pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup unused portfolio roles

Browse Source
This commit is contained in:
dandds 2019-03-13 11:24:03 -04:00
parent 1a122c5335
commit d3c3209fc0
12 changed files with 32 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
atst/domain/permission_sets.py
View File

@ -54,112 +54,6 @@ ATAT_ROLES = [
"permissions": [Permissions.REQUEST_JEDI_PORTFOLIO], "permissions": [Permissions.REQUEST_JEDI_PORTFOLIO],
}, },
] ]
PORTFOLIO_ROLES = [
{
"name": "owner",
"display_name": "Portfolio Owner",
"description": "Adds, edits, deactivates access to all applications, environments, and members. Views budget reports. Initiates and edits JEDI Cloud requests.",
"permissions": [
Permissions.REQUEST_JEDI_PORTFOLIO,
Permissions.VIEW_ORIGINAL_JEDI_REQEUST,
Permissions.VIEW_USAGE_REPORT,
Permissions.VIEW_USAGE_DOLLARS,
Permissions.ADD_AND_ASSIGN_CSP_ROLES,
Permissions.REMOVE_CSP_ROLES,
Permissions.REQUEST_NEW_CSP_ROLE,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS,
Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS,
Permissions.DEACTIVATE_PORTFOLIO,
Permissions.VIEW_ATAT_PERMISSIONS,
Permissions.VIEW_PORTFOLIO,
Permissions.VIEW_PORTFOLIO_MEMBERS,
Permissions.EDIT_PORTFOLIO_INFORMATION,
Permissions.ADD_APPLICATION_IN_PORTFOLIO,
Permissions.DELETE_APPLICATION_IN_PORTFOLIO,
Permissions.DEACTIVATE_APPLICATION_IN_PORTFOLIO,
Permissions.VIEW_APPLICATION_IN_PORTFOLIO,
Permissions.RENAME_APPLICATION_IN_PORTFOLIO,
Permissions.ADD_ENVIRONMENT_IN_APPLICATION,
Permissions.DELETE_ENVIRONMENT_IN_APPLICATION,
Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION,
Permissions.VIEW_ENVIRONMENT_IN_APPLICATION,
Permissions.RENAME_ENVIRONMENT_IN_APPLICATION,
Permissions.VIEW_PORTFOLIO_AUDIT_LOG,
Permissions.VIEW_TASK_ORDER,
Permissions.UPDATE_TASK_ORDER,
Permissions.ADD_TASK_ORDER_OFFICER,
],
},
{
"name": "admin",
"display_name": "Administrator",
"description": "Adds and edits applications, environments, members, but cannot deactivate. Cannot view budget reports or JEDI Cloud requests.",
"permissions": [
Permissions.VIEW_USAGE_REPORT,
Permissions.ADD_AND_ASSIGN_CSP_ROLES,
Permissions.REMOVE_CSP_ROLES,
Permissions.REQUEST_NEW_CSP_ROLE,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS,
Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS,
Permissions.VIEW_PORTFOLIO,
Permissions.VIEW_PORTFOLIO_MEMBERS,
Permissions.EDIT_PORTFOLIO_INFORMATION,
Permissions.ADD_APPLICATION_IN_PORTFOLIO,
Permissions.DELETE_APPLICATION_IN_PORTFOLIO,
Permissions.DEACTIVATE_APPLICATION_IN_PORTFOLIO,
Permissions.VIEW_APPLICATION_IN_PORTFOLIO,
Permissions.RENAME_APPLICATION_IN_PORTFOLIO,
Permissions.ADD_ENVIRONMENT_IN_APPLICATION,
Permissions.DELETE_ENVIRONMENT_IN_APPLICATION,
Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION,
Permissions.VIEW_ENVIRONMENT_IN_APPLICATION,
Permissions.RENAME_ENVIRONMENT_IN_APPLICATION,
Permissions.VIEW_PORTFOLIO_AUDIT_LOG,
Permissions.VIEW_TASK_ORDER,
Permissions.UPDATE_TASK_ORDER,
Permissions.ADD_TASK_ORDER_OFFICER,
],
},
{
"name": "developer",
"display_name": "Developer",
"description": "Views only the applications and environments they are granted access to. Can also view members associated with each environment.",
"permissions": [Permissions.VIEW_USAGE_REPORT, Permissions.VIEW_PORTFOLIO],
},
{
"name": "billing_auditor",
"display_name": "Billing Auditor",
"description": "Views only the applications and environments they are granted access to. Can also view budgets and reports associated with the portfolio.",
"permissions": [
Permissions.VIEW_USAGE_REPORT,
Permissions.VIEW_USAGE_DOLLARS,
Permissions.VIEW_PORTFOLIO,
],
},
{
"name": "security_auditor",
"description": "Views only the applications and environments they are granted access to. Can also view activity logs.",
"display_name": "Security Auditor",
"permissions": [
Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS,
Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS,
Permissions.VIEW_ATAT_PERMISSIONS,
Permissions.VIEW_PORTFOLIO,
],
},
{
"name": "officer",
"description": "Officer involved with setting up a Task Order",
"display_name": "Task Order Officer",
"permissions": [
Permissions.VIEW_PORTFOLIO,
Permissions.VIEW_USAGE_REPORT,
Permissions.VIEW_USAGE_DOLLARS,
],
},
]
_VIEW_PORTFOLIO_PERMISSION_SETS = [ _VIEW_PORTFOLIO_PERMISSION_SETS = [
{ {

7
atst/forms/data.py
View File

@ -1,4 +1,3 @@
from atst.domain.permission_sets import PORTFOLIO_ROLES as PORTFOLIO_ROLE_DEFINITIONS
from atst.utils.localization import translate, translate_duration from atst.utils.localization import translate, translate_duration
@ -107,12 +106,6 @@ COMPLETION_DATE_RANGES = [
("Above 12 months", "Above 12 months"), ("Above 12 months", "Above 12 months"),
] ]
PORTFOLIO_ROLES = [
(role["name"], {"name": role["display_name"], "description": role["description"]})
for role in PORTFOLIO_ROLE_DEFINITIONS
if role["name"] is not "officer"
]
ENVIRONMENT_ROLES = [ ENVIRONMENT_ROLES = [
( (
"developer", "developer",

7
atst/routes/portfolios/members.py
View File

@ -11,11 +11,7 @@ from atst.domain.environments import Environments
from atst.domain.environment_roles import EnvironmentRoles from atst.domain.environment_roles import EnvironmentRoles
from atst.services.invitation import Invitation as InvitationService from atst.services.invitation import Invitation as InvitationService
import atst.forms.portfolio_member as member_forms import atst.forms.portfolio_member as member_forms
from atst.forms.data import ( from atst.forms.data import ENVIRONMENT_ROLES, ENV_ROLE_MODAL_DESCRIPTION
ENVIRONMENT_ROLES,
ENV_ROLE_MODAL_DESCRIPTION,
PORTFOLIO_ROLE_DEFINITIONS,
)
from atst.domain.authz import Authorization from atst.domain.authz import Authorization
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
@ -45,7 +41,6 @@ def portfolio_members(portfolio_id):
return render_template( return render_template(
"portfolios/members/index.html", "portfolios/members/index.html",
portfolio=portfolio, portfolio=portfolio,
role_choices=PORTFOLIO_ROLE_DEFINITIONS,
status_choices=MEMBER_STATUS_CHOICES, status_choices=MEMBER_STATUS_CHOICES,
members=members_list, members=members_list,
) )

8
script/seed_roles.py
View File

@ -10,15 +10,11 @@ from sqlalchemy.orm.exc import NoResultFound
from atst.app import make_config, make_app from atst.app import make_config, make_app
from atst.database import db from atst.database import db
from atst.models import PermissionSet, Permissions from atst.models import PermissionSet, Permissions
from atst.domain.permission_sets import ( from atst.domain.permission_sets import ATAT_ROLES, PORTFOLIO_PERMISSION_SETS
ATAT_ROLES,
PORTFOLIO_ROLES,
PORTFOLIO_PERMISSION_SETS,
)
def seed_roles(): def seed_roles():
for permission_set_info in ATAT_ROLES + PORTFOLIO_ROLES + PORTFOLIO_PERMISSION_SETS: for permission_set_info in ATAT_ROLES + PORTFOLIO_PERMISSION_SETS:
permission_set = PermissionSet(**permission_set_info) permission_set = PermissionSet(**permission_set_info)
try: try:
existing_permission_set = ( existing_permission_set = (

12
templates/portfolios/members/index.html
View File

@ -29,7 +29,6 @@
id="search-template" id="search-template"
class='member-list' class='member-list'
v-bind:members='{{ members | tojson}}' v-bind:members='{{ members | tojson}}'
v-bind:role_choices='{{ role_choices | tojson}}'
v-bind:status_choices='{{ status_choices | tojson}}'> v-bind:status_choices='{{ status_choices | tojson}}'>
<div> <div>
<form class='search-bar' @submit.prevent> <form class='search-bar' @submit.prevent>
@ -50,17 +49,6 @@
{% endfor %} {% endfor %}
</select> </select>
</div> </div>
<div class='usa-input'>
<label for='filter-role'>Filter members by role</label>
<select v-model="role" id="filter-role" name="filter-role">
<option value="" selected disabled>Filter by role</option>
<option value="all">View All</option>
{% for role in role_choices %}
<option value='{{ role.name }}'>{{ role.display_name }}</option>
{% endfor %}
</select>
</div>
</div> </div>
</form> </form>

2
tests/domain/test_audit_log.py
View File

@ -19,7 +19,7 @@ def ccpo():
@pytest.fixture(scope="function") @pytest.fixture(scope="function")
def developer(): def developer():
return UserFactory.from_atat_role("default") return UserFactory.create()
def test_non_admin_cannot_view_audit_log(developer): def test_non_admin_cannot_view_audit_log(developer):

8
tests/domain/test_environments.py
View File

@ -14,7 +14,7 @@ def test_create_environments():
def test_create_environment_role_creates_cloud_id(session): def test_create_environment_role_creates_cloud_id(session):
owner = UserFactory.create() owner = UserFactory.create()
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(
owner=owner, owner=owner,
@ -38,7 +38,7 @@ def test_create_environment_role_creates_cloud_id(session):
def test_update_environment_roles(): def test_update_environment_roles():
owner = UserFactory.create() owner = UserFactory.create()
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(
owner=owner, owner=owner,
@ -81,7 +81,7 @@ def test_update_environment_roles():
def test_remove_environment_role(): def test_remove_environment_role():
owner = UserFactory.create() owner = UserFactory.create()
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(
owner=owner, owner=owner,
members=[{"user": developer, "role_name": "developer"}], members=[{"user": developer, "role_name": "developer"}],
@ -132,7 +132,7 @@ def test_remove_environment_role():
def test_no_update_to_environment_roles(): def test_no_update_to_environment_roles():
owner = UserFactory.create() owner = UserFactory.create()
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(
owner=owner, owner=owner,

12
tests/domain/test_portfolios.py
View File

@ -151,7 +151,7 @@ def test_ccpo_can_view_portfolio_members(portfolio, portfolio_owner):
def test_random_user_cannot_view_portfolio_members(portfolio): def test_random_user_cannot_view_portfolio_members(portfolio):
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
with pytest.raises(UnauthorizedError): with pytest.raises(UnauthorizedError):
portfolio = Portfolios.get_with_members(developer, portfolio.id) portfolio = Portfolios.get_with_members(developer, portfolio.id)
@ -175,7 +175,7 @@ def test_scoped_portfolio_only_returns_a_users_applications_and_environments(
"My application 2", "My application 2",
["dev", "staging", "prod"], ["dev", "staging", "prod"],
) )
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
dev_environment = Environments.add_member( dev_environment = Environments.add_member(
new_application.environments[0], developer, "developer" new_application.environments[0], developer, "developer"
) )
@ -200,7 +200,7 @@ def test_scoped_portfolio_returns_all_applications_for_portfolio_admin(
["dev", "staging", "prod"], ["dev", "staging", "prod"],
) )
admin = UserFactory.from_atat_role("default") admin = UserFactory.create()
perm_sets = [PermissionSets.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS] perm_sets = [PermissionSets.get(prms["name"]) for prms in PORTFOLIO_PERMISSION_SETS]
PortfolioRoleFactory.create( PortfolioRoleFactory.create(
user=admin, portfolio=portfolio, permission_sets=perm_sets user=admin, portfolio=portfolio, permission_sets=perm_sets
@ -230,7 +230,7 @@ def test_scoped_portfolio_returns_all_applications_for_portfolio_owner(
def test_for_user_returns_active_portfolios_for_user(portfolio, portfolio_owner): def test_for_user_returns_active_portfolios_for_user(portfolio, portfolio_owner):
bob = UserFactory.from_atat_role("default") bob = UserFactory.create()
PortfolioRoleFactory.create( PortfolioRoleFactory.create(
user=bob, portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE user=bob, portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE
) )
@ -242,7 +242,7 @@ def test_for_user_returns_active_portfolios_for_user(portfolio, portfolio_owner)
def test_for_user_does_not_return_inactive_portfolios(portfolio, portfolio_owner): def test_for_user_does_not_return_inactive_portfolios(portfolio, portfolio_owner):
bob = UserFactory.from_atat_role("default") bob = UserFactory.create()
Portfolios.add_member(portfolio, bob) Portfolios.add_member(portfolio, bob)
PortfolioFactory.create() PortfolioFactory.create()
bobs_portfolios = Portfolios.for_user(bob) bobs_portfolios = Portfolios.for_user(bob)
@ -274,7 +274,7 @@ def test_get_for_update_information(portfolio, portfolio_owner):
# ccpo = UserFactory.from_atat_role("ccpo") # ccpo = UserFactory.from_atat_role("ccpo")
# assert Portfolios.get_for_update_information(ccpo, portfolio.id) # assert Portfolios.get_for_update_information(ccpo, portfolio.id)
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
with pytest.raises(UnauthorizedError): with pytest.raises(UnauthorizedError):
Portfolios.get_for_update_information(developer, portfolio.id) Portfolios.get_for_update_information(developer, portfolio.id)

4
tests/domain/test_roles.py
View File

@ -9,8 +9,8 @@ def test_get_all_roles():
def test_get_existing_role(): def test_get_existing_role():
role = PermissionSets.get("developer") role = PermissionSets.get("portfolio_poc")
assert role.name == "developer" assert role.name == "portfolio_poc"
def test_get_nonexistent_role(): def test_get_nonexistent_role():

30
tests/domain/test_users.py
View File

@ -8,14 +8,14 @@ DOD_ID = "my_dod_id"
def test_create_user(): def test_create_user():
user = Users.create(DOD_ID, "developer") user = Users.create(DOD_ID, "default")
assert user.atat_role.name == "developer" assert user.atat_role.name == "default"
def test_create_user_with_existing_email(): def test_create_user_with_existing_email():
Users.create(DOD_ID, "developer", email="thisusersemail@usersRus.com") Users.create(DOD_ID, "default", email="thisusersemail@usersRus.com")
with pytest.raises(AlreadyExistsError): with pytest.raises(AlreadyExistsError):
Users.create(DOD_ID, "admin", email="thisusersemail@usersRus.com") Users.create(DOD_ID, "ccpo", email="thisusersemail@usersRus.com")
def test_create_user_with_nonexistent_role(): def test_create_user_with_nonexistent_role():
@ -24,61 +24,61 @@ def test_create_user_with_nonexistent_role():
def test_get_or_create_nonexistent_user(): def test_get_or_create_nonexistent_user():
user = Users.get_or_create_by_dod_id(DOD_ID, atat_role_name="developer") user = Users.get_or_create_by_dod_id(DOD_ID, atat_role_name="default")
assert user.dod_id == DOD_ID assert user.dod_id == DOD_ID
def test_get_or_create_existing_user(): def test_get_or_create_existing_user():
Users.get_or_create_by_dod_id(DOD_ID, atat_role_name="developer") Users.get_or_create_by_dod_id(DOD_ID, atat_role_name="default")
user = Users.get_or_create_by_dod_id(DOD_ID, atat_role_name="developer") user = Users.get_or_create_by_dod_id(DOD_ID, atat_role_name="default")
assert user assert user
def test_get_user(): def test_get_user():
new_user = Users.create(DOD_ID, "developer") new_user = Users.create(DOD_ID, "default")
user = Users.get(new_user.id) user = Users.get(new_user.id)
assert user.id == new_user.id assert user.id == new_user.id
def test_get_nonexistent_user(): def test_get_nonexistent_user():
Users.create(DOD_ID, "developer") Users.create(DOD_ID, "default")
with pytest.raises(NotFoundError): with pytest.raises(NotFoundError):
Users.get(uuid4()) Users.get(uuid4())
def test_get_user_by_dod_id(): def test_get_user_by_dod_id():
new_user = Users.create(DOD_ID, "developer") new_user = Users.create(DOD_ID, "default")
user = Users.get_by_dod_id(DOD_ID) user = Users.get_by_dod_id(DOD_ID)
assert user == new_user assert user == new_user
def test_update_role(): def test_update_role():
new_user = Users.create(DOD_ID, "developer") new_user = Users.create(DOD_ID, "default")
updated_user = Users.update_role(new_user.id, "ccpo") updated_user = Users.update_role(new_user.id, "ccpo")
assert updated_user.atat_role.name == "ccpo" assert updated_user.atat_role.name == "ccpo"
def test_update_role_with_nonexistent_user(): def test_update_role_with_nonexistent_user():
Users.create(DOD_ID, "developer") Users.create(DOD_ID, "default")
with pytest.raises(NotFoundError): with pytest.raises(NotFoundError):
Users.update_role(uuid4(), "ccpo") Users.update_role(uuid4(), "ccpo")
def test_update_existing_user_with_nonexistent_role(): def test_update_existing_user_with_nonexistent_role():
new_user = Users.create(DOD_ID, "developer") new_user = Users.create(DOD_ID, "default")
with pytest.raises(NotFoundError): with pytest.raises(NotFoundError):
Users.update_role(new_user.id, "nonexistent") Users.update_role(new_user.id, "nonexistent")
def test_update_user(): def test_update_user():
new_user = Users.create(DOD_ID, "developer") new_user = Users.create(DOD_ID, "default")
updated_user = Users.update(new_user, {"first_name": "Jabba"}) updated_user = Users.update(new_user, {"first_name": "Jabba"})
assert updated_user.first_name == "Jabba" assert updated_user.first_name == "Jabba"
def test_update_user_with_dod_id(): def test_update_user_with_dod_id():
new_user = Users.create(DOD_ID, "developer") new_user = Users.create(DOD_ID, "default")
with pytest.raises(UnauthorizedError) as excinfo: with pytest.raises(UnauthorizedError) as excinfo:
Users.update(new_user, {"dod_id": "1234567890"}) Users.update(new_user, {"dod_id": "1234567890"})

1
tests/factories.py
View File

@ -16,7 +16,6 @@ from atst.models.permission_set import PermissionSet
from atst.models.portfolio import Portfolio from atst.models.portfolio import Portfolio
from atst.domain.permission_sets import ( from atst.domain.permission_sets import (
PermissionSets, PermissionSets,
PORTFOLIO_ROLES,
PORTFOLIO_PERMISSION_SETS, PORTFOLIO_PERMISSION_SETS,
_VIEW_PORTFOLIO_PERMISSION_SETS, _VIEW_PORTFOLIO_PERMISSION_SETS,
_EDIT_PORTFOLIO_PERMISSION_SETS, _EDIT_PORTFOLIO_PERMISSION_SETS,

2
tests/models/test_environments.py
View File

@ -5,7 +5,7 @@ from tests.factories import PortfolioFactory, UserFactory
def test_add_user_to_environment(): def test_add_user_to_environment():
owner = UserFactory.create() owner = UserFactory.create()
developer = UserFactory.from_atat_role("developer") developer = UserFactory.create()
portfolio = PortfolioFactory.create(owner=owner) portfolio = PortfolioFactory.create(owner=owner)
application = Applications.create( application = Applications.create(