Remove route 'applications.update_env_roles' and related functions and tests
This commit is contained in:
parent
c9dcacddb0
commit
ddcd91964f
@ -3,7 +3,7 @@
|
||||
"files": "^.secrets.baseline$",
|
||||
"lines": null
|
||||
},
|
||||
"generated_at": "2019-08-29T17:03:11Z",
|
||||
"generated_at": "2019-09-10T18:56:49Z",
|
||||
"plugins_used": [
|
||||
{
|
||||
"base64_limit": 4.5,
|
||||
@ -194,7 +194,7 @@
|
||||
"hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 544,
|
||||
"line_number": 507,
|
||||
"type": "Hex High Entropy String"
|
||||
}
|
||||
]
|
||||
|
@ -3,7 +3,6 @@ from sqlalchemy.orm.exc import NoResultFound
|
||||
from atst.database import db
|
||||
from atst.models.environment import Environment
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.domain.application_roles import ApplicationRoles
|
||||
|
||||
from .exceptions import NotFoundError
|
||||
|
||||
@ -72,17 +71,6 @@ class Environments(object):
|
||||
|
||||
return updated
|
||||
|
||||
@classmethod
|
||||
def update_env_roles_by_environment(cls, environment_id, team_roles):
|
||||
environment = Environments.get(environment_id)
|
||||
|
||||
for member in team_roles:
|
||||
new_role = member["role_name"]
|
||||
app_role = ApplicationRoles.get_by_id(member["application_role_id"])
|
||||
Environments.update_env_role(
|
||||
environment=environment, application_role=app_role, new_role=new_role
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def revoke_access(cls, environment, target_user):
|
||||
EnvironmentRoles.delete(environment.id, target_user.id)
|
||||
|
@ -1,32 +0,0 @@
|
||||
from flask_wtf import FlaskForm
|
||||
from wtforms.fields import FieldList, FormField, HiddenField, RadioField, StringField
|
||||
|
||||
from .forms import BaseForm
|
||||
from .data import ENV_ROLES, ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
|
||||
|
||||
class MemberForm(FlaskForm):
|
||||
application_role_id = HiddenField()
|
||||
user_name = StringField()
|
||||
role_name = RadioField(choices=ENV_ROLES, default=NO_ACCESS)
|
||||
|
||||
@property
|
||||
def data(self):
|
||||
_data = super().data
|
||||
if "role_name" in _data and _data["role_name"] == NO_ACCESS:
|
||||
_data["role_name"] = None
|
||||
return _data
|
||||
|
||||
|
||||
class RoleForm(FlaskForm):
|
||||
role = HiddenField()
|
||||
members = FieldList(FormField(MemberForm))
|
||||
|
||||
|
||||
class EnvironmentRolesForm(FlaskForm):
|
||||
team_roles = FieldList(FormField(RoleForm))
|
||||
env_id = HiddenField()
|
||||
|
||||
|
||||
class AppEnvRolesForm(BaseForm):
|
||||
envs = FieldList(FormField(EnvironmentRolesForm))
|
@ -1,64 +0,0 @@
|
||||
from flask_wtf import FlaskForm
|
||||
from wtforms.fields import FormField, FieldList, HiddenField, RadioField, StringField
|
||||
from wtforms.validators import Required
|
||||
|
||||
from .application_member import EnvironmentForm as BaseEnvironmentForm
|
||||
from .data import ENV_ROLES
|
||||
from .forms import BaseForm
|
||||
from atst.forms.fields import SelectField
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.utils.localization import translate
|
||||
|
||||
|
||||
class EnvironmentForm(BaseEnvironmentForm):
|
||||
role = RadioField(
|
||||
"Role",
|
||||
choices=ENV_ROLES,
|
||||
default=None,
|
||||
filters=[lambda x: None if x == "None" else x],
|
||||
)
|
||||
|
||||
|
||||
class PermissionsForm(FlaskForm):
|
||||
perms_team_mgmt = SelectField(
|
||||
translate("portfolios.applications.members.new.manage_team"),
|
||||
choices=[
|
||||
(PermissionSets.VIEW_APPLICATION, "View"),
|
||||
(PermissionSets.EDIT_APPLICATION_TEAM, "Edit"),
|
||||
],
|
||||
)
|
||||
perms_env_mgmt = SelectField(
|
||||
translate("portfolios.applications.members.new.manage_envs"),
|
||||
choices=[
|
||||
(PermissionSets.VIEW_APPLICATION, "View"),
|
||||
(PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "Edit"),
|
||||
],
|
||||
)
|
||||
perms_del_env = SelectField(
|
||||
choices=[
|
||||
(PermissionSets.VIEW_APPLICATION, "No"),
|
||||
(PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "Yes"),
|
||||
]
|
||||
)
|
||||
|
||||
@property
|
||||
def data(self):
|
||||
_data = super().data
|
||||
_data.pop("csrf_token", None)
|
||||
permission_sets = []
|
||||
for field in _data:
|
||||
if _data[field] is not None:
|
||||
permission_sets.append(_data[field])
|
||||
|
||||
return permission_sets
|
||||
|
||||
|
||||
class MemberForm(FlaskForm):
|
||||
role_id = HiddenField(validators=[Required()])
|
||||
user_name = StringField()
|
||||
environment_roles = FieldList(FormField(EnvironmentForm))
|
||||
permission_sets = FormField(PermissionsForm)
|
||||
|
||||
|
||||
class TeamForm(BaseForm):
|
||||
members = FieldList(FormField(MemberForm))
|
@ -8,7 +8,6 @@ from atst.domain.application_roles import ApplicationRoles
|
||||
from atst.domain.audit_log import AuditLog
|
||||
from atst.domain.common import Paginator
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.forms.app_settings import AppEnvRolesForm
|
||||
from atst.forms.application import ApplicationForm, EditEnvironmentForm
|
||||
from atst.forms.application_member import NewForm as NewMemberForm
|
||||
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
@ -139,7 +138,6 @@ def get_new_member_form(application):
|
||||
|
||||
def render_settings_page(application, **kwargs):
|
||||
environments_obj = get_environments_obj_for_app(application=application)
|
||||
members_form = AppEnvRolesForm(data=data_for_app_env_roles_form(application))
|
||||
new_env_form = EditEnvironmentForm()
|
||||
pagination_opts = Paginator.get_pagination_opts(http_request)
|
||||
audit_events = AuditLog.get_application_events(application, pagination_opts)
|
||||
@ -155,7 +153,6 @@ def render_settings_page(application, **kwargs):
|
||||
"portfolios/applications/settings.html",
|
||||
application=application,
|
||||
environments_obj=environments_obj,
|
||||
members_form=members_form,
|
||||
new_env_form=new_env_form,
|
||||
audit_events=audit_events,
|
||||
new_member_form=new_member_form,
|
||||
@ -265,47 +262,6 @@ def update(application_id):
|
||||
return render_settings_page(application=application, application_form=form)
|
||||
|
||||
|
||||
@applications_bp.route("/environments/<environment_id>/roles", methods=["POST"])
|
||||
@user_can(Permissions.ASSIGN_ENVIRONMENT_MEMBER, message="update environment roles")
|
||||
def update_env_roles(environment_id):
|
||||
environment = Environments.get(environment_id)
|
||||
application = environment.application
|
||||
form = AppEnvRolesForm(formdata=http_request.form)
|
||||
|
||||
if form.validate():
|
||||
env_data = []
|
||||
for env in form.envs.data:
|
||||
if env["env_id"] == str(environment.id):
|
||||
for role in env["team_roles"]:
|
||||
env_data = env_data + role["members"]
|
||||
|
||||
Environments.update_env_roles_by_environment(
|
||||
environment_id=environment_id, team_roles=env_data
|
||||
)
|
||||
|
||||
flash("application_environment_members_updated")
|
||||
|
||||
return redirect(
|
||||
url_for(
|
||||
"applications.settings",
|
||||
application_id=application.id,
|
||||
fragment="application-environments",
|
||||
_anchor="application-environments",
|
||||
active_toggler=environment.id,
|
||||
active_toggler_section="members",
|
||||
)
|
||||
)
|
||||
else:
|
||||
return (
|
||||
render_settings_page(
|
||||
application=application,
|
||||
active_toggler=environment.id,
|
||||
active_toggler_section="edit",
|
||||
),
|
||||
400,
|
||||
)
|
||||
|
||||
|
||||
@applications_bp.route("/applications/<application_id>/delete", methods=["POST"])
|
||||
@user_can(Permissions.DELETE_APPLICATION, message="delete application")
|
||||
def delete(application_id):
|
||||
|
@ -56,23 +56,6 @@ def test_get_handles_invalid_id():
|
||||
ApplicationRoles.get(user.id, application.id)
|
||||
|
||||
|
||||
def test_update_permission_sets():
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create()
|
||||
app_role = ApplicationRoleFactory.create(user=user, application=application)
|
||||
|
||||
view_app = [PermissionSets.get(PermissionSets.VIEW_APPLICATION)]
|
||||
new_perms_names = [
|
||||
PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
]
|
||||
new_perms = PermissionSets.get_many(new_perms_names)
|
||||
# view application permission is included by default
|
||||
assert app_role.permission_sets == view_app
|
||||
assert ApplicationRoles.update_permission_sets(app_role, new_perms_names)
|
||||
assert set(app_role.permission_sets) == set(new_perms + view_app)
|
||||
|
||||
|
||||
def test_get_by_id():
|
||||
user = UserFactory.create()
|
||||
application = ApplicationFactory.create()
|
||||
|
@ -53,51 +53,6 @@ def test_update_env_role_no_change():
|
||||
)
|
||||
|
||||
|
||||
def test_update_env_roles_by_environment():
|
||||
environment = EnvironmentFactory.create()
|
||||
app_role_1 = ApplicationRoleFactory.create(application=environment.application)
|
||||
env_role_1 = EnvironmentRoleFactory.create(
|
||||
application_role=app_role_1,
|
||||
environment=environment,
|
||||
role=CSPRole.BASIC_ACCESS.value,
|
||||
)
|
||||
app_role_2 = ApplicationRoleFactory.create(application=environment.application)
|
||||
env_role_2 = EnvironmentRoleFactory.create(
|
||||
application_role=app_role_2,
|
||||
environment=environment,
|
||||
role=CSPRole.NETWORK_ADMIN.value,
|
||||
)
|
||||
app_role_3 = ApplicationRoleFactory.create(application=environment.application)
|
||||
env_role_3 = EnvironmentRoleFactory.create(
|
||||
application_role=app_role_3,
|
||||
environment=environment,
|
||||
role=CSPRole.TECHNICAL_READ.value,
|
||||
)
|
||||
|
||||
team_roles = [
|
||||
{
|
||||
"application_role_id": app_role_1.id,
|
||||
"user_name": app_role_1.user_name,
|
||||
"role_name": CSPRole.BUSINESS_READ.value,
|
||||
},
|
||||
{
|
||||
"application_role_id": app_role_2.id,
|
||||
"user_name": app_role_2.user_name,
|
||||
"role_name": CSPRole.NETWORK_ADMIN.value,
|
||||
},
|
||||
{
|
||||
"application_role_id": app_role_3.id,
|
||||
"user_name": app_role_3.user_name,
|
||||
"role_name": None,
|
||||
},
|
||||
]
|
||||
|
||||
Environments.update_env_roles_by_environment(environment.id, team_roles)
|
||||
assert env_role_1.role == CSPRole.BUSINESS_READ.value
|
||||
assert env_role_2.role == CSPRole.NETWORK_ADMIN.value
|
||||
assert not EnvironmentRoles.get(app_role_3.id, environment.id)
|
||||
|
||||
|
||||
def test_get_excludes_deleted():
|
||||
env = EnvironmentFactory.create(
|
||||
deleted=True, application=ApplicationFactory.create()
|
||||
|
@ -1,30 +0,0 @@
|
||||
from wtforms.validators import ValidationError
|
||||
|
||||
from atst.domain.permission_sets import PermissionSets
|
||||
from atst.forms.team import *
|
||||
|
||||
|
||||
def test_permissions_form_permission_sets():
|
||||
form_data = {
|
||||
"perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"perms_env_mgmt": PermissionSets.VIEW_APPLICATION,
|
||||
"perms_del_env": PermissionSets.VIEW_APPLICATION,
|
||||
}
|
||||
form = PermissionsForm(data=form_data)
|
||||
|
||||
assert form.validate()
|
||||
assert form.data == [
|
||||
PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
PermissionSets.VIEW_APPLICATION,
|
||||
PermissionSets.VIEW_APPLICATION,
|
||||
]
|
||||
|
||||
|
||||
def test_permissions_form_invalid():
|
||||
form_data = {
|
||||
"perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"perms_env_mgmt": "not a real choice",
|
||||
"perms_del_env": PermissionSets.VIEW_APPLICATION,
|
||||
}
|
||||
form = PermissionsForm(data=form_data)
|
||||
assert not form.validate()
|
@ -15,7 +15,6 @@ from atst.domain.exceptions import NotFoundError
|
||||
from atst.models.environment_role import CSPRole
|
||||
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
||||
from atst.forms.application import EditEnvironmentForm
|
||||
from atst.forms.app_settings import AppEnvRolesForm
|
||||
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
|
||||
from tests.utils import captured_templates
|
||||
@ -112,7 +111,6 @@ def test_edit_application_environments_obj(app, client, user_session):
|
||||
assert response.status_code == 200
|
||||
_, context = templates[-1]
|
||||
|
||||
assert isinstance(context["members_form"], AppEnvRolesForm)
|
||||
env_obj = context["environments_obj"][0]
|
||||
assert env_obj["name"] == env.name
|
||||
assert env_obj["id"] == env.id
|
||||
@ -153,50 +151,6 @@ def test_data_for_app_env_roles_form(app, client, user_session):
|
||||
assert response.status_code == 200
|
||||
_, context = templates[-1]
|
||||
|
||||
members_form = context["members_form"]
|
||||
assert isinstance(members_form, AppEnvRolesForm)
|
||||
assert members_form.data == {
|
||||
"envs": [
|
||||
{
|
||||
"env_id": env.id,
|
||||
"team_roles": [
|
||||
{
|
||||
"role": NO_ACCESS,
|
||||
"members": [
|
||||
{
|
||||
"application_role_id": str(app_role0.id),
|
||||
"user_name": app_role0.user_name,
|
||||
"role_name": None,
|
||||
}
|
||||
],
|
||||
},
|
||||
{
|
||||
"role": CSPRole.BASIC_ACCESS.value,
|
||||
"members": [
|
||||
{
|
||||
"application_role_id": str(app_role1.id),
|
||||
"user_name": app_role1.user_name,
|
||||
"role_name": CSPRole.BASIC_ACCESS.value,
|
||||
}
|
||||
],
|
||||
},
|
||||
{
|
||||
"role": CSPRole.NETWORK_ADMIN.value,
|
||||
"members": [
|
||||
{
|
||||
"application_role_id": str(app_role2.id),
|
||||
"user_name": app_role2.user_name,
|
||||
"role_name": CSPRole.NETWORK_ADMIN.value,
|
||||
}
|
||||
],
|
||||
},
|
||||
{"role": CSPRole.BUSINESS_READ.value, "members": []},
|
||||
{"role": CSPRole.TECHNICAL_READ.value, "members": []},
|
||||
],
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
def test_user_with_permission_can_update_application(client, user_session):
|
||||
owner = UserFactory.create()
|
||||
@ -253,55 +207,6 @@ def test_user_without_permission_cannot_update_application(client, user_session)
|
||||
assert application.description == "Cool stuff happening here!"
|
||||
|
||||
|
||||
def test_update_team_env_roles(client, user_session):
|
||||
environment = EnvironmentFactory.create()
|
||||
application = environment.application
|
||||
app_role_1 = ApplicationRoleFactory.create(application=application)
|
||||
env_role_1 = EnvironmentRoleFactory.create(
|
||||
environment=environment,
|
||||
role=CSPRole.BASIC_ACCESS.value,
|
||||
application_role=app_role_1,
|
||||
)
|
||||
app_role_2 = ApplicationRoleFactory.create(application=application)
|
||||
env_role_2 = EnvironmentRoleFactory.create(
|
||||
environment=environment,
|
||||
role=CSPRole.BASIC_ACCESS.value,
|
||||
application_role=app_role_2,
|
||||
)
|
||||
app_role_3 = ApplicationRoleFactory.create(application=application)
|
||||
env_role_3 = EnvironmentRoleFactory.create(
|
||||
environment=environment,
|
||||
role=CSPRole.BASIC_ACCESS.value,
|
||||
application_role=app_role_3,
|
||||
)
|
||||
|
||||
app_role_4 = ApplicationRoleFactory.create(application=application)
|
||||
form_data = {
|
||||
"envs-0-env_id": environment.id,
|
||||
"envs-0-team_roles-0-members-0-application_role_id": app_role_4.id,
|
||||
"envs-0-team_roles-0-members-0-role_name": CSPRole.TECHNICAL_READ.value,
|
||||
"envs-0-team_roles-1-members-0-application_role_id": app_role_1.id,
|
||||
"envs-0-team_roles-1-members-0-role_name": CSPRole.NETWORK_ADMIN.value,
|
||||
"envs-0-team_roles-1-members-1-application_role_id": app_role_2.id,
|
||||
"envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value,
|
||||
"envs-0-team_roles-1-members-2-application_role_id": app_role_3.id,
|
||||
"envs-0-team_roles-1-members-2-role_name": NO_ACCESS,
|
||||
}
|
||||
|
||||
user_session(application.portfolio.owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_env_roles", environment_id=environment.id),
|
||||
data=form_data,
|
||||
follow_redirects=True,
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert env_role_1.role == CSPRole.NETWORK_ADMIN.value
|
||||
assert env_role_2.role == CSPRole.BASIC_ACCESS.value
|
||||
assert not EnvironmentRoles.get(app_role_3.id, environment.id)
|
||||
assert EnvironmentRoles.get(app_role_4.id, environment.id)
|
||||
|
||||
|
||||
def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
|
||||
portfolio = PortfolioFactory.create()
|
||||
other_portfolio = PortfolioFactory.create(
|
||||
|
@ -235,43 +235,6 @@ def test_applications_create_access(post_url_assert_status):
|
||||
post_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# applications.update_env_roles
|
||||
def test_applications_update_team_env_roles(post_url_assert_status):
|
||||
ccpo = UserFactory.create_ccpo()
|
||||
owner = user_with()
|
||||
app_admin = user_with()
|
||||
rando = user_with()
|
||||
app_member = UserFactory.create()
|
||||
|
||||
portfolio = PortfolioFactory.create(
|
||||
owner=owner, applications=[{"name": "mos eisley"}]
|
||||
)
|
||||
application = portfolio.applications[0]
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
|
||||
ApplicationRoleFactory.create(
|
||||
user=app_admin,
|
||||
application=application,
|
||||
permission_sets=PermissionSets.get_many(
|
||||
[
|
||||
PermissionSets.VIEW_APPLICATION,
|
||||
PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
]
|
||||
),
|
||||
)
|
||||
ApplicationRoleFactory.create(user=app_member, application=application)
|
||||
ApplicationRoleFactory.create(user=ccpo, application=application)
|
||||
ApplicationRoleFactory.create(user=owner, application=application)
|
||||
|
||||
url = url_for("applications.update_env_roles", environment_id=environment.id)
|
||||
post_url_assert_status(ccpo, url, 302)
|
||||
post_url_assert_status(owner, url, 302)
|
||||
post_url_assert_status(app_admin, url, 302)
|
||||
post_url_assert_status(rando, url, 404)
|
||||
|
||||
|
||||
# portfolios.invite_member
|
||||
def test_portfolios_invite_member_access(post_url_assert_status):
|
||||
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)
|
||||
|
Loading…
x
Reference in New Issue
Block a user