pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

users have permission sets for site-wide perms

Browse Source
This commit is contained in:
dandds
2019-03-18 16:42:53 -04:00
parent 27314b8120
commit bec5d11bfe
16 changed files with 114 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
atst/domain/authnid/__init__.py
View File

@@ -31,9 +31,7 @@ class AuthenticationContext:
except NotFoundError:
email = self._get_user_email()
return Users.create(
atat_role_name="default", email=email, **self.parsed_sdn
)
return Users.create(permission_sets=[], email=email, **self.parsed_sdn)
def _get_user_email(self):
try:

6
atst/domain/authz.py
View File

@@ -16,7 +16,7 @@ class Authorization(object):
@classmethod
def has_atat_permission(cls, user, permission):
return permission in user.atat_role.permissions
return permission in user.permissions
@classmethod
def is_in_portfolio(cls, user, portfolio):
@@ -36,10 +36,6 @@ class Authorization(object):
def can_view_audit_log(cls, user):
return Authorization.has_atat_permission(user, Permissions.VIEW_AUDIT_LOG)
@classmethod
def is_ccpo(cls, user):
return user.atat_role.name == "ccpo"
@classmethod
def is_ko(cls, user, task_order):
return user == task_order.contracting_officer

1
atst/domain/portfolios/portfolios.py
View File

@@ -100,7 +100,6 @@ class Portfolios(object):
first_name=data["first_name"],
last_name=data["last_name"],
email=data["email"],
atat_role_name="default",
provisional=True,
)
permission_sets = data.get("permission_sets", [])

21
atst/domain/users.py
View File

@@ -28,11 +28,14 @@ class Users(object):
return user
@classmethod
def create(cls, dod_id, atat_role_name=None, **kwargs):
atat_role = PermissionSets.get(atat_role_name)
def create(cls, dod_id, permission_sets=None, **kwargs):
if permission_sets:
permission_sets = PermissionSets.get_many(permission_sets)
else:
permission_sets = []
try:
user = User(dod_id=dod_id, atat_role=atat_role, **kwargs)
user = User(dod_id=dod_id, permission_sets=permission_sets, **kwargs)
db.session.add(user)
db.session.commit()
except IntegrityError:
@@ -52,18 +55,6 @@ class Users(object):
return user
@classmethod
def update_role(cls, user_id, atat_role_name):
user = Users.get(user_id)
atat_role = PermissionSets.get(atat_role_name)
user.atat_role = atat_role
db.session.add(user)
db.session.commit()
return user
_UPDATEABLE_ATTRS = {
"first_name",
"last_name",

1
atst/models/mixins/__init__.py
View File

@@ -1,2 +1,3 @@
from .timestamps import TimestampsMixin
from .auditable import AuditableMixin
from .permissions import PermissionsMixin

6
atst/models/mixins/permissions.py Normal file
View File

@@ -0,0 +1,6 @@
class PermissionsMixin(object):
@property
def permissions(self):
return [
perm for permset in self.permission_sets for perm in permset.permissions
]

10
atst/models/portfolio_role.py
View File

@@ -37,7 +37,9 @@ portfolio_roles_permission_sets = Table(
)
class PortfolioRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
class PortfolioRole(
Base, mixins.TimestampsMixin, mixins.AuditableMixin, mixins.PermissionsMixin
):
__tablename__ = "portfolio_roles"
id = Id()
@@ -56,12 +58,6 @@ class PortfolioRole(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
"PermissionSet", secondary=portfolio_roles_permission_sets
)
@property
def permissions(self):
return [
perm for permset in self.permission_sets for perm in permset.permissions
]
def __repr__(self):
return "<PortfolioRole(portfolio='{}', user_id='{}', id='{}', permissions={})>".format(
self.portfolio.name, self.user_id, self.id, self.permissions

39
atst/models/user.py
View File

@@ -1,4 +1,4 @@
from sqlalchemy import String, ForeignKey, Column, Date, Boolean
from sqlalchemy import String, ForeignKey, Column, Date, Boolean, Table
from sqlalchemy.orm import relationship
from sqlalchemy.dialects.postgresql import UUID
@@ -6,14 +6,24 @@ from atst.models import Base, types, mixins
from atst.models.permissions import Permissions
class User(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
users_permission_sets = Table(
"users_permission_sets",
Base.metadata,
Column("user_id", UUID(as_uuid=True), ForeignKey("users.id")),
Column("permission_set_id", UUID(as_uuid=True), ForeignKey("permission_sets.id")),
)
class User(
Base, mixins.TimestampsMixin, mixins.AuditableMixin, mixins.PermissionsMixin
):
__tablename__ = "users"
id = types.Id()
username = Column(String)
atat_role_id = Column(UUID(as_uuid=True), ForeignKey("permission_sets.id"))
atat_role = relationship("PermissionSet")
permission_sets = relationship("PermissionSet", secondary=users_permission_sets)
portfolio_roles = relationship("PortfolioRole", backref="user")
email = Column(String, unique=True)
@@ -52,36 +62,21 @@ class User(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
]
)
@property
def atat_permissions(self):
return self.atat_role.permissions
@property
def atat_role_name(self):
return self.atat_role.name
@property
def full_name(self):
return "{} {}".format(self.first_name, self.last_name)
@property
def has_portfolios(self):
return (
Permissions.VIEW_PORTFOLIO in self.atat_role.permissions
) or self.portfolio_roles
return (Permissions.VIEW_PORTFOLIO in self.permissions) or self.portfolio_roles
@property
def displayname(self):
return self.full_name
def __repr__(self):
return "<User(name='{}', dod_id='{}', email='{}', role='{}', has_portfolios='{}', id='{}')>".format(
self.full_name,
self.dod_id,
self.email,
self.atat_role_name,
self.has_portfolios,
self.id,
return "<User(name='{}', dod_id='{}', email='{}', has_portfolios='{}', id='{}')>".format(
self.full_name, self.dod_id, self.email, self.has_portfolios, self.id
)
def to_dictionary(self):

24
atst/routes/dev.py
View File

@@ -11,18 +11,33 @@ import pendulum
from . import redirect_after_login_url
from atst.domain.users import Users
from atst.domain.permission_sets import PermissionSets
from atst.queue import queue
from tests.factories import random_service_branch
from atst.utils import pick
bp = Blueprint("dev", __name__)
_ALL_PERMS = [
"ccpo",
PermissionSets.VIEW_PORTFOLIO,
PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
PermissionSets.VIEW_PORTFOLIO_FUNDING,
PermissionSets.VIEW_PORTFOLIO_REPORTS,
PermissionSets.VIEW_PORTFOLIO_ADMIN,
PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT,
PermissionSets.EDIT_PORTFOLIO_FUNDING,
PermissionSets.EDIT_PORTFOLIO_REPORTS,
PermissionSets.EDIT_PORTFOLIO_ADMIN,
PermissionSets.PORTFOLIO_POC,
]
_DEV_USERS = {
"sam": {
"dod_id": "6346349876",
"first_name": "Sam",
"last_name": "Stevenson",
"atat_role_name": "ccpo",
"permission_sets": _ALL_PERMS,
"email": "sam@example.com",
"service_branch": random_service_branch(),
"phone_number": "1234567890",
@@ -34,7 +49,6 @@ _DEV_USERS = {
"dod_id": "2345678901",
"first_name": "Amanda",
"last_name": "Adamson",
"atat_role_name": "default",
"email": "amanda@example.com",
"service_branch": random_service_branch(),
"phone_number": "1234567890",
@@ -46,7 +60,6 @@ _DEV_USERS = {
"dod_id": "3456789012",
"first_name": "Brandon",
"last_name": "Buchannan",
"atat_role_name": "default",
"email": "brandon@example.com",
"service_branch": random_service_branch(),
"phone_number": "1234567890",
@@ -58,7 +71,6 @@ _DEV_USERS = {
"dod_id": "4567890123",
"first_name": "Christina",
"last_name": "Collins",
"atat_role_name": "default",
"email": "christina@example.com",
"service_branch": random_service_branch(),
"phone_number": "1234567890",
@@ -70,7 +82,6 @@ _DEV_USERS = {
"dod_id": "5678901234",
"first_name": "Dominick",
"last_name": "Domingo",
"atat_role_name": "default",
"email": "dominick@example.com",
"service_branch": random_service_branch(),
"phone_number": "1234567890",
@@ -82,7 +93,6 @@ _DEV_USERS = {
"dod_id": "6789012345",
"first_name": "Erica",
"last_name": "Eichner",
"atat_role_name": "default",
"email": "erica@example.com",
"service_branch": random_service_branch(),
"phone_number": "1234567890",
@@ -101,7 +111,7 @@ def login_dev():
user_data["dod_id"],
**pick(
[
"atat_role_name",
"permission_sets",
"first_name",
"last_name",
"email",