Scope access to applications, task orders, and environment roles.

These resources should be scoped to the portfolio when accessed from route functions.
2019-04-16 10:32:42 -04:00
parent eaeeed0b05
commit c1df245800
8 changed files with 95 additions and 20 deletions
--- a/atst/domain/environment_roles.py
+++ b/atst/domain/environment_roles.py
@@ -1,7 +1,9 @@
 from flask import current_app as app
+from sqlalchemy.orm.exc import NoResultFound

-from atst.models.environment_role import EnvironmentRole
 from atst.database import db
+from atst.domain.exceptions import NotFoundError
+from atst.models import EnvironmentRole, Environment, Application


 class EnvironmentRoles(object):
@@ -13,6 +15,23 @@ class EnvironmentRoles(object):
        app.csp.cloud.create_role(env_role)
        return env_role

+    @classmethod
+    def get_for_portfolio(cls, user_id, environment_id, portfolio_id):
+        try:
+            return (
+                db.session.query(EnvironmentRole)
+                .join(Environment, EnvironmentRole.environment_id == Environment.id)
+                .join(Application, Environment.application_id == Application.id)
+                .filter(
+                    EnvironmentRole.user_id == user_id,
+                    EnvironmentRole.environment_id == environment_id,
+                    Application.portfolio_id == portfolio_id,
+                )
+                .one()
+            )
+        except NoResultFound:
+            raise NotFoundError("environment_role")
+
    @classmethod
    def get(cls, user_id, environment_id):
        existing_env_role = (