Make user_id required and add post tests

- raise an exception in ApplicationRoles.get() - permission_sets is not changed if bad data is sent
2019-05-07 10:23:58 -04:00
parent 09c0bed47d
commit d5307b440f
5 changed files with 102 additions and 10 deletions
--- a/atst/domain/application_roles.py
+++ b/atst/domain/application_roles.py
@@ -1,6 +1,9 @@
+from sqlalchemy.orm.exc import NoResultFound
+
 from atst.database import db
 from atst.models import ApplicationRole, ApplicationRoleStatus
-from atst.domain.permission_sets import PermissionSets
+from .permission_sets import PermissionSets
+from .exceptions import NotFoundError


 class ApplicationRoles(object):
@@ -31,13 +34,16 @@ class ApplicationRoles(object):

    @classmethod
    def get(cls, user_id, application_id):
-        existing_app_role = (
-            db.session.query(ApplicationRole)
-            .filter_by(user_id=user_id, application_id=application_id)
-            .one_or_none()
-        )
+        try:
+            app_role = (
+                db.session.query(ApplicationRole)
+                .filter_by(user_id=user_id, application_id=application_id)
+                .one()
+            )
+        except NoResultFound:
+            raise NotFoundError("application_role")

-        return existing_app_role
+        return app_role

    @classmethod
    def update_permission_sets(cls, application_role, new_perm_sets_names):
--- a/atst/forms/team.py
+++ b/atst/forms/team.py
@@ -1,5 +1,6 @@
 from flask_wtf import FlaskForm
 from wtforms.fields import FormField, FieldList, HiddenField, StringField
+from wtforms.validators import Required

 from .application_member import EnvironmentForm
 from .forms import BaseForm
@@ -43,7 +44,7 @@ class PermissionsForm(FlaskForm):


 class MemberForm(FlaskForm):
-    user_id = HiddenField()
+    user_id = HiddenField(validators=[Required()])
    user_name = StringField()
    environment_roles = FieldList(FormField(EnvironmentForm))
    permission_sets = FormField(PermissionsForm)
--- a/atst/routes/applications/team.py
+++ b/atst/routes/applications/team.py
@@ -104,7 +104,6 @@ def update_team(application_id):
    form = TeamForm(http_request.form)

    if form.validate():
-        # TODO check that all users coming through are app members
        for member in form.members:
            app_role = ApplicationRoles.get(member.data["user_id"], application.id)
            new_perms = [