and manage the Task Order entry within the JEDI cloud portal. so_info_title: Security Officer Information so_info_paragraph: Your Security Officer will need to answer some security configuration questions in order to generate a DD-254 document, then electronically sign. review: section_title: Review Your Task Order app_info: What you're making portfolio: Portfolio - dod: DoD Component - scope: Scope (Statement of Work) + dod: DoD component + scope: Scope (statement of work) reporting: Reporting complexity: Project complexity team: Development team funding: Funding performance_period: Period of performance - usage_est_link: View Usage Estimate + usage_est_link: View usage estimate to_value: Task order value clin_1: 'CLIN #1: Unclassified Cloud' clin_2: 'CLIN #2: Classified Cloud' @@ -546,7 +546,7 @@ portfolios: index: empty: title: You have no apps yet - start_button: Start a New JEDI Portfolio + start_button: Start a new JEDI portfolio applications: add_application_text: Add a new application app_settings_text: App settings @@ -558,7 +558,7 @@ portfolios: environments_heading: Environments environments_description: Each environment created within an application is logically separated from one another for easier management and security. update_button_text: Save - create_button_text: Create Application + create_button_text: Create team_management: title: '{application_name} Team Management' subheading: Team Management @@ -574,12 +574,12 @@ portfolios: archive_button: Delete member permissions: name: Name - app_mgmt: App Mgmt + app_mgmt: App management funding: Funding reporting: Reporting - portfolio_mgmt: Portfolio Mgmt - view_only: View Only - edit_access: Edit Access + portfolio_mgmt: Portfolio management + view_only: View only + edit_access: Edit access testing: example_string: Hello World example_with_variables: 'Hello, {name}!'