Fix issues with deleting roles:

1. Prevents roles from being created with the role 'None'
2. Only call EnvironmentRoles.delete() if the env_role exists
3. Update the filter on the role field of the app member form to return
'No Access'. This fixed an issue where if a role was deleted, then other
env roles belonging to the app member could not be updated because the
role field of the deleted env_role was invalid

atst/domain/environments.py

@@ -56,20 +56,20 @@ class Environments(object):
         if env_role and env_role.role != new_role and not env_role.deleted:
             env_role.role = new_role
             updated = True
-            db.session.add(env_role)
+        elif not env_role and new_role:
-        elif not env_role:
             env_role = EnvironmentRoles.create(
                 application_role=application_role,
                 environment=environment,
                 role=new_role,
             )
             updated = True
-            db.session.add(env_role)
 
-        if new_role is None:
+        if env_role and not new_role:
+            env_role.role = None
             updated = EnvironmentRoles.delete(application_role.id, environment.id)
 
         if updated:
+            db.session.add(env_role)
             db.session.commit()
 
         return updated

atst/forms/application_member.py

@@ -16,7 +16,7 @@ class EnvironmentForm(Form):
         environment_name,
         choices=ENV_ROLES,
         default=NO_ACCESS,
-        filters=[lambda x: None if x == "None" else x],
+        filters=[lambda x: NO_ACCESS if x == "None" else x],
     )
     deleted = BooleanField("Revoke Access", default=False)