workspace -> portfolio everywhere
This commit is contained in:
dandds
@@ -1,35 +1,35 @@
|
||||
from atst.domain.applications import Applications
|
||||
from tests.factories import RequestFactory, UserFactory, WorkspaceFactory
|
||||
from atst.domain.workspaces import Workspaces
|
||||
from tests.factories import RequestFactory, UserFactory, PortfolioFactory
|
||||
from atst.domain.portfolios import Portfolios
|
||||
|
||||
|
||||
def test_create_application_with_multiple_environments():
|
||||
request = RequestFactory.create()
|
||||
workspace = Workspaces.create_from_request(request)
|
||||
portfolio = Portfolios.create_from_request(request)
|
||||
application = Applications.create(
|
||||
workspace.owner, workspace, "My Test Application", "Test", ["dev", "prod"]
|
||||
portfolio.owner, portfolio, "My Test Application", "Test", ["dev", "prod"]
|
||||
)
|
||||
|
||||
assert application.workspace == workspace
|
||||
assert application.portfolio == portfolio
|
||||
assert application.name == "My Test Application"
|
||||
assert application.description == "Test"
|
||||
assert sorted(e.name for e in application.environments) == ["dev", "prod"]
|
||||
|
||||
|
||||
def test_workspace_owner_can_view_environments():
|
||||
def test_portfolio_owner_can_view_environments():
|
||||
owner = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
applications=[{"environments": [{"name": "dev"}, {"name": "prod"}]}],
|
||||
)
|
||||
application = Applications.get(owner, workspace, workspace.applications[0].id)
|
||||
application = Applications.get(owner, portfolio, portfolio.applications[0].id)
|
||||
|
||||
assert len(application.environments) == 2
|
||||
|
||||
|
||||
def test_can_only_update_name_and_description():
|
||||
owner = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
applications=[
|
||||
{
|
||||
@@ -39,11 +39,11 @@ def test_can_only_update_name_and_description():
|
||||
}
|
||||
],
|
||||
)
|
||||
application = Applications.get(owner, workspace, workspace.applications[0].id)
|
||||
application = Applications.get(owner, portfolio, portfolio.applications[0].id)
|
||||
env_name = application.environments[0].name
|
||||
Applications.update(
|
||||
owner,
|
||||
workspace,
|
||||
portfolio,
|
||||
application,
|
||||
{
|
||||
"name": "New Name",
|
||||
|
||||
@@ -3,11 +3,11 @@ import pytest
|
||||
from atst.domain.audit_log import AuditLog
|
||||
from atst.domain.exceptions import UnauthorizedError
|
||||
from atst.domain.roles import Roles
|
||||
from atst.models.workspace_role import Status as WorkspaceRoleStatus
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
from tests.factories import (
|
||||
UserFactory,
|
||||
WorkspaceFactory,
|
||||
WorkspaceRoleFactory,
|
||||
PortfolioFactory,
|
||||
PortfolioRoleFactory,
|
||||
ApplicationFactory,
|
||||
)
|
||||
|
||||
@@ -42,69 +42,69 @@ def test_paginate_audit_log(ccpo):
|
||||
|
||||
|
||||
def test_ccpo_can_view_ws_audit_log(ccpo):
|
||||
workspace = WorkspaceFactory.create()
|
||||
events = AuditLog.get_workspace_events(ccpo, workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
events = AuditLog.get_portfolio_events(ccpo, portfolio)
|
||||
assert len(events) > 0
|
||||
|
||||
|
||||
def test_ws_admin_can_view_ws_audit_log():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
admin = UserFactory.create()
|
||||
WorkspaceRoleFactory.create(
|
||||
workspace=workspace,
|
||||
PortfolioRoleFactory.create(
|
||||
portfolio=portfolio,
|
||||
user=admin,
|
||||
role=Roles.get("admin"),
|
||||
status=WorkspaceRoleStatus.ACTIVE,
|
||||
status=PortfolioRoleStatus.ACTIVE,
|
||||
)
|
||||
events = AuditLog.get_workspace_events(admin, workspace)
|
||||
events = AuditLog.get_portfolio_events(admin, portfolio)
|
||||
assert len(events) > 0
|
||||
|
||||
|
||||
def test_ws_owner_can_view_ws_audit_log():
|
||||
workspace = WorkspaceFactory.create()
|
||||
events = AuditLog.get_workspace_events(workspace.owner, workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
events = AuditLog.get_portfolio_events(portfolio.owner, portfolio)
|
||||
assert len(events) > 0
|
||||
|
||||
|
||||
def test_other_users_cannot_view_ws_audit_log():
|
||||
with pytest.raises(UnauthorizedError):
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
dev = UserFactory.create()
|
||||
WorkspaceRoleFactory.create(
|
||||
workspace=workspace,
|
||||
PortfolioRoleFactory.create(
|
||||
portfolio=portfolio,
|
||||
user=dev,
|
||||
role=Roles.get("developer"),
|
||||
status=WorkspaceRoleStatus.ACTIVE,
|
||||
status=PortfolioRoleStatus.ACTIVE,
|
||||
)
|
||||
AuditLog.get_workspace_events(dev, workspace)
|
||||
AuditLog.get_portfolio_events(dev, portfolio)
|
||||
|
||||
|
||||
def test_paginate_ws_audit_log():
|
||||
workspace = WorkspaceFactory.create()
|
||||
application = ApplicationFactory.create(workspace=workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
application = ApplicationFactory.create(portfolio=portfolio)
|
||||
for _ in range(100):
|
||||
AuditLog.log_system_event(
|
||||
resource=application, action="create", workspace=workspace
|
||||
resource=application, action="create", portfolio=portfolio
|
||||
)
|
||||
|
||||
events = AuditLog.get_workspace_events(
|
||||
workspace.owner, workspace, pagination_opts={"per_page": 25, "page": 2}
|
||||
events = AuditLog.get_portfolio_events(
|
||||
portfolio.owner, portfolio, pagination_opts={"per_page": 25, "page": 2}
|
||||
)
|
||||
assert len(events) == 25
|
||||
|
||||
|
||||
def test_ws_audit_log_only_includes_current_ws_events():
|
||||
owner = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(owner=owner)
|
||||
other_workspace = WorkspaceFactory.create(owner=owner)
|
||||
portfolio = PortfolioFactory.create(owner=owner)
|
||||
other_portfolio = PortfolioFactory.create(owner=owner)
|
||||
# Add some audit events
|
||||
application_1 = ApplicationFactory.create(workspace=workspace)
|
||||
application_2 = ApplicationFactory.create(workspace=other_workspace)
|
||||
application_1 = ApplicationFactory.create(portfolio=portfolio)
|
||||
application_2 = ApplicationFactory.create(portfolio=other_portfolio)
|
||||
|
||||
events = AuditLog.get_workspace_events(workspace.owner, workspace)
|
||||
events = AuditLog.get_portfolio_events(portfolio.owner, portfolio)
|
||||
for event in events:
|
||||
assert event.workspace_id == workspace.id or event.resource_id == workspace.id
|
||||
assert event.portfolio_id == portfolio.id or event.resource_id == portfolio.id
|
||||
assert (
|
||||
not event.workspace_id == other_workspace.id
|
||||
or event.resource_id == other_workspace.id
|
||||
not event.portfolio_id == other_portfolio.id
|
||||
or event.resource_id == other_portfolio.id
|
||||
)
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
from atst.domain.environments import Environments
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.domain.workspace_roles import WorkspaceRoles
|
||||
from atst.domain.portfolio_roles import PortfolioRoles
|
||||
|
||||
from tests.factories import ApplicationFactory, UserFactory, WorkspaceFactory
|
||||
from tests.factories import ApplicationFactory, UserFactory, PortfolioFactory
|
||||
|
||||
|
||||
def test_create_environments():
|
||||
@@ -16,7 +16,7 @@ def test_create_environment_role_creates_cloud_id(session):
|
||||
owner = UserFactory.create()
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
members=[{"user": developer, "role_name": "developer"}],
|
||||
applications=[
|
||||
@@ -24,23 +24,23 @@ def test_create_environment_role_creates_cloud_id(session):
|
||||
],
|
||||
)
|
||||
|
||||
env = workspace.applications[0].environments[0]
|
||||
env = portfolio.applications[0].environments[0]
|
||||
new_role = [{"id": env.id, "role": "developer"}]
|
||||
|
||||
workspace_role = workspace.members[0]
|
||||
assert not workspace_role.user.cloud_id
|
||||
portfolio_role = portfolio.members[0]
|
||||
assert not portfolio_role.user.cloud_id
|
||||
assert Environments.update_environment_roles(
|
||||
owner, workspace, workspace_role, new_role
|
||||
owner, portfolio, portfolio_role, new_role
|
||||
)
|
||||
|
||||
assert workspace_role.user.cloud_id is not None
|
||||
assert portfolio_role.user.cloud_id is not None
|
||||
|
||||
|
||||
def test_update_environment_roles():
|
||||
owner = UserFactory.create()
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
members=[{"user": developer, "role_name": "developer"}],
|
||||
applications=[
|
||||
@@ -61,19 +61,19 @@ def test_update_environment_roles():
|
||||
],
|
||||
)
|
||||
|
||||
dev_env = workspace.applications[0].environments[0]
|
||||
staging_env = workspace.applications[0].environments[1]
|
||||
dev_env = portfolio.applications[0].environments[0]
|
||||
staging_env = portfolio.applications[0].environments[1]
|
||||
new_ids_and_roles = [
|
||||
{"id": dev_env.id, "role": "billing_admin"},
|
||||
{"id": staging_env.id, "role": "developer"},
|
||||
]
|
||||
|
||||
workspace_role = workspace.members[0]
|
||||
portfolio_role = portfolio.members[0]
|
||||
assert Environments.update_environment_roles(
|
||||
owner, workspace, workspace_role, new_ids_and_roles
|
||||
owner, portfolio, portfolio_role, new_ids_and_roles
|
||||
)
|
||||
new_dev_env_role = EnvironmentRoles.get(workspace_role.user.id, dev_env.id)
|
||||
staging_env_role = EnvironmentRoles.get(workspace_role.user.id, staging_env.id)
|
||||
new_dev_env_role = EnvironmentRoles.get(portfolio_role.user.id, dev_env.id)
|
||||
staging_env_role = EnvironmentRoles.get(portfolio_role.user.id, staging_env.id)
|
||||
|
||||
assert new_dev_env_role.role == "billing_admin"
|
||||
assert staging_env_role.role == "developer"
|
||||
@@ -82,7 +82,7 @@ def test_update_environment_roles():
|
||||
def test_remove_environment_role():
|
||||
owner = UserFactory.create()
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
members=[{"user": developer, "role_name": "developer"}],
|
||||
applications=[
|
||||
@@ -109,7 +109,7 @@ def test_remove_environment_role():
|
||||
],
|
||||
)
|
||||
|
||||
application = workspace.applications[0]
|
||||
application = portfolio.applications[0]
|
||||
now_ba = application.environments[0].id
|
||||
now_none = application.environments[1].id
|
||||
still_fa = application.environments[2].id
|
||||
@@ -119,12 +119,12 @@ def test_remove_environment_role():
|
||||
{"id": now_none, "role": None},
|
||||
]
|
||||
|
||||
workspace_role = WorkspaceRoles.get(workspace.id, developer.id)
|
||||
portfolio_role = PortfolioRoles.get(portfolio.id, developer.id)
|
||||
assert Environments.update_environment_roles(
|
||||
owner, workspace, workspace_role, new_environment_roles
|
||||
owner, portfolio, portfolio_role, new_environment_roles
|
||||
)
|
||||
|
||||
assert workspace_role.num_environment_roles == 2
|
||||
assert portfolio_role.num_environment_roles == 2
|
||||
assert EnvironmentRoles.get(developer.id, now_ba).role == "billing_auditor"
|
||||
assert EnvironmentRoles.get(developer.id, now_none) is None
|
||||
assert EnvironmentRoles.get(developer.id, still_fa).role == "financial_auditor"
|
||||
@@ -134,7 +134,7 @@ def test_no_update_to_environment_roles():
|
||||
owner = UserFactory.create()
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner,
|
||||
members=[{"user": developer, "role_name": "developer"}],
|
||||
applications=[
|
||||
@@ -150,18 +150,18 @@ def test_no_update_to_environment_roles():
|
||||
],
|
||||
)
|
||||
|
||||
dev_env = workspace.applications[0].environments[0]
|
||||
dev_env = portfolio.applications[0].environments[0]
|
||||
new_ids_and_roles = [{"id": dev_env.id, "role": "devops"}]
|
||||
|
||||
workspace_role = WorkspaceRoles.get(workspace.id, developer.id)
|
||||
portfolio_role = PortfolioRoles.get(portfolio.id, developer.id)
|
||||
assert not Environments.update_environment_roles(
|
||||
owner, workspace, workspace_role, new_ids_and_roles
|
||||
owner, portfolio, portfolio_role, new_ids_and_roles
|
||||
)
|
||||
|
||||
|
||||
def test_get_scoped_environments(db):
|
||||
developer = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create(
|
||||
portfolio = PortfolioFactory.create(
|
||||
members=[{"user": developer, "role_name": "developer"}],
|
||||
applications=[
|
||||
{
|
||||
@@ -189,8 +189,8 @@ def test_get_scoped_environments(db):
|
||||
],
|
||||
)
|
||||
|
||||
application1_envs = Environments.for_user(developer, workspace.applications[0])
|
||||
application1_envs = Environments.for_user(developer, portfolio.applications[0])
|
||||
assert [env.name for env in application1_envs] == ["application1 dev"]
|
||||
|
||||
application2_envs = Environments.for_user(developer, workspace.applications[1])
|
||||
application2_envs = Environments.for_user(developer, portfolio.applications[1])
|
||||
assert [env.name for env in application2_envs] == ["application2 staging"]
|
||||
|
||||
@@ -11,8 +11,8 @@ from atst.domain.invitations import (
|
||||
from atst.models.invitation import Status
|
||||
|
||||
from tests.factories import (
|
||||
WorkspaceFactory,
|
||||
WorkspaceRoleFactory,
|
||||
PortfolioFactory,
|
||||
PortfolioRoleFactory,
|
||||
UserFactory,
|
||||
InvitationFactory,
|
||||
)
|
||||
@@ -21,22 +21,22 @@ from atst.domain.audit_log import AuditLog
|
||||
|
||||
|
||||
def test_create_invitation():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
invite = Invitations.create(workspace.owner, ws_role, user.email)
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = Invitations.create(portfolio.owner, ws_role, user.email)
|
||||
assert invite.user == user
|
||||
assert invite.workspace_role == ws_role
|
||||
assert invite.inviter == workspace.owner
|
||||
assert invite.portfolio_role == ws_role
|
||||
assert invite.inviter == portfolio.owner
|
||||
assert invite.status == Status.PENDING
|
||||
assert re.match(r"^[\w\-_]+$", invite.token)
|
||||
|
||||
|
||||
def test_accept_invitation():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
invite = Invitations.create(workspace.owner, ws_role, user.email)
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = Invitations.create(portfolio.owner, ws_role, user.email)
|
||||
assert invite.is_pending
|
||||
accepted_invite = Invitations.accept(user, invite.token)
|
||||
assert accepted_invite.is_accepted
|
||||
@@ -44,15 +44,15 @@ def test_accept_invitation():
|
||||
|
||||
def test_accept_expired_invitation():
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
increment = Invitations.EXPIRATION_LIMIT_MINUTES + 1
|
||||
expiration_time = datetime.datetime.now() - datetime.timedelta(minutes=increment)
|
||||
invite = InvitationFactory.create(
|
||||
user=user,
|
||||
expiration_time=expiration_time,
|
||||
status=Status.PENDING,
|
||||
workspace_role=ws_role,
|
||||
portfolio_role=ws_role,
|
||||
)
|
||||
with pytest.raises(ExpiredError):
|
||||
Invitations.accept(user, invite.token)
|
||||
@@ -62,10 +62,10 @@ def test_accept_expired_invitation():
|
||||
|
||||
def test_accept_rejected_invite():
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = InvitationFactory.create(
|
||||
user=user, status=Status.REJECTED_EXPIRED, workspace_role=ws_role
|
||||
user=user, status=Status.REJECTED_EXPIRED, portfolio_role=ws_role
|
||||
)
|
||||
with pytest.raises(InvitationError):
|
||||
Invitations.accept(user, invite.token)
|
||||
@@ -73,10 +73,10 @@ def test_accept_rejected_invite():
|
||||
|
||||
def test_accept_revoked_invite():
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = InvitationFactory.create(
|
||||
user=user, status=Status.REVOKED, workspace_role=ws_role
|
||||
user=user, status=Status.REVOKED, portfolio_role=ws_role
|
||||
)
|
||||
with pytest.raises(InvitationError):
|
||||
Invitations.accept(user, invite.token)
|
||||
@@ -84,20 +84,20 @@ def test_accept_revoked_invite():
|
||||
|
||||
def test_wrong_user_accepts_invitation():
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
wrong_user = UserFactory.create()
|
||||
invite = InvitationFactory.create(user=user, workspace_role=ws_role)
|
||||
invite = InvitationFactory.create(user=user, portfolio_role=ws_role)
|
||||
with pytest.raises(WrongUserError):
|
||||
Invitations.accept(wrong_user, invite.token)
|
||||
|
||||
|
||||
def test_user_cannot_accept_invitation_accepted_by_wrong_user():
|
||||
user = UserFactory.create()
|
||||
workspace = WorkspaceFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
portfolio = PortfolioFactory.create()
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
wrong_user = UserFactory.create()
|
||||
invite = InvitationFactory.create(user=user, workspace_role=ws_role)
|
||||
invite = InvitationFactory.create(user=user, portfolio_role=ws_role)
|
||||
with pytest.raises(WrongUserError):
|
||||
Invitations.accept(wrong_user, invite.token)
|
||||
with pytest.raises(InvitationError):
|
||||
@@ -105,40 +105,40 @@ def test_user_cannot_accept_invitation_accepted_by_wrong_user():
|
||||
|
||||
|
||||
def test_accept_invitation_twice():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
invite = Invitations.create(workspace.owner, ws_role, user.email)
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = Invitations.create(portfolio.owner, ws_role, user.email)
|
||||
Invitations.accept(user, invite.token)
|
||||
with pytest.raises(InvitationError):
|
||||
Invitations.accept(user, invite.token)
|
||||
|
||||
|
||||
def test_revoke_invitation():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
invite = Invitations.create(workspace.owner, ws_role, user.email)
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = Invitations.create(portfolio.owner, ws_role, user.email)
|
||||
assert invite.is_pending
|
||||
Invitations.revoke(invite.token)
|
||||
assert invite.is_revoked
|
||||
|
||||
|
||||
def test_resend_invitation():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
invite = Invitations.create(workspace.owner, ws_role, user.email)
|
||||
Invitations.resend(workspace.owner, workspace.id, invite.token)
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = Invitations.create(portfolio.owner, ws_role, user.email)
|
||||
Invitations.resend(portfolio.owner, portfolio.id, invite.token)
|
||||
assert ws_role.invitations[0].is_revoked
|
||||
assert ws_role.invitations[1].is_pending
|
||||
|
||||
|
||||
def test_audit_event_for_accepted_invite():
|
||||
workspace = WorkspaceFactory.create()
|
||||
portfolio = PortfolioFactory.create()
|
||||
user = UserFactory.create()
|
||||
ws_role = WorkspaceRoleFactory.create(user=user, workspace=workspace)
|
||||
invite = Invitations.create(workspace.owner, ws_role, user.email)
|
||||
ws_role = PortfolioRoleFactory.create(user=user, portfolio=portfolio)
|
||||
invite = Invitations.create(portfolio.owner, ws_role, user.email)
|
||||
invite = Invitations.accept(user, invite.token)
|
||||
|
||||
accepted_event = AuditLog.get_by_resource(invite.id)[0]
|
||||
|
||||
65
tests/domain/test_portfolio_roles.py
Normal file
65
tests/domain/test_portfolio_roles.py
Normal file
@@ -0,0 +1,65 @@
|
||||
from atst.domain.portfolio_roles import PortfolioRoles
|
||||
from atst.domain.users import Users
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
from atst.domain.roles import Roles
|
||||
|
||||
from tests.factories import (
|
||||
PortfolioFactory,
|
||||
UserFactory,
|
||||
InvitationFactory,
|
||||
PortfolioRoleFactory,
|
||||
)
|
||||
|
||||
|
||||
def test_can_create_new_portfolio_role():
|
||||
portfolio = PortfolioFactory.create()
|
||||
new_user = UserFactory.create()
|
||||
|
||||
portfolio_role_dicts = [{"id": new_user.id, "portfolio_role": "owner"}]
|
||||
portfolio_roles = PortfolioRoles.add_many(portfolio.id, portfolio_role_dicts)
|
||||
|
||||
assert portfolio_roles[0].user_id == new_user.id
|
||||
assert portfolio_roles[0].user.atat_role.name == new_user.atat_role.name
|
||||
assert portfolio_roles[0].role.name == new_user.portfolio_roles[0].role.name
|
||||
|
||||
|
||||
def test_can_update_existing_portfolio_role():
|
||||
portfolio = PortfolioFactory.create()
|
||||
new_user = UserFactory.create()
|
||||
|
||||
PortfolioRoles.add_many(
|
||||
portfolio.id, [{"id": new_user.id, "portfolio_role": "owner"}]
|
||||
)
|
||||
portfolio_roles = PortfolioRoles.add_many(
|
||||
portfolio.id, [{"id": new_user.id, "portfolio_role": "developer"}]
|
||||
)
|
||||
|
||||
assert portfolio_roles[0].user.atat_role.name == new_user.atat_role.name
|
||||
assert portfolio_roles[0].role.name == new_user.portfolio_roles[0].role.name
|
||||
|
||||
|
||||
def test_portfolio_role_permissions():
|
||||
portfolio_one = PortfolioFactory.create()
|
||||
portfolio_two = PortfolioFactory.create()
|
||||
new_user = UserFactory.create()
|
||||
PortfolioRoleFactory.create(
|
||||
portfolio=portfolio_one,
|
||||
user=new_user,
|
||||
role=Roles.get("developer"),
|
||||
status=PortfolioRoleStatus.ACTIVE,
|
||||
)
|
||||
PortfolioRoleFactory.create(
|
||||
portfolio=portfolio_two,
|
||||
user=new_user,
|
||||
role=Roles.get("developer"),
|
||||
status=PortfolioRoleStatus.PENDING,
|
||||
)
|
||||
|
||||
default_perms = set(new_user.atat_role.permissions)
|
||||
assert len(
|
||||
PortfolioRoles.portfolio_role_permissions(portfolio_one, new_user)
|
||||
) > len(default_perms)
|
||||
assert (
|
||||
PortfolioRoles.portfolio_role_permissions(portfolio_two, new_user)
|
||||
== default_perms
|
||||
)
|
||||
358
tests/domain/test_portfolios.py
Normal file
358
tests/domain/test_portfolios.py
Normal file
@@ -0,0 +1,358 @@
|
||||
import pytest
|
||||
from uuid import uuid4
|
||||
|
||||
from atst.domain.exceptions import NotFoundError, UnauthorizedError
|
||||
from atst.domain.portfolios import Portfolios, PortfolioError
|
||||
from atst.domain.portfolio_roles import PortfolioRoles
|
||||
from atst.domain.applications import Applications
|
||||
from atst.domain.environments import Environments
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
|
||||
from tests.factories import (
|
||||
RequestFactory,
|
||||
UserFactory,
|
||||
PortfolioRoleFactory,
|
||||
PortfolioFactory,
|
||||
)
|
||||
|
||||
|
||||
@pytest.fixture(scope="function")
|
||||
def portfolio_owner():
|
||||
return UserFactory.create()
|
||||
|
||||
|
||||
@pytest.fixture(scope="function")
|
||||
def request_(portfolio_owner):
|
||||
return RequestFactory.create(creator=portfolio_owner)
|
||||
|
||||
|
||||
@pytest.fixture(scope="function")
|
||||
def portfolio(request_):
|
||||
portfolio = Portfolios.create_from_request(request_)
|
||||
return portfolio
|
||||
|
||||
|
||||
def test_can_create_portfolio(request_):
|
||||
portfolio = Portfolios.create_from_request(request_, name="frugal-whale")
|
||||
assert portfolio.name == "frugal-whale"
|
||||
|
||||
|
||||
def test_request_is_associated_with_portfolio(portfolio, request_):
|
||||
assert portfolio.request == request_
|
||||
|
||||
|
||||
def test_default_portfolio_name_is_request_name(portfolio, request_):
|
||||
assert portfolio.name == str(request_.displayname)
|
||||
|
||||
|
||||
def test_get_nonexistent_portfolio_raises():
|
||||
with pytest.raises(NotFoundError):
|
||||
Portfolios.get(UserFactory.build(), uuid4())
|
||||
|
||||
|
||||
def test_can_get_portfolio_by_request(portfolio):
|
||||
found = Portfolios.get_by_request(portfolio.request)
|
||||
assert portfolio == found
|
||||
|
||||
|
||||
def test_creating_portfolio_adds_owner(portfolio, portfolio_owner):
|
||||
assert portfolio.roles[0].user == portfolio_owner
|
||||
|
||||
|
||||
def test_portfolio_has_timestamps(portfolio):
|
||||
assert portfolio.time_created == portfolio.time_updated
|
||||
|
||||
|
||||
def test_portfolios_get_ensures_user_is_in_portfolio(portfolio, portfolio_owner):
|
||||
outside_user = UserFactory.create()
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Portfolios.get(outside_user, portfolio.id)
|
||||
|
||||
|
||||
def test_get_for_update_applications_allows_owner(portfolio, portfolio_owner):
|
||||
Portfolios.get_for_update_applications(portfolio_owner, portfolio.id)
|
||||
|
||||
|
||||
def test_get_for_update_applications_blocks_developer(portfolio):
|
||||
developer = UserFactory.create()
|
||||
PortfolioRoles.add(developer, portfolio.id, "developer")
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Portfolios.get_for_update_applications(developer, portfolio.id)
|
||||
|
||||
|
||||
def test_can_create_portfolio_role(portfolio, portfolio_owner):
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"portfolio_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
|
||||
new_member = Portfolios.create_member(portfolio_owner, portfolio, user_data)
|
||||
assert new_member.portfolio == portfolio
|
||||
assert new_member.user.provisional
|
||||
|
||||
|
||||
def test_can_add_existing_user_to_portfolio(portfolio, portfolio_owner):
|
||||
user = UserFactory.create()
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"portfolio_role": "developer",
|
||||
"dod_id": user.dod_id,
|
||||
}
|
||||
|
||||
new_member = Portfolios.create_member(portfolio_owner, portfolio, user_data)
|
||||
assert new_member.portfolio == portfolio
|
||||
assert new_member.user.email == user.email
|
||||
assert not new_member.user.provisional
|
||||
|
||||
|
||||
def test_need_permission_to_create_portfolio_role(portfolio, portfolio_owner):
|
||||
random_user = UserFactory.create()
|
||||
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"portfolio_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Portfolios.create_member(random_user, portfolio, user_data)
|
||||
|
||||
|
||||
def test_update_portfolio_role_role(portfolio, portfolio_owner):
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"portfolio_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
PortfolioRoleFactory._meta.sqlalchemy_session_persistence = "flush"
|
||||
member = PortfolioRoleFactory.create(portfolio=portfolio)
|
||||
role_name = "admin"
|
||||
|
||||
updated_member = Portfolios.update_member(
|
||||
portfolio_owner, portfolio, member, role_name
|
||||
)
|
||||
assert updated_member.portfolio == portfolio
|
||||
assert updated_member.role_name == role_name
|
||||
|
||||
|
||||
def test_need_permission_to_update_portfolio_role_role(portfolio, portfolio_owner):
|
||||
random_user = UserFactory.create()
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"portfolio_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
member = Portfolios.create_member(portfolio_owner, portfolio, user_data)
|
||||
role_name = "developer"
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Portfolios.update_member(random_user, portfolio, member, role_name)
|
||||
|
||||
|
||||
def test_owner_can_view_portfolio_members(portfolio, portfolio_owner):
|
||||
portfolio_owner = UserFactory.create()
|
||||
portfolio = Portfolios.create_from_request(
|
||||
RequestFactory.create(creator=portfolio_owner)
|
||||
)
|
||||
portfolio = Portfolios.get_with_members(portfolio_owner, portfolio.id)
|
||||
|
||||
assert portfolio
|
||||
|
||||
|
||||
def test_ccpo_can_view_portfolio_members(portfolio, portfolio_owner):
|
||||
ccpo = UserFactory.from_atat_role("ccpo")
|
||||
assert Portfolios.get_with_members(ccpo, portfolio.id)
|
||||
|
||||
|
||||
def test_random_user_cannot_view_portfolio_members(portfolio):
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
portfolio = Portfolios.get_with_members(developer, portfolio.id)
|
||||
|
||||
|
||||
def test_scoped_portfolio_only_returns_a_users_applications_and_environments(
|
||||
portfolio, portfolio_owner
|
||||
):
|
||||
new_application = Applications.create(
|
||||
portfolio_owner,
|
||||
portfolio,
|
||||
"My Application",
|
||||
"My application",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
Applications.create(
|
||||
portfolio_owner,
|
||||
portfolio,
|
||||
"My Application 2",
|
||||
"My application 2",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
dev_environment = Environments.add_member(
|
||||
new_application.environments[0], developer, "developer"
|
||||
)
|
||||
|
||||
scoped_portfolio = Portfolios.get(developer, portfolio.id)
|
||||
|
||||
# Should only return the application and environment in which the user has an
|
||||
# environment role.
|
||||
assert scoped_portfolio.applications == [new_application]
|
||||
assert scoped_portfolio.applications[0].environments == [dev_environment]
|
||||
|
||||
|
||||
def test_scoped_portfolio_returns_all_applications_for_portfolio_admin(
|
||||
portfolio, portfolio_owner
|
||||
):
|
||||
for _ in range(5):
|
||||
Applications.create(
|
||||
portfolio_owner,
|
||||
portfolio,
|
||||
"My Application",
|
||||
"My application",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
|
||||
admin = UserFactory.from_atat_role("default")
|
||||
Portfolios._create_portfolio_role(
|
||||
admin, portfolio, "admin", status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
scoped_portfolio = Portfolios.get(admin, portfolio.id)
|
||||
|
||||
assert len(scoped_portfolio.applications) == 5
|
||||
assert len(scoped_portfolio.applications[0].environments) == 3
|
||||
|
||||
|
||||
def test_scoped_portfolio_returns_all_applications_for_portfolio_owner(
|
||||
portfolio, portfolio_owner
|
||||
):
|
||||
for _ in range(5):
|
||||
Applications.create(
|
||||
portfolio_owner,
|
||||
portfolio,
|
||||
"My Application",
|
||||
"My application",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
|
||||
scoped_portfolio = Portfolios.get(portfolio_owner, portfolio.id)
|
||||
|
||||
assert len(scoped_portfolio.applications) == 5
|
||||
assert len(scoped_portfolio.applications[0].environments) == 3
|
||||
|
||||
|
||||
def test_for_user_returns_active_portfolios_for_user(portfolio, portfolio_owner):
|
||||
bob = UserFactory.from_atat_role("default")
|
||||
PortfolioRoleFactory.create(
|
||||
user=bob, portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
Portfolios.create_from_request(RequestFactory.create())
|
||||
|
||||
bobs_portfolios = Portfolios.for_user(bob)
|
||||
|
||||
assert len(bobs_portfolios) == 1
|
||||
|
||||
|
||||
def test_for_user_does_not_return_inactive_portfolios(portfolio, portfolio_owner):
|
||||
bob = UserFactory.from_atat_role("default")
|
||||
Portfolios.add_member(portfolio, bob, "developer")
|
||||
Portfolios.create_from_request(RequestFactory.create())
|
||||
bobs_portfolios = Portfolios.for_user(bob)
|
||||
|
||||
assert len(bobs_portfolios) == 0
|
||||
|
||||
|
||||
def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner):
|
||||
sam = UserFactory.from_atat_role("ccpo")
|
||||
Portfolios.create_from_request(RequestFactory.create())
|
||||
|
||||
sams_portfolios = Portfolios.for_user(sam)
|
||||
assert len(sams_portfolios) == 2
|
||||
|
||||
|
||||
def test_get_for_update_information():
|
||||
portfolio_owner = UserFactory.create()
|
||||
portfolio = Portfolios.create_from_request(
|
||||
RequestFactory.create(creator=portfolio_owner)
|
||||
)
|
||||
owner_ws = Portfolios.get_for_update_information(portfolio_owner, portfolio.id)
|
||||
assert portfolio == owner_ws
|
||||
|
||||
admin = UserFactory.create()
|
||||
Portfolios._create_portfolio_role(
|
||||
admin, portfolio, "admin", status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
admin_ws = Portfolios.get_for_update_information(admin, portfolio.id)
|
||||
assert portfolio == admin_ws
|
||||
|
||||
ccpo = UserFactory.from_atat_role("ccpo")
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Portfolios.get_for_update_information(ccpo, portfolio.id)
|
||||
|
||||
|
||||
def test_can_create_portfolios_with_matching_names():
|
||||
portfolio_name = "Great Portfolio"
|
||||
Portfolios.create_from_request(RequestFactory.create(), name=portfolio_name)
|
||||
Portfolios.create_from_request(RequestFactory.create(), name=portfolio_name)
|
||||
|
||||
|
||||
def test_able_to_revoke_portfolio_access_for_active_member():
|
||||
portfolio = PortfolioFactory.create()
|
||||
portfolio_role = PortfolioRoleFactory.create(
|
||||
portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
Portfolios.revoke_access(portfolio.owner, portfolio.id, portfolio_role.id)
|
||||
assert Portfolios.for_user(portfolio_role.user) == []
|
||||
|
||||
|
||||
def test_can_revoke_access():
|
||||
portfolio = PortfolioFactory.create()
|
||||
owner_role = portfolio.roles[0]
|
||||
portfolio_role = PortfolioRoleFactory.create(
|
||||
portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE
|
||||
)
|
||||
|
||||
assert Portfolios.can_revoke_access_for(portfolio, portfolio_role)
|
||||
assert not Portfolios.can_revoke_access_for(portfolio, owner_role)
|
||||
|
||||
|
||||
def test_unable_to_revoke_owner_portfolio_access():
|
||||
portfolio = PortfolioFactory.create()
|
||||
owner_portfolio_role = portfolio.roles[0]
|
||||
|
||||
with pytest.raises(PortfolioError):
|
||||
Portfolios.revoke_access(portfolio.owner, portfolio.id, owner_portfolio_role.id)
|
||||
|
||||
|
||||
def test_disabled_members_dont_show_up(session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
PortfolioRoleFactory.create(portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE)
|
||||
PortfolioRoleFactory.create(
|
||||
portfolio=portfolio, status=PortfolioRoleStatus.DISABLED
|
||||
)
|
||||
|
||||
# should only return portfolio owner and ACTIVE member
|
||||
assert len(portfolio.members) == 2
|
||||
|
||||
|
||||
def test_does_not_count_disabled_members(session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
PortfolioRoleFactory.create(portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE)
|
||||
PortfolioRoleFactory.create(portfolio=portfolio)
|
||||
PortfolioRoleFactory.create(
|
||||
portfolio=portfolio, status=PortfolioRoleStatus.DISABLED
|
||||
)
|
||||
|
||||
assert portfolio.user_count == 3
|
||||
@@ -1,19 +1,19 @@
|
||||
from atst.domain.reports import Reports
|
||||
|
||||
from tests.factories import RequestFactory, LegacyTaskOrderFactory, WorkspaceFactory
|
||||
from tests.factories import RequestFactory, LegacyTaskOrderFactory, PortfolioFactory
|
||||
|
||||
CLIN_NUMS = ["0001", "0003", "1001", "1003", "2001", "2003"]
|
||||
|
||||
|
||||
def test_workspace_totals():
|
||||
def test_portfolio_totals():
|
||||
legacy_task_order = LegacyTaskOrderFactory.create()
|
||||
|
||||
for num in CLIN_NUMS:
|
||||
setattr(legacy_task_order, "clin_{}".format(num), 200)
|
||||
|
||||
request = RequestFactory.create(legacy_task_order=legacy_task_order)
|
||||
workspace = WorkspaceFactory.create(request=request)
|
||||
report = Reports.workspace_totals(workspace)
|
||||
portfolio = PortfolioFactory.create(request=request)
|
||||
report = Reports.portfolio_totals(portfolio)
|
||||
total = 200 * len(CLIN_NUMS)
|
||||
assert report == {"budget": total, "spent": 0}
|
||||
|
||||
@@ -21,18 +21,18 @@ def test_workspace_totals():
|
||||
# this is sketched in until we do real reporting
|
||||
def test_monthly_totals():
|
||||
request = RequestFactory.create()
|
||||
workspace = WorkspaceFactory.create(request=request)
|
||||
monthly = Reports.monthly_totals(workspace)
|
||||
portfolio = PortfolioFactory.create(request=request)
|
||||
monthly = Reports.monthly_totals(portfolio)
|
||||
|
||||
assert not monthly["environments"]
|
||||
assert not monthly["applications"]
|
||||
assert not monthly["workspace"]
|
||||
assert not monthly["portfolio"]
|
||||
|
||||
|
||||
# this is sketched in until we do real reporting
|
||||
def test_cumulative_budget():
|
||||
request = RequestFactory.create()
|
||||
workspace = WorkspaceFactory.create(request=request)
|
||||
months = Reports.cumulative_budget(workspace)
|
||||
portfolio = PortfolioFactory.create(request=request)
|
||||
months = Reports.cumulative_budget(portfolio)
|
||||
|
||||
assert len(months["months"]) == 12
|
||||
|
||||
@@ -224,10 +224,10 @@ def test_random_user_cannot_view_request():
|
||||
assert not RequestsAuthorization(user, request).can_view
|
||||
|
||||
|
||||
def test_auto_approve_and_create_workspace():
|
||||
def test_auto_approve_and_create_portfolio():
|
||||
request = RequestFactory.create()
|
||||
workspace = Requests.auto_approve_and_create_workspace(request)
|
||||
assert workspace
|
||||
portfolio = Requests.auto_approve_and_create_portfolio(request)
|
||||
assert portfolio
|
||||
assert request.reviews[0]
|
||||
assert request.reviews[0].full_name_reviewer == "System"
|
||||
|
||||
|
||||
@@ -6,8 +6,8 @@ from atst.domain.exceptions import UnauthorizedError
|
||||
from tests.factories import (
|
||||
TaskOrderFactory,
|
||||
UserFactory,
|
||||
WorkspaceRoleFactory,
|
||||
WorkspaceFactory,
|
||||
PortfolioRoleFactory,
|
||||
PortfolioFactory,
|
||||
)
|
||||
|
||||
|
||||
@@ -40,31 +40,31 @@ def test_all_sections_complete():
|
||||
def test_add_officer():
|
||||
task_order = TaskOrderFactory.create()
|
||||
ko = UserFactory.create()
|
||||
owner = task_order.workspace.owner
|
||||
owner = task_order.portfolio.owner
|
||||
TaskOrders.add_officer(owner, task_order, "contracting_officer", ko.to_dictionary())
|
||||
|
||||
assert task_order.contracting_officer == ko
|
||||
workspace_users = [ws_role.user for ws_role in task_order.workspace.members]
|
||||
assert ko in workspace_users
|
||||
portfolio_users = [ws_role.user for ws_role in task_order.portfolio.members]
|
||||
assert ko in portfolio_users
|
||||
|
||||
|
||||
def test_add_officer_with_nonexistent_role():
|
||||
task_order = TaskOrderFactory.create()
|
||||
ko = UserFactory.create()
|
||||
owner = task_order.workspace.owner
|
||||
owner = task_order.portfolio.owner
|
||||
with pytest.raises(TaskOrderError):
|
||||
TaskOrders.add_officer(owner, task_order, "pilot", ko.to_dictionary())
|
||||
|
||||
|
||||
def test_add_officer_who_is_already_workspace_member():
|
||||
def test_add_officer_who_is_already_portfolio_member():
|
||||
task_order = TaskOrderFactory.create()
|
||||
owner = task_order.workspace.owner
|
||||
owner = task_order.portfolio.owner
|
||||
TaskOrders.add_officer(
|
||||
owner, task_order, "contracting_officer", owner.to_dictionary()
|
||||
)
|
||||
|
||||
assert task_order.contracting_officer == owner
|
||||
member = task_order.workspace.members[0]
|
||||
member = task_order.portfolio.members[0]
|
||||
assert member.user == owner and member.role_name == "owner"
|
||||
|
||||
|
||||
@@ -84,15 +84,15 @@ def test_task_order_access():
|
||||
with pytest.raises(UnauthorizedError):
|
||||
method(user, *method_args)
|
||||
|
||||
workspace = WorkspaceFactory.create(owner=creator)
|
||||
task_order = TaskOrderFactory.create(creator=creator, workspace=workspace)
|
||||
WorkspaceRoleFactory.create(user=member, workspace=task_order.workspace)
|
||||
portfolio = PortfolioFactory.create(owner=creator)
|
||||
task_order = TaskOrderFactory.create(creator=creator, portfolio=portfolio)
|
||||
PortfolioRoleFactory.create(user=member, portfolio=task_order.portfolio)
|
||||
TaskOrders.add_officer(
|
||||
creator, task_order, "contracting_officer", officer.to_dictionary()
|
||||
)
|
||||
|
||||
check_access([creator, officer], [member, rando], "get", [task_order.id])
|
||||
check_access([creator], [officer, member, rando], "create", [workspace])
|
||||
check_access([creator], [officer, member, rando], "create", [portfolio])
|
||||
check_access([creator, officer], [member, rando], "update", [task_order])
|
||||
check_access(
|
||||
[creator],
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
from atst.domain.workspace_roles import WorkspaceRoles
|
||||
from atst.domain.users import Users
|
||||
from atst.models.workspace_role import Status as WorkspaceRoleStatus
|
||||
from atst.domain.roles import Roles
|
||||
|
||||
from tests.factories import (
|
||||
WorkspaceFactory,
|
||||
UserFactory,
|
||||
InvitationFactory,
|
||||
WorkspaceRoleFactory,
|
||||
)
|
||||
|
||||
|
||||
def test_can_create_new_workspace_role():
|
||||
workspace = WorkspaceFactory.create()
|
||||
new_user = UserFactory.create()
|
||||
|
||||
workspace_role_dicts = [{"id": new_user.id, "workspace_role": "owner"}]
|
||||
workspace_roles = WorkspaceRoles.add_many(workspace.id, workspace_role_dicts)
|
||||
|
||||
assert workspace_roles[0].user_id == new_user.id
|
||||
assert workspace_roles[0].user.atat_role.name == new_user.atat_role.name
|
||||
assert workspace_roles[0].role.name == new_user.workspace_roles[0].role.name
|
||||
|
||||
|
||||
def test_can_update_existing_workspace_role():
|
||||
workspace = WorkspaceFactory.create()
|
||||
new_user = UserFactory.create()
|
||||
|
||||
WorkspaceRoles.add_many(
|
||||
workspace.id, [{"id": new_user.id, "workspace_role": "owner"}]
|
||||
)
|
||||
workspace_roles = WorkspaceRoles.add_many(
|
||||
workspace.id, [{"id": new_user.id, "workspace_role": "developer"}]
|
||||
)
|
||||
|
||||
assert workspace_roles[0].user.atat_role.name == new_user.atat_role.name
|
||||
assert workspace_roles[0].role.name == new_user.workspace_roles[0].role.name
|
||||
|
||||
|
||||
def test_workspace_role_permissions():
|
||||
workspace_one = WorkspaceFactory.create()
|
||||
workspace_two = WorkspaceFactory.create()
|
||||
new_user = UserFactory.create()
|
||||
WorkspaceRoleFactory.create(
|
||||
workspace=workspace_one,
|
||||
user=new_user,
|
||||
role=Roles.get("developer"),
|
||||
status=WorkspaceRoleStatus.ACTIVE,
|
||||
)
|
||||
WorkspaceRoleFactory.create(
|
||||
workspace=workspace_two,
|
||||
user=new_user,
|
||||
role=Roles.get("developer"),
|
||||
status=WorkspaceRoleStatus.PENDING,
|
||||
)
|
||||
|
||||
default_perms = set(new_user.atat_role.permissions)
|
||||
assert len(
|
||||
WorkspaceRoles.workspace_role_permissions(workspace_one, new_user)
|
||||
) > len(default_perms)
|
||||
assert (
|
||||
WorkspaceRoles.workspace_role_permissions(workspace_two, new_user)
|
||||
== default_perms
|
||||
)
|
||||
@@ -1,358 +0,0 @@
|
||||
import pytest
|
||||
from uuid import uuid4
|
||||
|
||||
from atst.domain.exceptions import NotFoundError, UnauthorizedError
|
||||
from atst.domain.workspaces import Workspaces, WorkspaceError
|
||||
from atst.domain.workspace_roles import WorkspaceRoles
|
||||
from atst.domain.applications import Applications
|
||||
from atst.domain.environments import Environments
|
||||
from atst.models.workspace_role import Status as WorkspaceRoleStatus
|
||||
|
||||
from tests.factories import (
|
||||
RequestFactory,
|
||||
UserFactory,
|
||||
WorkspaceRoleFactory,
|
||||
WorkspaceFactory,
|
||||
)
|
||||
|
||||
|
||||
@pytest.fixture(scope="function")
|
||||
def workspace_owner():
|
||||
return UserFactory.create()
|
||||
|
||||
|
||||
@pytest.fixture(scope="function")
|
||||
def request_(workspace_owner):
|
||||
return RequestFactory.create(creator=workspace_owner)
|
||||
|
||||
|
||||
@pytest.fixture(scope="function")
|
||||
def workspace(request_):
|
||||
workspace = Workspaces.create_from_request(request_)
|
||||
return workspace
|
||||
|
||||
|
||||
def test_can_create_workspace(request_):
|
||||
workspace = Workspaces.create_from_request(request_, name="frugal-whale")
|
||||
assert workspace.name == "frugal-whale"
|
||||
|
||||
|
||||
def test_request_is_associated_with_workspace(workspace, request_):
|
||||
assert workspace.request == request_
|
||||
|
||||
|
||||
def test_default_workspace_name_is_request_name(workspace, request_):
|
||||
assert workspace.name == str(request_.displayname)
|
||||
|
||||
|
||||
def test_get_nonexistent_workspace_raises():
|
||||
with pytest.raises(NotFoundError):
|
||||
Workspaces.get(UserFactory.build(), uuid4())
|
||||
|
||||
|
||||
def test_can_get_workspace_by_request(workspace):
|
||||
found = Workspaces.get_by_request(workspace.request)
|
||||
assert workspace == found
|
||||
|
||||
|
||||
def test_creating_workspace_adds_owner(workspace, workspace_owner):
|
||||
assert workspace.roles[0].user == workspace_owner
|
||||
|
||||
|
||||
def test_workspace_has_timestamps(workspace):
|
||||
assert workspace.time_created == workspace.time_updated
|
||||
|
||||
|
||||
def test_workspaces_get_ensures_user_is_in_workspace(workspace, workspace_owner):
|
||||
outside_user = UserFactory.create()
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Workspaces.get(outside_user, workspace.id)
|
||||
|
||||
|
||||
def test_get_for_update_applications_allows_owner(workspace, workspace_owner):
|
||||
Workspaces.get_for_update_applications(workspace_owner, workspace.id)
|
||||
|
||||
|
||||
def test_get_for_update_applications_blocks_developer(workspace):
|
||||
developer = UserFactory.create()
|
||||
WorkspaceRoles.add(developer, workspace.id, "developer")
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Workspaces.get_for_update_applications(developer, workspace.id)
|
||||
|
||||
|
||||
def test_can_create_workspace_role(workspace, workspace_owner):
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"workspace_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
|
||||
new_member = Workspaces.create_member(workspace_owner, workspace, user_data)
|
||||
assert new_member.workspace == workspace
|
||||
assert new_member.user.provisional
|
||||
|
||||
|
||||
def test_can_add_existing_user_to_workspace(workspace, workspace_owner):
|
||||
user = UserFactory.create()
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"workspace_role": "developer",
|
||||
"dod_id": user.dod_id,
|
||||
}
|
||||
|
||||
new_member = Workspaces.create_member(workspace_owner, workspace, user_data)
|
||||
assert new_member.workspace == workspace
|
||||
assert new_member.user.email == user.email
|
||||
assert not new_member.user.provisional
|
||||
|
||||
|
||||
def test_need_permission_to_create_workspace_role(workspace, workspace_owner):
|
||||
random_user = UserFactory.create()
|
||||
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"workspace_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Workspaces.create_member(random_user, workspace, user_data)
|
||||
|
||||
|
||||
def test_update_workspace_role_role(workspace, workspace_owner):
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"workspace_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
WorkspaceRoleFactory._meta.sqlalchemy_session_persistence = "flush"
|
||||
member = WorkspaceRoleFactory.create(workspace=workspace)
|
||||
role_name = "admin"
|
||||
|
||||
updated_member = Workspaces.update_member(
|
||||
workspace_owner, workspace, member, role_name
|
||||
)
|
||||
assert updated_member.workspace == workspace
|
||||
assert updated_member.role_name == role_name
|
||||
|
||||
|
||||
def test_need_permission_to_update_workspace_role_role(workspace, workspace_owner):
|
||||
random_user = UserFactory.create()
|
||||
user_data = {
|
||||
"first_name": "New",
|
||||
"last_name": "User",
|
||||
"email": "new.user@mail.com",
|
||||
"workspace_role": "developer",
|
||||
"dod_id": "1234567890",
|
||||
}
|
||||
member = Workspaces.create_member(workspace_owner, workspace, user_data)
|
||||
role_name = "developer"
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Workspaces.update_member(random_user, workspace, member, role_name)
|
||||
|
||||
|
||||
def test_owner_can_view_workspace_members(workspace, workspace_owner):
|
||||
workspace_owner = UserFactory.create()
|
||||
workspace = Workspaces.create_from_request(
|
||||
RequestFactory.create(creator=workspace_owner)
|
||||
)
|
||||
workspace = Workspaces.get_with_members(workspace_owner, workspace.id)
|
||||
|
||||
assert workspace
|
||||
|
||||
|
||||
def test_ccpo_can_view_workspace_members(workspace, workspace_owner):
|
||||
ccpo = UserFactory.from_atat_role("ccpo")
|
||||
assert Workspaces.get_with_members(ccpo, workspace.id)
|
||||
|
||||
|
||||
def test_random_user_cannot_view_workspace_members(workspace):
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
|
||||
with pytest.raises(UnauthorizedError):
|
||||
workspace = Workspaces.get_with_members(developer, workspace.id)
|
||||
|
||||
|
||||
def test_scoped_workspace_only_returns_a_users_applications_and_environments(
|
||||
workspace, workspace_owner
|
||||
):
|
||||
new_application = Applications.create(
|
||||
workspace_owner,
|
||||
workspace,
|
||||
"My Application",
|
||||
"My application",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
Applications.create(
|
||||
workspace_owner,
|
||||
workspace,
|
||||
"My Application 2",
|
||||
"My application 2",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
developer = UserFactory.from_atat_role("developer")
|
||||
dev_environment = Environments.add_member(
|
||||
new_application.environments[0], developer, "developer"
|
||||
)
|
||||
|
||||
scoped_workspace = Workspaces.get(developer, workspace.id)
|
||||
|
||||
# Should only return the application and environment in which the user has an
|
||||
# environment role.
|
||||
assert scoped_workspace.applications == [new_application]
|
||||
assert scoped_workspace.applications[0].environments == [dev_environment]
|
||||
|
||||
|
||||
def test_scoped_workspace_returns_all_applications_for_workspace_admin(
|
||||
workspace, workspace_owner
|
||||
):
|
||||
for _ in range(5):
|
||||
Applications.create(
|
||||
workspace_owner,
|
||||
workspace,
|
||||
"My Application",
|
||||
"My application",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
|
||||
admin = UserFactory.from_atat_role("default")
|
||||
Workspaces._create_workspace_role(
|
||||
admin, workspace, "admin", status=WorkspaceRoleStatus.ACTIVE
|
||||
)
|
||||
scoped_workspace = Workspaces.get(admin, workspace.id)
|
||||
|
||||
assert len(scoped_workspace.applications) == 5
|
||||
assert len(scoped_workspace.applications[0].environments) == 3
|
||||
|
||||
|
||||
def test_scoped_workspace_returns_all_applications_for_workspace_owner(
|
||||
workspace, workspace_owner
|
||||
):
|
||||
for _ in range(5):
|
||||
Applications.create(
|
||||
workspace_owner,
|
||||
workspace,
|
||||
"My Application",
|
||||
"My application",
|
||||
["dev", "staging", "prod"],
|
||||
)
|
||||
|
||||
scoped_workspace = Workspaces.get(workspace_owner, workspace.id)
|
||||
|
||||
assert len(scoped_workspace.applications) == 5
|
||||
assert len(scoped_workspace.applications[0].environments) == 3
|
||||
|
||||
|
||||
def test_for_user_returns_active_workspaces_for_user(workspace, workspace_owner):
|
||||
bob = UserFactory.from_atat_role("default")
|
||||
WorkspaceRoleFactory.create(
|
||||
user=bob, workspace=workspace, status=WorkspaceRoleStatus.ACTIVE
|
||||
)
|
||||
Workspaces.create_from_request(RequestFactory.create())
|
||||
|
||||
bobs_workspaces = Workspaces.for_user(bob)
|
||||
|
||||
assert len(bobs_workspaces) == 1
|
||||
|
||||
|
||||
def test_for_user_does_not_return_inactive_workspaces(workspace, workspace_owner):
|
||||
bob = UserFactory.from_atat_role("default")
|
||||
Workspaces.add_member(workspace, bob, "developer")
|
||||
Workspaces.create_from_request(RequestFactory.create())
|
||||
bobs_workspaces = Workspaces.for_user(bob)
|
||||
|
||||
assert len(bobs_workspaces) == 0
|
||||
|
||||
|
||||
def test_for_user_returns_all_workspaces_for_ccpo(workspace, workspace_owner):
|
||||
sam = UserFactory.from_atat_role("ccpo")
|
||||
Workspaces.create_from_request(RequestFactory.create())
|
||||
|
||||
sams_workspaces = Workspaces.for_user(sam)
|
||||
assert len(sams_workspaces) == 2
|
||||
|
||||
|
||||
def test_get_for_update_information():
|
||||
workspace_owner = UserFactory.create()
|
||||
workspace = Workspaces.create_from_request(
|
||||
RequestFactory.create(creator=workspace_owner)
|
||||
)
|
||||
owner_ws = Workspaces.get_for_update_information(workspace_owner, workspace.id)
|
||||
assert workspace == owner_ws
|
||||
|
||||
admin = UserFactory.create()
|
||||
Workspaces._create_workspace_role(
|
||||
admin, workspace, "admin", status=WorkspaceRoleStatus.ACTIVE
|
||||
)
|
||||
admin_ws = Workspaces.get_for_update_information(admin, workspace.id)
|
||||
assert workspace == admin_ws
|
||||
|
||||
ccpo = UserFactory.from_atat_role("ccpo")
|
||||
with pytest.raises(UnauthorizedError):
|
||||
Workspaces.get_for_update_information(ccpo, workspace.id)
|
||||
|
||||
|
||||
def test_can_create_workspaces_with_matching_names():
|
||||
workspace_name = "Great Workspace"
|
||||
Workspaces.create_from_request(RequestFactory.create(), name=workspace_name)
|
||||
Workspaces.create_from_request(RequestFactory.create(), name=workspace_name)
|
||||
|
||||
|
||||
def test_able_to_revoke_workspace_access_for_active_member():
|
||||
workspace = WorkspaceFactory.create()
|
||||
workspace_role = WorkspaceRoleFactory.create(
|
||||
workspace=workspace, status=WorkspaceRoleStatus.ACTIVE
|
||||
)
|
||||
Workspaces.revoke_access(workspace.owner, workspace.id, workspace_role.id)
|
||||
assert Workspaces.for_user(workspace_role.user) == []
|
||||
|
||||
|
||||
def test_can_revoke_access():
|
||||
workspace = WorkspaceFactory.create()
|
||||
owner_role = workspace.roles[0]
|
||||
workspace_role = WorkspaceRoleFactory.create(
|
||||
workspace=workspace, status=WorkspaceRoleStatus.ACTIVE
|
||||
)
|
||||
|
||||
assert Workspaces.can_revoke_access_for(workspace, workspace_role)
|
||||
assert not Workspaces.can_revoke_access_for(workspace, owner_role)
|
||||
|
||||
|
||||
def test_unable_to_revoke_owner_workspace_access():
|
||||
workspace = WorkspaceFactory.create()
|
||||
owner_workspace_role = workspace.roles[0]
|
||||
|
||||
with pytest.raises(WorkspaceError):
|
||||
Workspaces.revoke_access(workspace.owner, workspace.id, owner_workspace_role.id)
|
||||
|
||||
|
||||
def test_disabled_members_dont_show_up(session):
|
||||
workspace = WorkspaceFactory.create()
|
||||
WorkspaceRoleFactory.create(workspace=workspace, status=WorkspaceRoleStatus.ACTIVE)
|
||||
WorkspaceRoleFactory.create(
|
||||
workspace=workspace, status=WorkspaceRoleStatus.DISABLED
|
||||
)
|
||||
|
||||
# should only return workspace owner and ACTIVE member
|
||||
assert len(workspace.members) == 2
|
||||
|
||||
|
||||
def test_does_not_count_disabled_members(session):
|
||||
workspace = WorkspaceFactory.create()
|
||||
WorkspaceRoleFactory.create(workspace=workspace, status=WorkspaceRoleStatus.ACTIVE)
|
||||
WorkspaceRoleFactory.create(workspace=workspace)
|
||||
WorkspaceRoleFactory.create(
|
||||
workspace=workspace, status=WorkspaceRoleStatus.DISABLED
|
||||
)
|
||||
|
||||
assert workspace.user_count == 3
|
||||
Reference in New Issue
Block a user