New invitation backend for portfolio invitations.
Portfolio invitations do not associate a user entity until the invitation has been accepted. User info, including DOD ID, is held on the invitation itself. When a user accepts and invitation, their user entry is associated with the corresponding `portfolio_role` entry. The same change will be applied to `application_role` and application invitations. For now, small changes have been made to application-related methods so that that flow works as-is.
This commit is contained in:
dandds
@@ -28,8 +28,9 @@ class ApplicationRoles(object):
|
||||
return application_role
|
||||
|
||||
@classmethod
|
||||
def enable(cls, role):
|
||||
def enable(cls, role, user):
|
||||
role.status = ApplicationRoleStatus.ACTIVE
|
||||
role.user = user
|
||||
|
||||
db.session.add(role)
|
||||
db.session.commit()
|
||||
|
||||
@@ -55,7 +55,7 @@ class BaseInvitations(object):
|
||||
return invite
|
||||
|
||||
@classmethod
|
||||
def create(cls, inviter, role, email):
|
||||
def create(cls, inviter, role, member_data, commit=False):
|
||||
# pylint: disable=not-callable
|
||||
invite = cls.model(
|
||||
role=role,
|
||||
@@ -63,10 +63,16 @@ class BaseInvitations(object):
|
||||
user=role.user,
|
||||
status=InvitationStatus.PENDING,
|
||||
expiration_time=cls.current_expiration_time(),
|
||||
email=email,
|
||||
email=member_data.get("email"),
|
||||
dod_id=member_data.get("dod_id"),
|
||||
first_name=member_data.get("first_name"),
|
||||
phone_number=member_data.get("phone_number"),
|
||||
last_name=member_data.get("last_name"),
|
||||
)
|
||||
db.session.add(invite)
|
||||
db.session.commit()
|
||||
|
||||
if commit:
|
||||
db.session.commit()
|
||||
|
||||
return invite
|
||||
|
||||
@@ -74,7 +80,7 @@ class BaseInvitations(object):
|
||||
def accept(cls, user, token):
|
||||
invite = cls._get(token)
|
||||
|
||||
if invite.user.dod_id != user.dod_id:
|
||||
if invite.dod_id != user.dod_id:
|
||||
if invite.is_pending:
|
||||
cls._update_status(invite, InvitationStatus.REJECTED_WRONG_USER)
|
||||
raise WrongUserError(user, invite)
|
||||
@@ -88,7 +94,7 @@ class BaseInvitations(object):
|
||||
|
||||
elif invite.is_pending: # pragma: no branch
|
||||
cls._update_status(invite, InvitationStatus.ACCEPTED)
|
||||
cls.role_domain_class.enable(invite.role)
|
||||
cls.role_domain_class.enable(invite.role, user)
|
||||
return invite
|
||||
|
||||
@classmethod
|
||||
@@ -111,20 +117,22 @@ class BaseInvitations(object):
|
||||
return cls._update_status(invite, InvitationStatus.REVOKED)
|
||||
|
||||
@classmethod
|
||||
def lookup_by_resource_and_user(cls, resource, user):
|
||||
role = cls.role_domain_class.get(resource.id, user.id)
|
||||
|
||||
if role.latest_invitation is None:
|
||||
raise NotFoundError(cls.model.__tablename__)
|
||||
|
||||
return role.latest_invitation
|
||||
|
||||
@classmethod
|
||||
def resend(cls, user, token):
|
||||
def resend(cls, inviter, token):
|
||||
previous_invitation = cls._get(token)
|
||||
cls._update_status(previous_invitation, InvitationStatus.REVOKED)
|
||||
|
||||
return cls.create(user, previous_invitation.role, previous_invitation.email)
|
||||
return cls.create(
|
||||
inviter,
|
||||
previous_invitation.role,
|
||||
{
|
||||
"email": previous_invitation.email,
|
||||
"dod_id": previous_invitation.dod_id,
|
||||
"first_name": previous_invitation.first_name,
|
||||
"last_name": previous_invitation.last_name,
|
||||
"phone_number": previous_invitation.last_name,
|
||||
},
|
||||
commit=True,
|
||||
)
|
||||
|
||||
|
||||
class PortfolioInvitations(BaseInvitations):
|
||||
|
||||
@@ -163,8 +163,9 @@ class PortfolioRoles(object):
|
||||
return portfolio_role
|
||||
|
||||
@classmethod
|
||||
def enable(cls, portfolio_role):
|
||||
def enable(cls, portfolio_role, user):
|
||||
portfolio_role.status = PortfolioRoleStatus.ACTIVE
|
||||
portfolio_role.user = user
|
||||
|
||||
db.session.add(portfolio_role)
|
||||
db.session.commit()
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.domain.authz import Authorization
|
||||
from atst.models.permissions import Permissions
|
||||
from atst.domain.users import Users
|
||||
from atst.domain.portfolio_roles import PortfolioRoles
|
||||
from atst.domain.invitations import PortfolioInvitations
|
||||
from atst.domain.environments import Environments
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
from atst.models import Permissions, PortfolioRole, PortfolioRoleStatus
|
||||
|
||||
from .query import PortfoliosQuery
|
||||
from .scopes import ScopedPortfolio
|
||||
@@ -49,25 +48,26 @@ class Portfolios(object):
|
||||
portfolios = PortfoliosQuery.get_for_user(user)
|
||||
return portfolios
|
||||
|
||||
@classmethod
|
||||
def create_member(cls, portfolio, data):
|
||||
new_user = Users.get_or_create_by_dod_id(
|
||||
data["dod_id"],
|
||||
first_name=data["first_name"],
|
||||
last_name=data["last_name"],
|
||||
email=data["email"],
|
||||
provisional=True,
|
||||
)
|
||||
permission_sets = data.get("permission_sets", [])
|
||||
return Portfolios.add_member(
|
||||
portfolio, new_user, permission_sets=permission_sets
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def add_member(cls, portfolio, member, permission_sets=None):
|
||||
portfolio_role = PortfolioRoles.add(member, portfolio.id, permission_sets)
|
||||
return portfolio_role
|
||||
|
||||
@classmethod
|
||||
def invite(cls, portfolio, inviter, member_data):
|
||||
permission_sets = PortfolioRoles._permission_sets_for_names(
|
||||
member_data.get("permission_sets", [])
|
||||
)
|
||||
role = PortfolioRole(portfolio_id=portfolio.id, permission_sets=permission_sets)
|
||||
|
||||
invitation = PortfolioInvitations.create(
|
||||
inviter=inviter, role=role, member_data=member_data
|
||||
)
|
||||
|
||||
PortfoliosQuery.add_and_commit(role)
|
||||
|
||||
return invitation
|
||||
|
||||
@classmethod
|
||||
def update_member(cls, member, permission_sets):
|
||||
return PortfolioRoles.update(member, permission_sets)
|
||||
|
||||
Reference in New Issue
Block a user