users have permission sets for site-wide perms

2019-03-18 16:42:53 -04:00
parent 27314b8120
commit bec5d11bfe
16 changed files with 114 additions and 103 deletions
--- a/atst/domain/authnid/init.py
+++ b/atst/domain/authnid/init.py
@@ -31,9 +31,7 @@ class AuthenticationContext:

        except NotFoundError:
            email = self._get_user_email()
-            return Users.create(
-                atat_role_name="default", email=email, **self.parsed_sdn
-            )
+            return Users.create(permission_sets=[], email=email, **self.parsed_sdn)

    def _get_user_email(self):
        try:
--- a/atst/domain/authz.py
+++ b/atst/domain/authz.py
@@ -16,7 +16,7 @@ class Authorization(object):

    @classmethod
    def has_atat_permission(cls, user, permission):
-        return permission in user.atat_role.permissions
+        return permission in user.permissions

    @classmethod
    def is_in_portfolio(cls, user, portfolio):
@@ -36,10 +36,6 @@ class Authorization(object):
    def can_view_audit_log(cls, user):
        return Authorization.has_atat_permission(user, Permissions.VIEW_AUDIT_LOG)

-    @classmethod
-    def is_ccpo(cls, user):
-        return user.atat_role.name == "ccpo"
-
    @classmethod
    def is_ko(cls, user, task_order):
        return user == task_order.contracting_officer
--- a/atst/domain/portfolios/portfolios.py
+++ b/atst/domain/portfolios/portfolios.py
@@ -100,7 +100,6 @@ class Portfolios(object):
            first_name=data["first_name"],
            last_name=data["last_name"],
            email=data["email"],
-            atat_role_name="default",
            provisional=True,
        )
        permission_sets = data.get("permission_sets", [])
--- a/atst/domain/users.py
+++ b/atst/domain/users.py
@@ -28,11 +28,14 @@ class Users(object):
        return user

    @classmethod
-    def create(cls, dod_id, atat_role_name=None, **kwargs):
-        atat_role = PermissionSets.get(atat_role_name)
+    def create(cls, dod_id, permission_sets=None, **kwargs):
+        if permission_sets:
+            permission_sets = PermissionSets.get_many(permission_sets)
+        else:
+            permission_sets = []

        try:
-            user = User(dod_id=dod_id, atat_role=atat_role, **kwargs)
+            user = User(dod_id=dod_id, permission_sets=permission_sets, **kwargs)
            db.session.add(user)
            db.session.commit()
        except IntegrityError:
@@ -52,18 +55,6 @@ class Users(object):

        return user

-    @classmethod
-    def update_role(cls, user_id, atat_role_name):
-
-        user = Users.get(user_id)
-        atat_role = PermissionSets.get(atat_role_name)
-        user.atat_role = atat_role
-
-        db.session.add(user)
-        db.session.commit()
-
-        return user
-
    _UPDATEABLE_ATTRS = {
        "first_name",
        "last_name",