pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restrict workspace information updates to owner and admins

Browse Source
This commit is contained in:
dandds 2018-09-17 13:30:25 -04:00
parent c3f89ba149
commit bba2a2b283
4 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
alembic/versions/4c425f17bfe8_add_edit_workspace_information_.py Normal file
View File

@ -0,0 +1,43 @@
"""add edit workspace information permission
Revision ID: 4c425f17bfe8
Revises: 2572be7fb7fc
Create Date: 2018-09-17 13:14:38.781744
"""
from alembic import op
from sqlalchemy.orm.session import Session
from atst.models.role import Role
from atst.models.permissions import Permissions
# revision identifiers, used by Alembic.
revision = '4c425f17bfe8'
down_revision = '2572be7fb7fc'
branch_labels = None
depends_on = None
def upgrade():
session = Session(bind=op.get_bind())
owner_and_admin = session.query(Role).filter(Role.name.in_(["owner", "admin"])).all()
for role in owner_and_admin:
role.add_permission(Permissions.EDIT_WORKSPACE_INFORMATION)
session.add(role)
session.flush()
session.commit()
def downgrade():
session = Session(bind=op.get_bind())
owner_and_admin = session.query(Role).filter(Role.name.in_(["owner", "admin"])).all()
for role in owner_and_ccpo:
role.remove_permission(Permissions.EDIT_WORKSPACE_INFORMATION)
session.add(role)
session.flush()
session.commit()

6
atst/domain/workspaces/workspaces.py
View File

@ -38,9 +38,9 @@ class Workspaces(object):
@classmethod @classmethod
def get_for_update_information(cls, user, workspace_id): def get_for_update_information(cls, user, workspace_id):
workspace = WorkspacesQuery.get(workspace_id) workspace = WorkspacesQuery.get(workspace_id)
# Authorization.check_workspace_permission( Authorization.check_workspace_permission(
# user, workspace, TBD, "update workspace information" user, workspace, Permissions.EDIT_WORKSPACE_INFORMATION, "update workspace information"
# ) )
return workspace return workspace

1
atst/models/permissions.py
View File

@ -20,6 +20,7 @@ class Permissions(object):
VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS = "view_assigned_atat_role_configurations" VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS = "view_assigned_atat_role_configurations"
VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS = "view_assigned_csp_role_configurations" VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS = "view_assigned_csp_role_configurations"
EDIT_WORKSPACE_INFORMATION = "edit_workspace_information"
DEACTIVATE_WORKSPACE = "deactivate_workspace" DEACTIVATE_WORKSPACE = "deactivate_workspace"
VIEW_ATAT_PERMISSIONS = "view_atat_permissions" VIEW_ATAT_PERMISSIONS = "view_atat_permissions"
TRANSFER_OWNERSHIP_OF_WORKSPACE = "transfer_ownership_of_workspace" TRANSFER_OWNERSHIP_OF_WORKSPACE = "transfer_ownership_of_workspace"

16
tests/domain/test_workspaces.py
View File

@ -234,3 +234,19 @@ def test_for_user_returns_all_workspaces_for_ccpo(workspace, workspace_owner):
sams_workspaces = Workspaces.for_user(sam) sams_workspaces = Workspaces.for_user(sam)
assert len(sams_workspaces) == 2 assert len(sams_workspaces) == 2
def test_get_for_update_information():
workspace_owner = UserFactory.create()
workspace = Workspaces.create(RequestFactory.create(creator=workspace_owner))
owner_ws = Workspaces.get_for_update_information(workspace_owner, workspace.id)
assert workspace == owner_ws
admin = UserFactory.create()
Workspaces.add_member(workspace, admin, "admin")
admin_ws = Workspaces.get_for_update_information(admin, workspace.id)
assert workspace == admin_ws
ccpo = UserFactory.from_atat_role("ccpo")
with pytest.raises(UnauthorizedError):
Workspaces.get_for_update_information(ccpo, workspace.id)