pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Scope access to applications, task orders, and environment roles.

Browse Source 
These resources should be scoped to the portfolio when accessed from
route functions.
This commit is contained in:
dandds
2019-04-16 10:32:42 -04:00
parent eaeeed0b05
commit c1df245800
8 changed files with 95 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
atst/routes/task_orders/new.py
View File

@@ -61,7 +61,12 @@ class ShowTaskOrderWorkflow:
@property
def task_order(self):
if not self._task_order and self.task_order_id:
self._task_order = TaskOrders.get(self.task_order_id)
if self.portfolio_id:
self._task_order = TaskOrders.get(
self.task_order_id, portfolio_id=self.portfolio_id
)
else:
self._task_order = TaskOrders.get(self.task_order_id)
return self._task_order
@@ -260,6 +265,7 @@ def is_new_task_order(*_args, **kwargs):
)
# TODO: /task_orders/new/<int:screen>/<task_order_id> should not exist
@task_orders_bp.route("/task_orders/new/<int:screen>")
@task_orders_bp.route("/task_orders/new/<int:screen>/<task_order_id>")
@task_orders_bp.route("/portfolios/<portfolio_id>/task_orders/new/<int:screen>")
@@ -309,6 +315,7 @@ def new(screen, task_order_id=None, portfolio_id=None):
return render_template(workflow.template, **template_args)
# TODO: /task_orders/new/<int:screen>/<task_order_id> should not exist
@task_orders_bp.route("/task_orders/new/<int:screen>", methods=["POST"])
@task_orders_bp.route("/task_orders/new/<int:screen>/<task_order_id>", methods=["POST"])
@task_orders_bp.route(