New invitation backend for portfolio invitations.

Portfolio invitations do not associate a user entity until the
invitation has been accepted. User info, including DOD ID, is held on
the invitation itself. When a user accepts and invitation, their user
entry is associated with the corresponding `portfolio_role` entry.

The same change will be applied to `application_role` and application
invitations. For now, small changes have been made to
application-related methods so that that flow works as-is.
This commit is contained in:
dandds
2019-05-31 12:58:23 -04:00
parent 755fabd725
commit c085db23d7
17 changed files with 163 additions and 165 deletions

View File

@@ -28,8 +28,9 @@ class ApplicationRoles(object):
return application_role
@classmethod
def enable(cls, role):
def enable(cls, role, user):
role.status = ApplicationRoleStatus.ACTIVE
role.user = user
db.session.add(role)
db.session.commit()

View File

@@ -55,7 +55,7 @@ class BaseInvitations(object):
return invite
@classmethod
def create(cls, inviter, role, email):
def create(cls, inviter, role, member_data, commit=False):
# pylint: disable=not-callable
invite = cls.model(
role=role,
@@ -63,10 +63,16 @@ class BaseInvitations(object):
user=role.user,
status=InvitationStatus.PENDING,
expiration_time=cls.current_expiration_time(),
email=email,
email=member_data.get("email"),
dod_id=member_data.get("dod_id"),
first_name=member_data.get("first_name"),
phone_number=member_data.get("phone_number"),
last_name=member_data.get("last_name"),
)
db.session.add(invite)
db.session.commit()
if commit:
db.session.commit()
return invite
@@ -74,7 +80,7 @@ class BaseInvitations(object):
def accept(cls, user, token):
invite = cls._get(token)
if invite.user.dod_id != user.dod_id:
if invite.dod_id != user.dod_id:
if invite.is_pending:
cls._update_status(invite, InvitationStatus.REJECTED_WRONG_USER)
raise WrongUserError(user, invite)
@@ -88,7 +94,7 @@ class BaseInvitations(object):
elif invite.is_pending: # pragma: no branch
cls._update_status(invite, InvitationStatus.ACCEPTED)
cls.role_domain_class.enable(invite.role)
cls.role_domain_class.enable(invite.role, user)
return invite
@classmethod
@@ -111,20 +117,22 @@ class BaseInvitations(object):
return cls._update_status(invite, InvitationStatus.REVOKED)
@classmethod
def lookup_by_resource_and_user(cls, resource, user):
role = cls.role_domain_class.get(resource.id, user.id)
if role.latest_invitation is None:
raise NotFoundError(cls.model.__tablename__)
return role.latest_invitation
@classmethod
def resend(cls, user, token):
def resend(cls, inviter, token):
previous_invitation = cls._get(token)
cls._update_status(previous_invitation, InvitationStatus.REVOKED)
return cls.create(user, previous_invitation.role, previous_invitation.email)
return cls.create(
inviter,
previous_invitation.role,
{
"email": previous_invitation.email,
"dod_id": previous_invitation.dod_id,
"first_name": previous_invitation.first_name,
"last_name": previous_invitation.last_name,
"phone_number": previous_invitation.last_name,
},
commit=True,
)
class PortfolioInvitations(BaseInvitations):

View File

@@ -163,8 +163,9 @@ class PortfolioRoles(object):
return portfolio_role
@classmethod
def enable(cls, portfolio_role):
def enable(cls, portfolio_role, user):
portfolio_role.status = PortfolioRoleStatus.ACTIVE
portfolio_role.user = user
db.session.add(portfolio_role)
db.session.commit()

View File

@@ -1,10 +1,9 @@
from atst.domain.permission_sets import PermissionSets
from atst.domain.authz import Authorization
from atst.models.permissions import Permissions
from atst.domain.users import Users
from atst.domain.portfolio_roles import PortfolioRoles
from atst.domain.invitations import PortfolioInvitations
from atst.domain.environments import Environments
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from atst.models import Permissions, PortfolioRole, PortfolioRoleStatus
from .query import PortfoliosQuery
from .scopes import ScopedPortfolio
@@ -49,25 +48,26 @@ class Portfolios(object):
portfolios = PortfoliosQuery.get_for_user(user)
return portfolios
@classmethod
def create_member(cls, portfolio, data):
new_user = Users.get_or_create_by_dod_id(
data["dod_id"],
first_name=data["first_name"],
last_name=data["last_name"],
email=data["email"],
provisional=True,
)
permission_sets = data.get("permission_sets", [])
return Portfolios.add_member(
portfolio, new_user, permission_sets=permission_sets
)
@classmethod
def add_member(cls, portfolio, member, permission_sets=None):
portfolio_role = PortfolioRoles.add(member, portfolio.id, permission_sets)
return portfolio_role
@classmethod
def invite(cls, portfolio, inviter, member_data):
permission_sets = PortfolioRoles._permission_sets_for_names(
member_data.get("permission_sets", [])
)
role = PortfolioRole(portfolio_id=portfolio.id, permission_sets=permission_sets)
invitation = PortfolioInvitations.create(
inviter=inviter, role=role, member_data=member_data
)
PortfoliosQuery.add_and_commit(role)
return invitation
@classmethod
def update_member(cls, member, permission_sets):
return PortfolioRoles.update(member, permission_sets)

View File

@@ -97,7 +97,7 @@ class InvitesMixin(object):
@property
def user_name(self):
return self.role.user.full_name
return "{} {}".format(self.first_name, self.last_name)
@property
def is_revokable(self):

View File

@@ -116,7 +116,14 @@ class PortfolioRole(
@property
def user_name(self):
return self.user.full_name
if self.user:
return self.user.full_name
else:
return self.latest_invitation.user_name
@property
def full_name(self):
return self.user_name
@property
def is_active(self):
@@ -128,10 +135,6 @@ class PortfolioRole(
self.latest_invitation and self.latest_invitation.is_inactive
)
@property
def full_name(self):
return self.user.full_name
@property
def application_id(self):
return None

View File

@@ -3,12 +3,23 @@ from flask import render_template, request as http_request, g, redirect, url_for
from . import portfolios_bp
from atst.domain.exceptions import AlreadyExistsError
from atst.domain.portfolios import Portfolios
from atst.services.invitation import Invitation as InvitationService
import atst.forms.portfolio_member as member_forms
from atst.domain.authz.decorator import user_can_access_decorator as user_can
from atst.models.permissions import Permissions
from atst.utils.flash import formatted_flash as flash
from atst.queue import queue
def send_portfolio_invitation(invitee_email, inviter_name, token):
body = render_template(
"emails/portfolio/invitation.txt", owner=inviter_name, token=token
)
queue.send_mail(
[invitee_email],
"{} has invited you to a JEDI cloud portfolio".format(inviter_name),
body,
)
@portfolios_bp.route("/portfolios/<portfolio_id>/members/new", methods=["POST"])
@@ -19,13 +30,14 @@ def create_member(portfolio_id):
if form.validate():
try:
member = Portfolios.create_member(portfolio, form.update_data)
invite_service = InvitationService(
g.current_user, member, form.update_data.get("email")
invite = Portfolios.invite(portfolio, g.current_user, form.update_data)
send_portfolio_invitation(
invite.email, g.current_user.full_name, invite.token
)
invite_service.invite()
flash("new_portfolio_member", new_member=member, portfolio=portfolio)
flash(
"new_portfolio_member", user_name=invite.user_name, portfolio=portfolio
)
except AlreadyExistsError:
return render_template(

View File

@@ -79,7 +79,13 @@ class Invitation:
return invite
def _create_invite(self):
return self.domain_class.create(self.inviter, self.member, self.email)
user = self.member.user
return self.domain_class.create(
self.inviter,
self.member,
{"email": self.email, "dod_id": user.dod_id},
commit=True,
)
def _send_invite_email(self, token):
body = render_template(

View File

@@ -61,7 +61,7 @@ MESSAGES = {
"new_portfolio_member": {
"title_template": translate("flash.success"),
"message_template": """
<p>{{ "flash.new_portfolio_member" | translate({ "user_name": new_member.user_name }) }}</p>
<p>{{ "flash.new_portfolio_member" | translate({ "user_name": user_name }) }}</p>
""",
"category": "success",
},