Change how env_roles are updated

This change makes it so that when an env_role is updated to be None, the role property on the env_role is changed to be None in addition to being marked as deleted. This also adds in a check so that previously deleted env_roles cannot be reassigned a role.
2019-10-25 10:40:38 -04:00 · 2019-10-25 10:40:38 -04:00 · d40c11a8f6
commit d40c11a8f6
parent 3a1a996469
4 changed files with 53 additions and 14 deletions
--- a/atst/domain/environment_roles.py
+++ b/atst/domain/environment_roles.py
@ -114,3 +114,15 @@ class EnvironmentRoles(object):
        db.session.commit()

        return environment_role
+
+    @classmethod
+    def get_for_update(cls, application_role_id, environment_id):
+        existing_env_role = (
+            db.session.query(EnvironmentRole)
+            .filter(
+                EnvironmentRole.application_role_id == application_role_id,
+                EnvironmentRole.environment_id == environment_id,
+            )
+            .one_or_none()
+        )
+        return existing_env_role
--- a/atst/domain/environments.py
+++ b/atst/domain/environments.py
@ -52,11 +52,8 @@ class Environments(object):
    def update_env_role(cls, environment, application_role, new_role):
        updated = False

-        if new_role is None:
-            updated = EnvironmentRoles.delete(application_role.id, environment.id)
-        else:
-            env_role = EnvironmentRoles.get(application_role.id, environment.id)
-            if env_role and env_role.role != new_role:
+        env_role = EnvironmentRoles.get_for_update(application_role.id, environment.id)
+        if env_role and env_role.role != new_role and not env_role.deleted:
            env_role.role = new_role
            updated = True
            db.session.add(env_role)
@ -69,6 +66,9 @@ class Environments(object):
            updated = True
            db.session.add(env_role)

+        if new_role is None:
+            updated = EnvironmentRoles.delete(application_role.id, environment.id)
+
        if updated:
            db.session.commit()

--- a/tests/domain/test_environment_roles.py
+++ b/tests/domain/test_environment_roles.py
@ -91,3 +91,14 @@ def test_disable_completed(application_role, environment):
    environment_role = EnvironmentRoles.disable(environment_role.id)

    assert environment_role.status == EnvironmentRole.Status.DISABLED
+
+
+def test_get_for_update():
+    app_role = ApplicationRoleFactory.create()
+    env = EnvironmentFactory.create(application=app_role.application)
+    EnvironmentRoleFactory.create(application_role=app_role, environment=env, deleted=True)
+    role = EnvironmentRoles.get_for_update(app_role.id, env.id)
+    assert role
+    assert role.application_role == app_role
+    assert role.environment == env
+    assert role.deleted
--- a/tests/domain/test_environments.py
+++ b/tests/domain/test_environments.py
@ -45,6 +45,9 @@ def test_update_env_role_no_access():
    assert not EnvironmentRoles.get(
        env_role.application_role.id, env_role.environment.id
    )
+    assert env_role.role is None
+    assert env_role.deleted
+    assert env_role.status == EnvironmentRole.Status.DISABLED


 def test_update_env_role_no_change():
@ -56,6 +59,19 @@ def test_update_env_role_no_change():
    )


+def test_update_env_role_deleted_role():
+    env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
+    Environments.update_env_role(
+        env_role.environment, env_role.application_role, None
+    )
+    assert not Environments.update_env_role(
+        env_role.environment, env_role.application_role, CSPRole.TECHNICAL_READ.value
+    )
+    assert env_role.role is None
+    assert env_role.deleted
+    assert env_role.status == EnvironmentRole.Status.DISABLED
+
+
 def test_get_excludes_deleted():
    env = EnvironmentFactory.create(
        deleted=True, application=ApplicationFactory.create()