Add a new "view workspace" permission

2018-09-06 11:19:13 -04:00 · 2018-09-06 11:19:13 -04:00 · bdab58f150
commit bdab58f150
parent 361630e446
3 changed files with 20 additions and 11 deletions
--- a/alembic/versions/ad30159ef19b_add_view_workspace_members_permission.py
+++ b/alembic/versions/ad30159ef19b_add_view_workspace_members_permission.py
@ -22,24 +22,32 @@ def upgrade():

    session = Session(bind=op.get_bind())

-    owner_role = session.query(Role).filter_by(name="owner").one()
-    owner_role.add_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
+    all_roles_but_default = session.query(Role).filter(Role.name != "default").all()
+    for role in all_roles_but_default:
+        role.add_permission(Permissions.VIEW_WORKSPACE)
+        session.add(role)

-    ccpo_role = session.query(Role).filter_by(name="ccpo").one()
-    ccpo_role.add_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
+    owner_and_ccpo = session.query(Role).filter(Role.name.in_(["owner", "ccpo"])).all()
+    for role in owner_and_ccpo:
+        role.add_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
+        session.add(role)

-    session.add_all((ccpo_role, owner_role))
+    session.flush()
    session.commit()


 def downgrade():
    session = Session(bind=op.get_bind())

-    owner_role = session.query(Role).filter_by(name="owner").one()
-    owner_role.remove_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
+    all_roles_but_default = session.query(Role).filter(Role.name != "default").all()
+    for role in all_roles_but_default:
+        role.remove_permission(Permissions.VIEW_WORKSPACE)
+        session.add(role)

-    ccpo_role = session.query(Role).filter_by(name="ccpo").one()
-    ccpo_role.remove_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
+    owner_and_ccpo = session.query(Role).filter(Role.name.in_(["owner", "ccpo"])).all()
+    for role in owner_and_ccpo:
+        role.remove_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
+        session.add(role)

-    session.add_all((ccpo_role, owner_role))
+    session.flush()
    session.commit()
--- a/atst/domain/workspaces.py
+++ b/atst/domain/workspaces.py
@ -30,7 +30,7 @@ class Workspaces(object):
        except NoResultFound:
            raise NotFoundError("workspace")

-        if not Authorization.is_in_workspace(user, workspace):
+        if not Authorization.has_workspace_permission(user, workspace, Permissions.VIEW_WORKSPACE):
            raise UnauthorizedError(user, "get workspace")

        return workspace
--- a/atst/models/permissions.py
+++ b/atst/models/permissions.py
@ -24,6 +24,7 @@ class Permissions(object):
    VIEW_ATAT_PERMISSIONS = "view_atat_permissions"
    TRANSFER_OWNERSHIP_OF_WORKSPACE = "transfer_ownership_of_workspace"
    VIEW_WORKSPACE_MEMBERS = "view_workspace_members"
+    VIEW_WORKSPACE = "view_workspace"

    ADD_APPLICATION_IN_WORKSPACE = "add_application_in_workspace"
    DELETE_APPLICATION_IN_WORKSPACE = "delete_application_in_workspace"