Merge pull request #676 from dod-ccpo/to-edit-sign-permissions

Break KO signing  into two steps

atst/domain/authz.py

@@ -36,6 +36,27 @@ class Authorization(object):
     def is_ccpo(cls, user):
         return user.atat_role.name == "ccpo"
 
+    @classmethod
+    def is_ko(cls, user, task_order):
+        return user == task_order.contracting_officer
+
+    @classmethod
+    def is_cor(cls, user, task_order):
+        return user == task_order.contracting_officer_representative
+
+    @classmethod
+    def is_so(cls, user, task_order):
+        return user == task_order.security_officer
+
+    @classmethod
+    def check_is_ko_or_cor(cls, user, task_order):
+        if Authorization.is_ko(user, task_order) or Authorization.is_cor(
+            user, task_order
+        ):
+            return True
+        else:
+            raise UnauthorizedError(user, "not KO or COR")
+
     @classmethod
     def check_is_ko(cls, user, task_order):
         if task_order.contracting_officer != user:

atst/domain/task_orders.py

@@ -120,6 +120,10 @@ class TaskOrders(object):
 
         return True
 
+    @classmethod
+    def is_signed_by_ko(cls, task_order):
+        return task_order.signer_dod_id is not None
+
     @classmethod
     def mission_owner_sections(cls):
         section_list = TaskOrders.SECTIONS

atst/routes/portfolios/task_orders.py

@@ -65,10 +65,14 @@ def view_task_order(portfolio_id, task_order_id):
     dd_254_complete = DD254s.is_complete(task_order.dd_254)
     return render_template(
         "portfolios/task_orders/show.html",
+        dd_254_complete=dd_254_complete,
+        is_cor=Authorization.is_cor(g.current_user, task_order),
+        is_ko=Authorization.is_ko(g.current_user, task_order),
+        is_so=Authorization.is_so(g.current_user, task_order),
+        is_to_signed=TaskOrders.is_signed_by_ko(task_order),
         portfolio=portfolio,
         task_order=task_order,
         to_form_complete=to_form_complete,
-        dd_254_complete=dd_254_complete,
         user=g.current_user,
     )
 
@@ -78,7 +82,8 @@ def ko_review(portfolio_id, task_order_id):
     task_order = TaskOrders.get(g.current_user, task_order_id)
     portfolio = Portfolios.get(g.current_user, portfolio_id)
 
-    Authorization.check_is_ko(g.current_user, task_order)
+    Authorization.check_is_ko_or_cor(g.current_user, task_order)
+
     return render_template(
         "/portfolios/task_orders/review.html",
         portfolio=portfolio,
@@ -95,12 +100,22 @@ def submit_ko_review(portfolio_id, task_order_id, form=None):
     form_data = {**http_request.form, **http_request.files}
     form = KOReviewForm(form_data)
 
-    Authorization.check_is_ko(g.current_user, task_order)
+    Authorization.check_is_ko_or_cor(g.current_user, task_order)
+
     if form.validate():
         TaskOrders.update(user=g.current_user, task_order=task_order, **form.data)
-        return redirect(
-            url_for("task_orders.signature_requested", task_order_id=task_order_id)
-        )
+        if Authorization.is_ko(g.current_user, task_order):
+            return redirect(
+                url_for("task_orders.signature_requested", task_order_id=task_order_id)
+            )
+        else:
+            return redirect(
+                url_for(
+                    "portfolios.view_task_order",
+                    task_order_id=task_order_id,
+                    portfolio_id=portfolio_id,
+                )
+            )
     else:
         return render_template(
             "/portfolios/task_orders/review.html",

atst/routes/task_orders/signing.py

@@ -14,7 +14,7 @@ def find_unsigned_ko_to(task_order_id):
     task_order = TaskOrders.get(g.current_user, task_order_id)
     Authorization.check_is_ko(g.current_user, task_order)
 
-    if task_order.signer_dod_id is not None:
+    if TaskOrders.is_signed_by_ko(task_order):
         raise NotFoundError("task_order")
 
     return task_order