New invitation backend for portfolio invitations.

Portfolio invitations do not associate a user entity until the
invitation has been accepted. User info, including DOD ID, is held on
the invitation itself. When a user accepts and invitation, their user
entry is associated with the corresponding `portfolio_role` entry.

The same change will be applied to `application_role` and application
invitations. For now, small changes have been made to
application-related methods so that that flow works as-is.

atst/domain/application_roles.py

@@ -28,8 +28,9 @@ class ApplicationRoles(object):
         return application_role
 
     @classmethod
-    def enable(cls, role):
+    def enable(cls, role, user):
         role.status = ApplicationRoleStatus.ACTIVE
+        role.user = user
 
         db.session.add(role)
         db.session.commit()

atst/domain/invitations.py

@@ -55,7 +55,7 @@ class BaseInvitations(object):
         return invite
 
     @classmethod
-    def create(cls, inviter, role, email):
+    def create(cls, inviter, role, member_data, commit=False):
         # pylint: disable=not-callable
         invite = cls.model(
             role=role,
@@ -63,10 +63,16 @@ class BaseInvitations(object):
             user=role.user,
             status=InvitationStatus.PENDING,
             expiration_time=cls.current_expiration_time(),
-            email=email,
+            email=member_data.get("email"),
+            dod_id=member_data.get("dod_id"),
+            first_name=member_data.get("first_name"),
+            phone_number=member_data.get("phone_number"),
+            last_name=member_data.get("last_name"),
         )
         db.session.add(invite)
-        db.session.commit()
+
+        if commit:
+            db.session.commit()
 
         return invite
 
@@ -74,7 +80,7 @@ class BaseInvitations(object):
     def accept(cls, user, token):
         invite = cls._get(token)
 
-        if invite.user.dod_id != user.dod_id:
+        if invite.dod_id != user.dod_id:
             if invite.is_pending:
                 cls._update_status(invite, InvitationStatus.REJECTED_WRONG_USER)
             raise WrongUserError(user, invite)
@@ -88,7 +94,7 @@ class BaseInvitations(object):
 
         elif invite.is_pending:  # pragma: no branch
             cls._update_status(invite, InvitationStatus.ACCEPTED)
-            cls.role_domain_class.enable(invite.role)
+            cls.role_domain_class.enable(invite.role, user)
             return invite
 
     @classmethod
@@ -111,20 +117,22 @@ class BaseInvitations(object):
         return cls._update_status(invite, InvitationStatus.REVOKED)
 
     @classmethod
-    def lookup_by_resource_and_user(cls, resource, user):
-        role = cls.role_domain_class.get(resource.id, user.id)
-
-        if role.latest_invitation is None:
-            raise NotFoundError(cls.model.__tablename__)
-
-        return role.latest_invitation
-
-    @classmethod
-    def resend(cls, user, token):
+    def resend(cls, inviter, token):
         previous_invitation = cls._get(token)
         cls._update_status(previous_invitation, InvitationStatus.REVOKED)
 
-        return cls.create(user, previous_invitation.role, previous_invitation.email)
+        return cls.create(
+            inviter,
+            previous_invitation.role,
+            {
+                "email": previous_invitation.email,
+                "dod_id": previous_invitation.dod_id,
+                "first_name": previous_invitation.first_name,
+                "last_name": previous_invitation.last_name,
+                "phone_number": previous_invitation.last_name,
+            },
+            commit=True,
+        )
 
 
 class PortfolioInvitations(BaseInvitations):

atst/domain/portfolio_roles.py

@@ -163,8 +163,9 @@ class PortfolioRoles(object):
         return portfolio_role
 
     @classmethod
-    def enable(cls, portfolio_role):
+    def enable(cls, portfolio_role, user):
         portfolio_role.status = PortfolioRoleStatus.ACTIVE
+        portfolio_role.user = user
 
         db.session.add(portfolio_role)
         db.session.commit()

atst/domain/portfolios/portfolios.py

@@ -1,10 +1,9 @@
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.authz import Authorization
-from atst.models.permissions import Permissions
-from atst.domain.users import Users
 from atst.domain.portfolio_roles import PortfolioRoles
+from atst.domain.invitations import PortfolioInvitations
 from atst.domain.environments import Environments
-from atst.models.portfolio_role import Status as PortfolioRoleStatus
+from atst.models import Permissions, PortfolioRole, PortfolioRoleStatus
 
 from .query import PortfoliosQuery
 from .scopes import ScopedPortfolio
@@ -49,25 +48,26 @@ class Portfolios(object):
             portfolios = PortfoliosQuery.get_for_user(user)
         return portfolios
 
-    @classmethod
-    def create_member(cls, portfolio, data):
-        new_user = Users.get_or_create_by_dod_id(
-            data["dod_id"],
-            first_name=data["first_name"],
-            last_name=data["last_name"],
-            email=data["email"],
-            provisional=True,
-        )
-        permission_sets = data.get("permission_sets", [])
-        return Portfolios.add_member(
-            portfolio, new_user, permission_sets=permission_sets
-        )
-
     @classmethod
     def add_member(cls, portfolio, member, permission_sets=None):
         portfolio_role = PortfolioRoles.add(member, portfolio.id, permission_sets)
         return portfolio_role
 
+    @classmethod
+    def invite(cls, portfolio, inviter, member_data):
+        permission_sets = PortfolioRoles._permission_sets_for_names(
+            member_data.get("permission_sets", [])
+        )
+        role = PortfolioRole(portfolio_id=portfolio.id, permission_sets=permission_sets)
+
+        invitation = PortfolioInvitations.create(
+            inviter=inviter, role=role, member_data=member_data
+        )
+
+        PortfoliosQuery.add_and_commit(role)
+
+        return invitation
+
     @classmethod
     def update_member(cls, member, permission_sets):
         return PortfolioRoles.update(member, permission_sets)

atst/models/mixins/invites.py

@@ -97,7 +97,7 @@ class InvitesMixin(object):
 
     @property
     def user_name(self):
-        return self.role.user.full_name
+        return "{} {}".format(self.first_name, self.last_name)
 
     @property
     def is_revokable(self):

atst/models/portfolio_role.py

@@ -116,7 +116,14 @@ class PortfolioRole(
 
     @property
     def user_name(self):
-        return self.user.full_name
+        if self.user:
+            return self.user.full_name
+        else:
+            return self.latest_invitation.user_name
+
+    @property
+    def full_name(self):
+        return self.user_name
 
     @property
     def is_active(self):
@@ -128,10 +135,6 @@ class PortfolioRole(
             self.latest_invitation and self.latest_invitation.is_inactive
         )
 
-    @property
-    def full_name(self):
-        return self.user.full_name
-
     @property
     def application_id(self):
         return None

atst/routes/portfolios/members.py

@@ -3,12 +3,23 @@ from flask import render_template, request as http_request, g, redirect, url_for
 from . import portfolios_bp
 from atst.domain.exceptions import AlreadyExistsError
 from atst.domain.portfolios import Portfolios
-from atst.services.invitation import Invitation as InvitationService
 import atst.forms.portfolio_member as member_forms
 from atst.domain.authz.decorator import user_can_access_decorator as user_can
 from atst.models.permissions import Permissions
 
 from atst.utils.flash import formatted_flash as flash
+from atst.queue import queue
+
+
+def send_portfolio_invitation(invitee_email, inviter_name, token):
+    body = render_template(
+        "emails/portfolio/invitation.txt", owner=inviter_name, token=token
+    )
+    queue.send_mail(
+        [invitee_email],
+        "{} has invited you to a JEDI cloud portfolio".format(inviter_name),
+        body,
+    )
 
 
 @portfolios_bp.route("/portfolios/<portfolio_id>/members/new", methods=["POST"])
@@ -19,13 +30,14 @@ def create_member(portfolio_id):
 
     if form.validate():
         try:
-            member = Portfolios.create_member(portfolio, form.update_data)
-            invite_service = InvitationService(
-                g.current_user, member, form.update_data.get("email")
+            invite = Portfolios.invite(portfolio, g.current_user, form.update_data)
+            send_portfolio_invitation(
+                invite.email, g.current_user.full_name, invite.token
             )
-            invite_service.invite()
 
-            flash("new_portfolio_member", new_member=member, portfolio=portfolio)
+            flash(
+                "new_portfolio_member", user_name=invite.user_name, portfolio=portfolio
+            )
 
         except AlreadyExistsError:
             return render_template(

atst/services/invitation.py

@@ -79,7 +79,13 @@ class Invitation:
         return invite
 
     def _create_invite(self):
-        return self.domain_class.create(self.inviter, self.member, self.email)
+        user = self.member.user
+        return self.domain_class.create(
+            self.inviter,
+            self.member,
+            {"email": self.email, "dod_id": user.dod_id},
+            commit=True,
+        )
 
     def _send_invite_email(self, token):
         body = render_template(

atst/utils/flash.py

@@ -61,7 +61,7 @@ MESSAGES = {
     "new_portfolio_member": {
         "title_template": translate("flash.success"),
         "message_template": """
-          <p>{{ "flash.new_portfolio_member" | translate({ "user_name": new_member.user_name }) }}</p>
+          <p>{{ "flash.new_portfolio_member" | translate({ "user_name": user_name }) }}</p>
         """,
         "category": "success",
     },