From f573181154f27599a31fb9bbd8fefd98ca259ffd Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Tue, 17 Jul 2018 13:56:36 -0400
Subject: [PATCH 1/5] login-dev endpoint accepts role query arg

---
 atst/handlers/dev.py     | 21 ++++++++++++++++-----
 templates/header.html.to |  2 +-
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/atst/handlers/dev.py b/atst/handlers/dev.py
index 38c71419..bfb5684e 100644
--- a/atst/handlers/dev.py
+++ b/atst/handlers/dev.py
@@ -2,8 +2,22 @@ import tornado.gen
 
 from atst.handler import BaseHandler
 
+_DEV_USERS = {
+    "ccpo": {
+        "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
+        "first_name": "Sam",
+        "last_name": "CCPO",
+    },
+    "owner": {
+        "id": "cce17030-4109-4719-b958-ed109dbb87c8",
+        "first_name": "Olivia",
+        "last_name": "Owner",
+    },
+}
+
 
 class Dev(BaseHandler):
+
     def initialize(self, action, sessions, authz_client):
         self.action = action
         self.sessions = sessions
@@ -11,9 +25,6 @@ class Dev(BaseHandler):
 
     @tornado.gen.coroutine
     def get(self):
-        user = {
-            "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
-            "first_name": "Test",
-            "last_name": "User",
-        }
+        role = self.get_argument("role", "ccpo")
+        user = _DEV_USERS[role]
         yield self.login(user)
diff --git a/templates/header.html.to b/templates/header.html.to
index 48ec82e8..f14f4337 100644
--- a/templates/header.html.to
+++ b/templates/header.html.to
@@ -5,7 +5,7 @@
     </a>
 
     <a href="/" class="topbar__link topbar__link--secondary">
-      <span>Tech Lead</span>
+      <span>{{ current_user["atat_role"] }}</span>
     </a>
   </nav>
 </header>

From 45588e0ec752acaf9a68297ec74a7f55204b548c Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Tue, 17 Jul 2018 14:34:24 -0400
Subject: [PATCH 2/5] account for null current_user in testing

---
 templates/header.html.to | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/header.html.to b/templates/header.html.to
index f14f4337..35feff12 100644
--- a/templates/header.html.to
+++ b/templates/header.html.to
@@ -5,7 +5,7 @@
     </a>
 
     <a href="/" class="topbar__link topbar__link--secondary">
-      <span>{{ current_user["atat_role"] }}</span>
+      <span>{{ current_user.get("atat_role") }}</span>
     </a>
   </nav>
 </header>

From ac150d1af398d609201ca6a9c43c3e1a93544256 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Wed, 18 Jul 2018 09:51:20 -0400
Subject: [PATCH 3/5] add atat_role to user session data

---
 atst/handler.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/atst/handler.py b/atst/handler.py
index 5543a43a..485873c0 100644
--- a/atst/handler.py
+++ b/atst/handler.py
@@ -15,7 +15,9 @@ class BaseHandler(tornado.web.RequestHandler):
 
     @tornado.gen.coroutine
     def login(self, user):
-        user["atat_permissions"] = yield self._get_user_permissions(user["id"])
+        user_permissions = yield self._get_user_permissions(user["id"])
+        user["atat_permissions"] = user_permissions["atat_permissions"]
+        user["atat_role"] = user_permissions["atat_role"]
         session_id = self.sessions.start_session(user)
         self.set_secure_cookie("atat", session_id)
         return self.redirect("/home")
@@ -25,7 +27,7 @@ class BaseHandler(tornado.web.RequestHandler):
         response = yield self.authz_client.post(
             "/users", json={"id": user_id, "atat_role": "ccpo"}
         )
-        return response.json["atat_permissions"]
+        return response.json
 
     def get_current_user(self):
         cookie = self.get_secure_cookie("atat")

From 0c0aa444687f89ec6d073b1c3caff2bc66712972 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Wed, 18 Jul 2018 10:44:42 -0400
Subject: [PATCH 4/5] get user perms or create them on login

---
 atst/handler.py | 13 ++++++--
 tests/mocks.py  | 85 ++++++++++++++++++++++++++-----------------------
 2 files changed, 56 insertions(+), 42 deletions(-)

diff --git a/atst/handler.py b/atst/handler.py
index 485873c0..3766aa95 100644
--- a/atst/handler.py
+++ b/atst/handler.py
@@ -24,10 +24,17 @@ class BaseHandler(tornado.web.RequestHandler):
 
     @tornado.gen.coroutine
     def _get_user_permissions(self, user_id):
-        response = yield self.authz_client.post(
-            "/users", json={"id": user_id, "atat_role": "ccpo"}
+        response = yield self.authz_client.get(
+            "/users/{}".format(user_id), raise_error=False
         )
-        return response.json
+        if response.code == 404:
+            response = yield self.authz_client.post(
+                "/users", json={"id": user_id, "atat_role": "developer"}
+            )
+            return response.json
+
+        else:
+            return response.json
 
     def get_current_user(self):
         cookie = self.get_secure_cookie("atat")
diff --git a/tests/mocks.py b/tests/mocks.py
index b916d677..2b91e25f 100644
--- a/tests/mocks.py
+++ b/tests/mocks.py
@@ -5,6 +5,7 @@ from atst.api_client import ApiClient
 
 
 class MockApiClient(ApiClient):
+
     def __init__(self, service):
         self.service = service
 
@@ -43,6 +44,7 @@ class MockApiClient(ApiClient):
 
 
 class MockRequestsClient(MockApiClient):
+
     @tornado.gen.coroutine
     def get(self, path, **kwargs):
         json = {
@@ -64,44 +66,49 @@ class MockRequestsClient(MockApiClient):
 
 
 class MockAuthzClient(MockApiClient):
+    _json = {
+        "atat_permissions": [
+            "view_original_jedi_request",
+            "review_and_approve_jedi_workspace_request",
+            "modify_atat_role_permissions",
+            "create_csp_role",
+            "delete_csp_role",
+            "deactivate_csp_role",
+            "modify_csp_role_permissions",
+            "view_usage_report",
+            "view_usage_dollars",
+            "add_and_assign_csp_roles",
+            "remove_csp_roles",
+            "request_new_csp_role",
+            "assign_and_unassign_atat_role",
+            "view_assigned_atat_role_configurations",
+            "view_assigned_csp_role_configurations",
+            "deactivate_workspace",
+            "view_atat_permissions",
+            "transfer_ownership_of_workspace",
+            "add_application_in_workspace",
+            "delete_application_in_workspace",
+            "deactivate_application_in_workspace",
+            "view_application_in_workspace",
+            "rename_application_in_workspace",
+            "add_environment_in_application",
+            "delete_environment_in_application",
+            "deactivate_environment_in_application",
+            "view_environment_in_application",
+            "rename_environment_in_application",
+            "add_tag_to_workspace",
+            "remove_tag_from_workspace",
+        ],
+        "atat_role": "ccpo",
+        "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
+        "username": None,
+        "workspace_roles": [],
+    }
+
     @tornado.gen.coroutine
     def post(self, path, **kwargs):
-        json = {
-            "atat_permissions": [
-                "view_original_jedi_request",
-                "review_and_approve_jedi_workspace_request",
-                "modify_atat_role_permissions",
-                "create_csp_role",
-                "delete_csp_role",
-                "deactivate_csp_role",
-                "modify_csp_role_permissions",
-                "view_usage_report",
-                "view_usage_dollars",
-                "add_and_assign_csp_roles",
-                "remove_csp_roles",
-                "request_new_csp_role",
-                "assign_and_unassign_atat_role",
-                "view_assigned_atat_role_configurations",
-                "view_assigned_csp_role_configurations",
-                "deactivate_workspace",
-                "view_atat_permissions",
-                "transfer_ownership_of_workspace",
-                "add_application_in_workspace",
-                "delete_application_in_workspace",
-                "deactivate_application_in_workspace",
-                "view_application_in_workspace",
-                "rename_application_in_workspace",
-                "add_environment_in_application",
-                "delete_environment_in_application",
-                "deactivate_environment_in_application",
-                "view_environment_in_application",
-                "rename_environment_in_application",
-                "add_tag_to_workspace",
-                "remove_tag_from_workspace",
-            ],
-            "atat_role": "ccpo",
-            "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
-            "username": None,
-            "workspace_roles": [],
-        }
-        return self._get_response("POST", path, 200, json=json)
+        return self._get_response("POST", path, 200, json=self._json)
+
+    @tornado.gen.coroutine
+    def get(self, path, **kwargs):
+        return self._get_response("POST", path, 200, json=self._json)

From 46a8d8aade5ccc08d39eae1b44f5b763be2c0168 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Wed, 18 Jul 2018 10:45:26 -0400
Subject: [PATCH 5/5] add additional dev roles and set perms for them

---
 atst/handlers/dev.py | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/atst/handlers/dev.py b/atst/handlers/dev.py
index bfb5684e..71fdb8e8 100644
--- a/atst/handlers/dev.py
+++ b/atst/handlers/dev.py
@@ -13,9 +13,28 @@ _DEV_USERS = {
         "first_name": "Olivia",
         "last_name": "Owner",
     },
+    "admin": {
+        "id": "66ebf7b8-cbf0-4ed8-a102-5f105330df75",
+        "first_name": "Andreas",
+        "last_name": "Admin",
+    },
+    "developer": {
+        "id": "7707b9f2-5945-49ae-967a-be65baa88baf",
+        "first_name": "Dominick",
+        "last_name": "Developer",
+    },
+    "billing_auditor": {
+        "id": "6978ac0c-442a-46aa-a0c3-ff17b5ec2a8c",
+        "first_name": "Billie",
+        "last_name": "The Billing Auditor",
+    },
+    "security_auditor": {
+        "id": "596fd001-bb1d-4adf-87d8-fa2312e882de",
+        "first_name": "Sawyer",
+        "last_name": "The Security Auditor",
+    },
 }
 
-
 class Dev(BaseHandler):
 
     def initialize(self, action, sessions, authz_client):
@@ -27,4 +46,12 @@ class Dev(BaseHandler):
     def get(self):
         role = self.get_argument("role", "ccpo")
         user = _DEV_USERS[role]
+        yield self._set_user_permissions(user["id"], role)
         yield self.login(user)
+
+    @tornado.gen.coroutine
+    def _set_user_permissions(self, user_id, role):
+        response = yield self.authz_client.post(
+            "/users", json={"id": user_id, "atat_role": role}
+        )
+        return response.json