pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

workspace -> portfolio everywhere

Browse Source
This commit is contained in:
dandds
2019-01-11 09:58:00 -05:00
parent 3fc323d785
commit d3d36822df
122 changed files with 2156 additions and 2129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
tests/routes/portfolios/test_applications.py Normal file
View File

@@ -0,0 +1,227 @@
from flask import url_for
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
EnvironmentRoleFactory,
EnvironmentFactory,
ApplicationFactory,
)
from atst.domain.applications import Applications
from atst.domain.portfolios import Portfolios
from atst.domain.roles import Roles
from atst.models.portfolio_role import Status as PortfolioRoleStatus
def test_user_with_permission_has_budget_report_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/reports"'.format(portfolio.id).encode() in response.data
)
def test_user_without_permission_has_no_budget_report_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(
user, portfolio, "developer", status=PortfolioRoleStatus.ACTIVE
)
user_session(user)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/reports"'.format(portfolio.id).encode()
not in response.data
)
def test_user_with_permission_has_activity_log_link(client, user_session):
portfolio = PortfolioFactory.create()
ccpo = UserFactory.from_atat_role("ccpo")
admin = UserFactory.create()
PortfolioRoleFactory.create(
portfolio=portfolio,
user=admin,
role=Roles.get("admin"),
status=PortfolioRoleStatus.ACTIVE,
)
user_session(portfolio.owner)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/activity"'.format(portfolio.id).encode() in response.data
)
# logs out previous user before creating a new session
user_session(admin)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/activity"'.format(portfolio.id).encode() in response.data
)
user_session(ccpo)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/activity"'.format(portfolio.id).encode() in response.data
)
def test_user_without_permission_has_no_activity_log_link(client, user_session):
portfolio = PortfolioFactory.create()
developer = UserFactory.create()
PortfolioRoleFactory.create(
portfolio=portfolio,
user=developer,
role=Roles.get("developer"),
status=PortfolioRoleStatus.ACTIVE,
)
user_session(developer)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/activity"'.format(portfolio.id).encode()
not in response.data
)
def test_user_with_permission_has_add_application_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/applications/new"'.format(portfolio.id).encode()
in response.data
)
def test_user_without_permission_has_no_add_application_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(user, portfolio, "developer")
user_session(user)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert (
'href="/portfolios/{}/applications/new"'.format(portfolio.id).encode()
not in response.data
)
def test_view_edit_application(client, user_session):
portfolio = PortfolioFactory.create()
application = Applications.create(
portfolio.owner,
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1", "env2"},
)
user_session(portfolio.owner)
response = client.get(
"/portfolios/{}/applications/{}/edit".format(portfolio.id, application.id)
)
assert response.status_code == 200
def test_user_with_permission_can_update_application(client, user_session):
owner = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner,
applications=[
{
"name": "Awesome Application",
"description": "It's really awesome!",
"environments": [{"name": "dev"}, {"name": "prod"}],
}
],
)
application = portfolio.applications[0]
user_session(owner)
response = client.post(
url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=application.id,
),
data={
"name": "Really Cool Application",
"description": "A very cool application.",
},
follow_redirects=True,
)
assert response.status_code == 200
assert application.name == "Really Cool Application"
assert application.description == "A very cool application."
def test_user_without_permission_cannot_update_application(client, user_session):
dev = UserFactory.create()
owner = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner,
members=[{"user": dev, "role_name": "developer"}],
applications=[
{
"name": "Great Application",
"description": "Cool stuff happening here!",
"environments": [{"name": "dev"}, {"name": "prod"}],
}
],
)
application = portfolio.applications[0]
user_session(dev)
response = client.post(
url_for(
"portfolios.update_application",
portfolio_id=portfolio.id,
application_id=application.id,
),
data={"name": "New Name", "description": "A new description."},
follow_redirects=True,
)
assert response.status_code == 404
assert application.name == "Great Application"
assert application.description == "Cool stuff happening here!"
def create_environment(user):
portfolio = PortfolioFactory.create()
portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio, user=user)
application = ApplicationFactory.create(portfolio=portfolio)
return EnvironmentFactory.create(application=application, name="new environment!")
def test_environment_access_with_env_role(client, user_session):
user = UserFactory.create()
environment = create_environment(user)
env_role = EnvironmentRoleFactory.create(
user=user, environment=environment, role="developer"
)
user_session(user)
response = client.get(
url_for(
"portfolios.access_environment",
portfolio_id=environment.portfolio.id,
environment_id=environment.id,
)
)
assert response.status_code == 302
assert "csp-environment-access" in response.location
def test_environment_access_with_no_role(client, user_session):
user = UserFactory.create()
environment = create_environment(user)
user_session(user)
response = client.get(
url_for(
"portfolios.access_environment",
portfolio_id=environment.portfolio.id,
environment_id=environment.id,
)
)
assert response.status_code == 404

251
tests/routes/portfolios/test_invitations.py Normal file
View File

@@ -0,0 +1,251 @@
import datetime
from flask import url_for
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
InvitationFactory,
TaskOrderFactory,
)
from atst.domain.portfolios import Portfolios
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from atst.models.invitation import Status as InvitationStatus
from atst.domain.users import Users
def test_existing_member_accepts_valid_invite(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
ws_role = PortfolioRoleFactory.create(
portfolio=portfolio, user=user, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(user_id=user.id, portfolio_role=ws_role)
# the user does not have access to the portfolio before accepting the invite
assert len(Portfolios.for_user(user)) == 0
user_session(user)
response = client.get(url_for("portfolios.accept_invitation", token=invite.token))
# user is redirected to the portfolio view
assert response.status_code == 302
assert (
url_for("portfolios.show_portfolio", portfolio_id=invite.portfolio.id)
in response.headers["Location"]
)
# the one-time use invite is no longer usable
assert invite.is_accepted
# the user has access to the portfolio
assert len(Portfolios.for_user(user)) == 1
def test_new_member_accepts_valid_invite(monkeypatch, client, user_session):
portfolio = PortfolioFactory.create()
user_info = UserFactory.dictionary()
user_session(portfolio.owner)
client.post(
url_for("portfolios.create_member", portfolio_id=portfolio.id),
data={"portfolio_role": "developer", **user_info},
)
user = Users.get_by_dod_id(user_info["dod_id"])
token = user.invitations[0].token
monkeypatch.setattr(
"atst.domain.auth.should_redirect_to_user_profile", lambda *args: False
)
user_session(user)
response = client.get(url_for("portfolios.accept_invitation", token=token))
# user is redirected to the portfolio view
assert response.status_code == 302
assert (
url_for("portfolios.show_portfolio", portfolio_id=portfolio.id)
in response.headers["Location"]
)
# the user has access to the portfolio
assert len(Portfolios.for_user(user)) == 1
def test_member_accepts_invalid_invite(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
ws_role = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(
user_id=user.id,
portfolio_role=ws_role,
status=InvitationStatus.REJECTED_WRONG_USER,
)
user_session(user)
response = client.get(url_for("portfolios.accept_invitation", token=invite.token))
assert response.status_code == 404
def test_user_who_has_not_accepted_portfolio_invite_cannot_view(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
# create user in portfolio with invitation
user_session(portfolio.owner)
response = client.post(
url_for("portfolios.create_member", portfolio_id=portfolio.id),
data={"portfolio_role": "developer", **user.to_dictionary()},
)
# user tries to view portfolio before accepting invitation
user_session(user)
response = client.get("/portfolios/{}/applications".format(portfolio.id))
assert response.status_code == 404
def test_user_accepts_invite_with_wrong_dod_id(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
different_user = UserFactory.create()
ws_role = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(user_id=user.id, portfolio_role=ws_role)
user_session(different_user)
response = client.get(url_for("portfolios.accept_invitation", token=invite.token))
assert response.status_code == 404
def test_user_accepts_expired_invite(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
ws_role = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(
user_id=user.id,
portfolio_role=ws_role,
status=InvitationStatus.REJECTED_EXPIRED,
expiration_time=datetime.datetime.now() - datetime.timedelta(seconds=1),
)
user_session(user)
response = client.get(url_for("portfolios.accept_invitation", token=invite.token))
assert response.status_code == 404
def test_revoke_invitation(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
ws_role = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(
user_id=user.id,
portfolio_role=ws_role,
status=InvitationStatus.REJECTED_EXPIRED,
expiration_time=datetime.datetime.now() - datetime.timedelta(seconds=1),
)
user_session(portfolio.owner)
response = client.post(
url_for(
"portfolios.revoke_invitation",
portfolio_id=portfolio.id,
token=invite.token,
)
)
assert response.status_code == 302
assert invite.is_revoked
def test_resend_invitation_sends_email(client, user_session, queue):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
ws_role = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(
user_id=user.id, portfolio_role=ws_role, status=InvitationStatus.PENDING
)
user_session(portfolio.owner)
client.post(
url_for(
"portfolios.resend_invitation",
portfolio_id=portfolio.id,
token=invite.token,
)
)
assert len(queue.get_queue()) == 1
def test_existing_member_invite_resent_to_email_submitted_in_form(
client, user_session, queue
):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
ws_role = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=PortfolioRoleStatus.PENDING
)
invite = InvitationFactory.create(
user_id=user.id,
portfolio_role=ws_role,
status=InvitationStatus.PENDING,
email="example@example.com",
)
user_session(portfolio.owner)
client.post(
url_for(
"portfolios.resend_invitation",
portfolio_id=portfolio.id,
token=invite.token,
)
)
send_mail_job = queue.get_queue().jobs[0]
assert user.email != "example@example.com"
assert send_mail_job.func.__func__.__name__ == "_send_mail"
assert send_mail_job.args[0] == ["example@example.com"]
def test_task_order_officer_accepts_invite(monkeypatch, client, user_session):
portfolio = PortfolioFactory.create()
task_order = TaskOrderFactory.create(portfolio=portfolio)
user_info = UserFactory.dictionary()
# create contracting officer
user_session(portfolio.owner)
client.post(
url_for("task_orders.new", screen=3, task_order_id=task_order.id),
data={
"portfolio_role": "contracting_officer",
"ko_first_name": user_info["first_name"],
"ko_last_name": user_info["last_name"],
"ko_email": user_info["email"],
"ko_phone_number": user_info["phone_number"],
"ko_dod_id": user_info["dod_id"],
"cor_phone_number": user_info["phone_number"],
"so_phone_number": user_info["phone_number"],
"so_dod_id": task_order.so_dod_id,
"cor_dod_id": task_order.cor_dod_id,
"ko_invite": True,
},
)
# contracting officer accepts invitation
user = Users.get_by_dod_id(user_info["dod_id"])
token = user.invitations[0].token
monkeypatch.setattr(
"atst.domain.auth.should_redirect_to_user_profile", lambda *args: False
)
user_session(user)
response = client.get(url_for("portfolios.accept_invitation", token=token))
# user is redirected to the task order review page
assert response.status_code == 302
to_review_url = url_for(
"task_orders.new", screen=4, task_order_id=task_order.id, _external=True
)
assert response.headers["Location"] == to_review_url

312
tests/routes/portfolios/test_members.py Normal file
View File

@@ -0,0 +1,312 @@
from flask import url_for
from tests.factories import (
UserFactory,
PortfolioFactory,
PortfolioRoleFactory,
InvitationFactory,
)
from atst.domain.portfolios import Portfolios
from atst.domain.portfolio_roles import PortfolioRoles
from atst.domain.applications import Applications
from atst.domain.environments import Environments
from atst.domain.environment_roles import EnvironmentRoles
from atst.queue import queue
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from atst.models.invitation import Status as InvitationStatus
def create_portfolio_and_invite_user(
ws_role="developer",
ws_status=PortfolioRoleStatus.PENDING,
invite_status=InvitationStatus.PENDING,
):
portfolio = PortfolioFactory.create()
if ws_role != "owner":
user = UserFactory.create()
member = PortfolioRoleFactory.create(
user=user, portfolio=portfolio, status=ws_status
)
InvitationFactory.create(
user=portfolio.owner,
portfolio_role=member,
email=member.user.email,
status=invite_status,
)
return portfolio
def test_user_with_permission_has_add_member_link(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get("/portfolios/{}/members".format(portfolio.id))
assert (
'href="/portfolios/{}/members/new"'.format(portfolio.id).encode()
in response.data
)
def test_user_without_permission_has_no_add_member_link(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(user, portfolio, "developer")
user_session(user)
response = client.get("/portfolios/{}/members".format(portfolio.id))
assert (
'href="/portfolios/{}/members/new"'.format(portfolio.id).encode()
not in response.data
)
def test_permissions_for_view_member(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(user, portfolio, "developer")
member = PortfolioRoles.add(user, portfolio.id, "developer")
user_session(user)
response = client.get(
url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id)
)
assert response.status_code == 404
def test_create_member(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
queue_length = len(queue.get_queue())
response = client.post(
url_for("portfolios.create_member", portfolio_id=portfolio.id),
data={
"dod_id": user.dod_id,
"first_name": "Wilbur",
"last_name": "Zuckerman",
"email": "some_pig@zuckermans.com",
"portfolio_role": "developer",
},
follow_redirects=True,
)
assert response.status_code == 200
assert user.has_portfolios
assert user.invitations
assert len(queue.get_queue()) == queue_length + 1
def test_view_member_shows_role(client, user_session):
user = UserFactory.create()
portfolio = PortfolioFactory.create()
Portfolios._create_portfolio_role(user, portfolio, "developer")
member = PortfolioRoles.add(user, portfolio.id, "developer")
user_session(portfolio.owner)
response = client.get(
url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id)
)
assert response.status_code == 200
assert "initial-choice='developer'".encode() in response.data
def test_update_member_portfolio_role(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
member = PortfolioRoles.add(user, portfolio.id, "developer")
user_session(portfolio.owner)
response = client.post(
url_for(
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
),
data={"portfolio_role": "security_auditor"},
follow_redirects=True,
)
assert response.status_code == 200
assert b"role updated successfully" in response.data
assert member.role_name == "security_auditor"
def test_update_member_portfolio_role_with_no_data(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
member = PortfolioRoles.add(user, portfolio.id, "developer")
user_session(portfolio.owner)
response = client.post(
url_for(
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
),
data={},
follow_redirects=True,
)
assert response.status_code == 200
assert member.role_name == "developer"
def test_update_member_environment_role(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
member = PortfolioRoles.add(user, portfolio.id, "developer")
application = Applications.create(
portfolio.owner,
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1", "env2"},
)
env1_id = application.environments[0].id
env2_id = application.environments[1].id
for env in application.environments:
Environments.add_member(env, user, "developer")
user_session(portfolio.owner)
response = client.post(
url_for(
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
),
data={
"portfolio_role": "developer",
"env_" + str(env1_id): "security_auditor",
"env_" + str(env2_id): "devops",
},
follow_redirects=True,
)
assert response.status_code == 200
assert b"role updated successfully" not in response.data
assert b"access successfully changed" in response.data
assert EnvironmentRoles.get(user.id, env1_id).role == "security_auditor"
assert EnvironmentRoles.get(user.id, env2_id).role == "devops"
def test_update_member_environment_role_with_no_data(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
member = PortfolioRoles.add(user, portfolio.id, "developer")
application = Applications.create(
portfolio.owner,
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1"},
)
env1_id = application.environments[0].id
for env in application.environments:
Environments.add_member(env, user, "developer")
user_session(portfolio.owner)
response = client.post(
url_for(
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
),
data={"env_" + str(env1_id): None, "env_" + str(env1_id): ""},
follow_redirects=True,
)
assert response.status_code == 200
assert b"access successfully changed" not in response.data
assert EnvironmentRoles.get(user.id, env1_id).role == "developer"
def test_revoke_active_member_access(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
member = PortfolioRoleFactory.create(
portfolio=portfolio, user=user, status=PortfolioRoleStatus.ACTIVE
)
Applications.create(
portfolio.owner,
portfolio,
"Snazzy Application",
"A new application for me and my friends",
{"env1"},
)
user_session(portfolio.owner)
response = client.post(
url_for(
"portfolios.revoke_access", portfolio_id=portfolio.id, member_id=member.id
)
)
assert response.status_code == 302
assert PortfolioRoles.get_by_id(member.id).num_environment_roles == 0
def test_does_not_show_any_buttons_if_owner(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.get(
url_for(
"portfolios.view_member",
portfolio_id=portfolio.id,
member_id=portfolio.owner.id,
)
)
assert "Remove Portfolio Access" not in response.data.decode()
assert "Resend Invitation" not in response.data.decode()
assert "Revoke Invitation" not in response.data.decode()
def test_only_shows_revoke_access_button_if_active(client, user_session):
portfolio = create_portfolio_and_invite_user(
ws_status=PortfolioRoleStatus.ACTIVE, invite_status=InvitationStatus.ACCEPTED
)
user_session(portfolio.owner)
member = portfolio.members[1]
response = client.get(
url_for(
"portfolios.view_member",
portfolio_id=portfolio.id,
member_id=member.user.id,
)
)
assert "Remove Portfolio Access" in response.data.decode()
assert "Revoke Invitation" not in response.data.decode()
assert "Resend Invitation" not in response.data.decode()
def test_only_shows_revoke_invite_button_if_pending(client, user_session):
portfolio = create_portfolio_and_invite_user(
ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.PENDING
)
user_session(portfolio.owner)
member = portfolio.members[1]
response = client.get(
url_for(
"portfolios.view_member",
portfolio_id=portfolio.id,
member_id=member.user.id,
)
)
assert "Revoke Invitation" in response.data.decode()
assert "Remove Portfolio Access" not in response.data.decode()
assert "Resend Invitation" not in response.data.decode()
def test_only_shows_resend_button_if_expired(client, user_session):
portfolio = create_portfolio_and_invite_user(
ws_status=PortfolioRoleStatus.PENDING,
invite_status=InvitationStatus.REJECTED_EXPIRED,
)
user_session(portfolio.owner)
member = portfolio.members[1]
response = client.get(
url_for(
"portfolios.view_member",
portfolio_id=portfolio.id,
member_id=member.user.id,
)
)
assert "Resend Invitation" in response.data.decode()
assert "Revoke Invitation" not in response.data.decode()
assert "Remove Portfolio Access" not in response.data.decode()
def test_only_shows_resend_button_if_revoked(client, user_session):
portfolio = create_portfolio_and_invite_user(
ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.REVOKED
)
user_session(portfolio.owner)
member = portfolio.members[1]
response = client.get(
url_for(
"portfolios.view_member",
portfolio_id=portfolio.id,
member_id=member.user.id,
)
)
assert "Resend Invitation" in response.data.decode()
assert "Remove Portfolio Access" not in response.data.decode()
assert "Revoke Invitation" not in response.data.decode()

15
tests/routes/portfolios/test_portfolios_index.py Normal file
View File

@@ -0,0 +1,15 @@
from flask import url_for
from tests.factories import PortfolioFactory
def test_update_portfolio_name(client, user_session):
portfolio = PortfolioFactory.create()
user_session(portfolio.owner)
response = client.post(
url_for("portfolios.edit_portfolio", portfolio_id=portfolio.id),
data={"name": "a cool new name"},
follow_redirects=True,
)
assert response.status_code == 200
assert portfolio.name == "a cool new name"