Merge pull request #1060 from dod-ccpo/app-settings-redesign
App settings redesign
This commit is contained in:
leigh-mil
GitHub
@@ -1,5 +1,7 @@
|
||||
import pytest
|
||||
import uuid
|
||||
from flask import url_for, get_flashed_messages
|
||||
from unittest.mock import Mock
|
||||
|
||||
from tests.factories import *
|
||||
|
||||
@@ -424,3 +426,122 @@ def test_delete_environment(client, user_session):
|
||||
assert environment.name in message["message"]
|
||||
# deletes environment
|
||||
assert len(application.environments) == 0
|
||||
|
||||
|
||||
def test_create_member(monkeypatch, client, user_session, session):
|
||||
job_mock = Mock()
|
||||
monkeypatch.setattr("atst.jobs.send_mail.delay", job_mock)
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create(
|
||||
environments=[{"name": "Naboo"}, {"name": "Endor"}]
|
||||
)
|
||||
env = application.environments[0]
|
||||
env_1 = application.environments[1]
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for("applications.create_member", application_id=application.id),
|
||||
data={
|
||||
"user_data-first_name": user.first_name,
|
||||
"user_data-last_name": user.last_name,
|
||||
"user_data-dod_id": user.dod_id,
|
||||
"user_data-email": user.email,
|
||||
"environment_roles-0-environment_id": env.id,
|
||||
"environment_roles-0-role": "Basic Access",
|
||||
"environment_roles-0-environment_name": env.name,
|
||||
"environment_roles-1-environment_id": env_1.id,
|
||||
"environment_roles-1-role": NO_ACCESS,
|
||||
"environment_roles-1-environment_name": env_1.name,
|
||||
"permission_sets-perms_env_mgmt": True,
|
||||
"permission_sets-perms_team_mgmt": True,
|
||||
"permission_sets-perms_del_env": True,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
expected_url = url_for(
|
||||
"applications.settings",
|
||||
application_id=application.id,
|
||||
fragment="application-members",
|
||||
_anchor="application-members",
|
||||
_external=True,
|
||||
)
|
||||
assert response.location == expected_url
|
||||
assert len(application.roles) == 1
|
||||
environment_roles = application.roles[0].environment_roles
|
||||
assert len(environment_roles) == 1
|
||||
assert environment_roles[0].environment == env
|
||||
|
||||
invitation = (
|
||||
session.query(ApplicationInvitation).filter_by(dod_id=user.dod_id).one()
|
||||
)
|
||||
assert invitation.role.application == application
|
||||
|
||||
assert job_mock.called
|
||||
|
||||
|
||||
def test_remove_member_success(client, user_session):
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create()
|
||||
application_role = ApplicationRoleFactory.create(application=application, user=user)
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for(
|
||||
"applications.remove_member",
|
||||
application_id=application.id,
|
||||
application_role_id=application_role.id,
|
||||
)
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert response.location == url_for(
|
||||
"applications.settings",
|
||||
_anchor="application-members",
|
||||
_external=True,
|
||||
application_id=application.id,
|
||||
fragment="application-members",
|
||||
)
|
||||
|
||||
|
||||
def test_remove_new_member_success(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
application_role = ApplicationRoleFactory.create(application=application, user=None)
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for(
|
||||
"applications.remove_member",
|
||||
application_id=application.id,
|
||||
application_role_id=application_role.id,
|
||||
)
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert response.location == url_for(
|
||||
"applications.settings",
|
||||
_anchor="application-members",
|
||||
_external=True,
|
||||
application_id=application.id,
|
||||
fragment="application-members",
|
||||
)
|
||||
|
||||
|
||||
def test_remove_member_failure(client, user_session):
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create()
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for(
|
||||
"applications.remove_member",
|
||||
application_id=application.id,
|
||||
application_role_id=uuid.uuid4(),
|
||||
)
|
||||
)
|
||||
|
||||
assert response.status_code == 404
|
||||
|
||||
@@ -1,269 +0,0 @@
|
||||
import uuid
|
||||
from unittest.mock import Mock
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.models import CSPRole
|
||||
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
|
||||
from tests.factories import *
|
||||
|
||||
|
||||
def test_application_team(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
application = ApplicationFactory.create(portfolio=portfolio)
|
||||
|
||||
user_session(portfolio.owner)
|
||||
|
||||
response = client.get(url_for("applications.team", application_id=application.id))
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_update_team_permissions(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
actual_perms_names = [perm.name for perm in app_role.permission_sets]
|
||||
expected_perms_names = [
|
||||
PermissionSets.VIEW_APPLICATION,
|
||||
PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
]
|
||||
assert expected_perms_names == actual_perms_names
|
||||
|
||||
|
||||
def test_update_team_with_bad_permission_sets(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
permission_sets = app_role.permission_sets
|
||||
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": "some random string",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 400
|
||||
assert app_role.permission_sets == permission_sets
|
||||
|
||||
|
||||
def test_update_team_with_non_app_user(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": str(uuid.uuid4()),
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_update_team_environment_roles(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
env_role = EnvironmentRoleFactory.create(
|
||||
application_role=app_role,
|
||||
environment=environment,
|
||||
role=CSPRole.NETWORK_ADMIN.value,
|
||||
)
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-environment_roles-0-environment_id": environment.id,
|
||||
"members-0-environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
||||
|
||||
|
||||
def test_update_team_revoke_environment_access(client, user_session, db, session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
user = UserFactory.create()
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, user=user, permission_sets=[]
|
||||
)
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
env_role = EnvironmentRoleFactory.create(
|
||||
application_role=app_role,
|
||||
environment=environment,
|
||||
role=CSPRole.BASIC_ACCESS.value,
|
||||
)
|
||||
assert user in environment.users
|
||||
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-environment_roles-0-environment_id": environment.id,
|
||||
"members-0-environment_roles-0-role": NO_ACCESS,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
env_role_exists = db.exists().where(EnvironmentRole.id == env_role.id)
|
||||
assert not session.query(env_role_exists).scalar()
|
||||
assert user not in environment.users
|
||||
|
||||
|
||||
def test_create_member(monkeypatch, client, user_session, session):
|
||||
job_mock = Mock()
|
||||
monkeypatch.setattr("atst.jobs.send_mail.delay", job_mock)
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create(
|
||||
environments=[{"name": "Naboo"}, {"name": "Endor"}]
|
||||
)
|
||||
env = application.environments[0]
|
||||
env_1 = application.environments[1]
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for("applications.create_member", application_id=application.id),
|
||||
data={
|
||||
"user_data-first_name": user.first_name,
|
||||
"user_data-last_name": user.last_name,
|
||||
"user_data-dod_id": user.dod_id,
|
||||
"user_data-email": user.email,
|
||||
"environment_roles-0-environment_id": env.id,
|
||||
"environment_roles-0-role": "Basic Access",
|
||||
"environment_roles-0-environment_name": env.name,
|
||||
"environment_roles-1-environment_id": env_1.id,
|
||||
"environment_roles-1-role": NO_ACCESS,
|
||||
"environment_roles-1-environment_name": env_1.name,
|
||||
"permission_sets-perms_env_mgmt": True,
|
||||
"permission_sets-perms_team_mgmt": True,
|
||||
"permission_sets-perms_del_env": True,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
expected_url = url_for(
|
||||
"applications.team",
|
||||
application_id=application.id,
|
||||
fragment="application-members",
|
||||
_anchor="application-members",
|
||||
_external=True,
|
||||
)
|
||||
assert response.location == expected_url
|
||||
assert len(application.roles) == 1
|
||||
environment_roles = application.roles[0].environment_roles
|
||||
assert len(environment_roles) == 1
|
||||
assert environment_roles[0].environment == env
|
||||
|
||||
invitation = (
|
||||
session.query(ApplicationInvitation).filter_by(dod_id=user.dod_id).one()
|
||||
)
|
||||
assert invitation.role.application == application
|
||||
|
||||
assert job_mock.called
|
||||
|
||||
|
||||
def test_remove_member_success(client, user_session):
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create()
|
||||
application_role = ApplicationRoleFactory.create(application=application, user=user)
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for(
|
||||
"applications.remove_member",
|
||||
application_id=application.id,
|
||||
application_role_id=application_role.id,
|
||||
)
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert response.location == url_for(
|
||||
"applications.team",
|
||||
_anchor="application-members",
|
||||
_external=True,
|
||||
application_id=application.id,
|
||||
fragment="application-members",
|
||||
)
|
||||
|
||||
|
||||
def test_remove_new_member_success(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
application_role = ApplicationRoleFactory.create(application=application, user=None)
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for(
|
||||
"applications.remove_member",
|
||||
application_id=application.id,
|
||||
application_role_id=application_role.id,
|
||||
)
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert response.location == url_for(
|
||||
"applications.team",
|
||||
_anchor="application-members",
|
||||
_external=True,
|
||||
application_id=application.id,
|
||||
fragment="application-members",
|
||||
)
|
||||
|
||||
|
||||
def test_remove_member_failure(client, user_session):
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create()
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
|
||||
response = client.post(
|
||||
url_for(
|
||||
"applications.remove_member",
|
||||
application_id=application.id,
|
||||
application_role_id=uuid.uuid4(),
|
||||
)
|
||||
)
|
||||
|
||||
assert response.status_code == 404
|
||||
@@ -585,20 +585,6 @@ def test_task_orders_new_post_routes(post_url_assert_status):
|
||||
post_url_assert_status(rando, url, 404, data=data)
|
||||
|
||||
|
||||
def test_applications_application_team_access(get_url_assert_status):
|
||||
ccpo = UserFactory.create_ccpo()
|
||||
rando = UserFactory.create()
|
||||
|
||||
portfolio = PortfolioFactory.create()
|
||||
application = ApplicationFactory.create(portfolio=portfolio)
|
||||
|
||||
url = url_for("applications.team", application_id=application.id)
|
||||
|
||||
get_url_assert_status(ccpo, url, 200)
|
||||
get_url_assert_status(portfolio.owner, url, 200)
|
||||
get_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
def test_portfolio_delete_access(post_url_assert_status):
|
||||
rando = UserFactory.create()
|
||||
owner = UserFactory.create()
|
||||
|
||||
Reference in New Issue
Block a user