Remove route 'applications.update_env_roles' and related functions and tests

This commit is contained in:
leigh-mil 2019-09-10 15:01:37 -04:00
parent c9dcacddb0
commit ddcd91964f
10 changed files with 2 additions and 378 deletions

View File

@ -3,7 +3,7 @@
"files": "^.secrets.baseline$",
"lines": null
},
"generated_at": "2019-08-29T17:03:11Z",
"generated_at": "2019-09-10T18:56:49Z",
"plugins_used": [
{
"base64_limit": 4.5,
@ -194,7 +194,7 @@
"hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207",
"is_secret": false,
"is_verified": false,
"line_number": 544,
"line_number": 507,
"type": "Hex High Entropy String"
}
]

View File

@ -3,7 +3,6 @@ from sqlalchemy.orm.exc import NoResultFound
from atst.database import db
from atst.models.environment import Environment
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.application_roles import ApplicationRoles
from .exceptions import NotFoundError
@ -72,17 +71,6 @@ class Environments(object):
return updated
@classmethod
def update_env_roles_by_environment(cls, environment_id, team_roles):
environment = Environments.get(environment_id)
for member in team_roles:
new_role = member["role_name"]
app_role = ApplicationRoles.get_by_id(member["application_role_id"])
Environments.update_env_role(
environment=environment, application_role=app_role, new_role=new_role
)
@classmethod
def revoke_access(cls, environment, target_user):
EnvironmentRoles.delete(environment.id, target_user.id)

View File

@ -1,32 +0,0 @@
from flask_wtf import FlaskForm
from wtforms.fields import FieldList, FormField, HiddenField, RadioField, StringField
from .forms import BaseForm
from .data import ENV_ROLES, ENV_ROLE_NO_ACCESS as NO_ACCESS
class MemberForm(FlaskForm):
application_role_id = HiddenField()
user_name = StringField()
role_name = RadioField(choices=ENV_ROLES, default=NO_ACCESS)
@property
def data(self):
_data = super().data
if "role_name" in _data and _data["role_name"] == NO_ACCESS:
_data["role_name"] = None
return _data
class RoleForm(FlaskForm):
role = HiddenField()
members = FieldList(FormField(MemberForm))
class EnvironmentRolesForm(FlaskForm):
team_roles = FieldList(FormField(RoleForm))
env_id = HiddenField()
class AppEnvRolesForm(BaseForm):
envs = FieldList(FormField(EnvironmentRolesForm))

View File

@ -1,64 +0,0 @@
from flask_wtf import FlaskForm
from wtforms.fields import FormField, FieldList, HiddenField, RadioField, StringField
from wtforms.validators import Required
from .application_member import EnvironmentForm as BaseEnvironmentForm
from .data import ENV_ROLES
from .forms import BaseForm
from atst.forms.fields import SelectField
from atst.domain.permission_sets import PermissionSets
from atst.utils.localization import translate
class EnvironmentForm(BaseEnvironmentForm):
role = RadioField(
"Role",
choices=ENV_ROLES,
default=None,
filters=[lambda x: None if x == "None" else x],
)
class PermissionsForm(FlaskForm):
perms_team_mgmt = SelectField(
translate("portfolios.applications.members.new.manage_team"),
choices=[
(PermissionSets.VIEW_APPLICATION, "View"),
(PermissionSets.EDIT_APPLICATION_TEAM, "Edit"),
],
)
perms_env_mgmt = SelectField(
translate("portfolios.applications.members.new.manage_envs"),
choices=[
(PermissionSets.VIEW_APPLICATION, "View"),
(PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "Edit"),
],
)
perms_del_env = SelectField(
choices=[
(PermissionSets.VIEW_APPLICATION, "No"),
(PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "Yes"),
]
)
@property
def data(self):
_data = super().data
_data.pop("csrf_token", None)
permission_sets = []
for field in _data:
if _data[field] is not None:
permission_sets.append(_data[field])
return permission_sets
class MemberForm(FlaskForm):
role_id = HiddenField(validators=[Required()])
user_name = StringField()
environment_roles = FieldList(FormField(EnvironmentForm))
permission_sets = FormField(PermissionsForm)
class TeamForm(BaseForm):
members = FieldList(FormField(MemberForm))

View File

@ -8,7 +8,6 @@ from atst.domain.application_roles import ApplicationRoles
from atst.domain.audit_log import AuditLog
from atst.domain.common import Paginator
from atst.domain.environment_roles import EnvironmentRoles
from atst.forms.app_settings import AppEnvRolesForm
from atst.forms.application import ApplicationForm, EditEnvironmentForm
from atst.forms.application_member import NewForm as NewMemberForm
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
@ -139,7 +138,6 @@ def get_new_member_form(application):
def render_settings_page(application, **kwargs):
environments_obj = get_environments_obj_for_app(application=application)
members_form = AppEnvRolesForm(data=data_for_app_env_roles_form(application))
new_env_form = EditEnvironmentForm()
pagination_opts = Paginator.get_pagination_opts(http_request)
audit_events = AuditLog.get_application_events(application, pagination_opts)
@ -155,7 +153,6 @@ def render_settings_page(application, **kwargs):
"portfolios/applications/settings.html",
application=application,
environments_obj=environments_obj,
members_form=members_form,
new_env_form=new_env_form,
audit_events=audit_events,
new_member_form=new_member_form,
@ -265,47 +262,6 @@ def update(application_id):
return render_settings_page(application=application, application_form=form)
@applications_bp.route("/environments/<environment_id>/roles", methods=["POST"])
@user_can(Permissions.ASSIGN_ENVIRONMENT_MEMBER, message="update environment roles")
def update_env_roles(environment_id):
environment = Environments.get(environment_id)
application = environment.application
form = AppEnvRolesForm(formdata=http_request.form)
if form.validate():
env_data = []
for env in form.envs.data:
if env["env_id"] == str(environment.id):
for role in env["team_roles"]:
env_data = env_data + role["members"]
Environments.update_env_roles_by_environment(
environment_id=environment_id, team_roles=env_data
)
flash("application_environment_members_updated")
return redirect(
url_for(
"applications.settings",
application_id=application.id,
fragment="application-environments",
_anchor="application-environments",
active_toggler=environment.id,
active_toggler_section="members",
)
)
else:
return (
render_settings_page(
application=application,
active_toggler=environment.id,
active_toggler_section="edit",
),
400,
)
@applications_bp.route("/applications/<application_id>/delete", methods=["POST"])
@user_can(Permissions.DELETE_APPLICATION, message="delete application")
def delete(application_id):

View File

@ -56,23 +56,6 @@ def test_get_handles_invalid_id():
ApplicationRoles.get(user.id, application.id)
def test_update_permission_sets():
user = UserFactory.create()
application = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user, application=application)
view_app = [PermissionSets.get(PermissionSets.VIEW_APPLICATION)]
new_perms_names = [
PermissionSets.EDIT_APPLICATION_TEAM,
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
]
new_perms = PermissionSets.get_many(new_perms_names)
# view application permission is included by default
assert app_role.permission_sets == view_app
assert ApplicationRoles.update_permission_sets(app_role, new_perms_names)
assert set(app_role.permission_sets) == set(new_perms + view_app)
def test_get_by_id():
user = UserFactory.create()
application = ApplicationFactory.create()

View File

@ -53,51 +53,6 @@ def test_update_env_role_no_change():
)
def test_update_env_roles_by_environment():
environment = EnvironmentFactory.create()
app_role_1 = ApplicationRoleFactory.create(application=environment.application)
env_role_1 = EnvironmentRoleFactory.create(
application_role=app_role_1,
environment=environment,
role=CSPRole.BASIC_ACCESS.value,
)
app_role_2 = ApplicationRoleFactory.create(application=environment.application)
env_role_2 = EnvironmentRoleFactory.create(
application_role=app_role_2,
environment=environment,
role=CSPRole.NETWORK_ADMIN.value,
)
app_role_3 = ApplicationRoleFactory.create(application=environment.application)
env_role_3 = EnvironmentRoleFactory.create(
application_role=app_role_3,
environment=environment,
role=CSPRole.TECHNICAL_READ.value,
)
team_roles = [
{
"application_role_id": app_role_1.id,
"user_name": app_role_1.user_name,
"role_name": CSPRole.BUSINESS_READ.value,
},
{
"application_role_id": app_role_2.id,
"user_name": app_role_2.user_name,
"role_name": CSPRole.NETWORK_ADMIN.value,
},
{
"application_role_id": app_role_3.id,
"user_name": app_role_3.user_name,
"role_name": None,
},
]
Environments.update_env_roles_by_environment(environment.id, team_roles)
assert env_role_1.role == CSPRole.BUSINESS_READ.value
assert env_role_2.role == CSPRole.NETWORK_ADMIN.value
assert not EnvironmentRoles.get(app_role_3.id, environment.id)
def test_get_excludes_deleted():
env = EnvironmentFactory.create(
deleted=True, application=ApplicationFactory.create()

View File

@ -1,30 +0,0 @@
from wtforms.validators import ValidationError
from atst.domain.permission_sets import PermissionSets
from atst.forms.team import *
def test_permissions_form_permission_sets():
form_data = {
"perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"perms_env_mgmt": PermissionSets.VIEW_APPLICATION,
"perms_del_env": PermissionSets.VIEW_APPLICATION,
}
form = PermissionsForm(data=form_data)
assert form.validate()
assert form.data == [
PermissionSets.EDIT_APPLICATION_TEAM,
PermissionSets.VIEW_APPLICATION,
PermissionSets.VIEW_APPLICATION,
]
def test_permissions_form_invalid():
form_data = {
"perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
"perms_env_mgmt": "not a real choice",
"perms_del_env": PermissionSets.VIEW_APPLICATION,
}
form = PermissionsForm(data=form_data)
assert not form.validate()

View File

@ -15,7 +15,6 @@ from atst.domain.exceptions import NotFoundError
from atst.models.environment_role import CSPRole
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from atst.forms.application import EditEnvironmentForm
from atst.forms.app_settings import AppEnvRolesForm
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
from tests.utils import captured_templates
@ -112,7 +111,6 @@ def test_edit_application_environments_obj(app, client, user_session):
assert response.status_code == 200
_, context = templates[-1]
assert isinstance(context["members_form"], AppEnvRolesForm)
env_obj = context["environments_obj"][0]
assert env_obj["name"] == env.name
assert env_obj["id"] == env.id
@ -153,50 +151,6 @@ def test_data_for_app_env_roles_form(app, client, user_session):
assert response.status_code == 200
_, context = templates[-1]
members_form = context["members_form"]
assert isinstance(members_form, AppEnvRolesForm)
assert members_form.data == {
"envs": [
{
"env_id": env.id,
"team_roles": [
{
"role": NO_ACCESS,
"members": [
{
"application_role_id": str(app_role0.id),
"user_name": app_role0.user_name,
"role_name": None,
}
],
},
{
"role": CSPRole.BASIC_ACCESS.value,
"members": [
{
"application_role_id": str(app_role1.id),
"user_name": app_role1.user_name,
"role_name": CSPRole.BASIC_ACCESS.value,
}
],
},
{
"role": CSPRole.NETWORK_ADMIN.value,
"members": [
{
"application_role_id": str(app_role2.id),
"user_name": app_role2.user_name,
"role_name": CSPRole.NETWORK_ADMIN.value,
}
],
},
{"role": CSPRole.BUSINESS_READ.value, "members": []},
{"role": CSPRole.TECHNICAL_READ.value, "members": []},
],
}
]
}
def test_user_with_permission_can_update_application(client, user_session):
owner = UserFactory.create()
@ -253,55 +207,6 @@ def test_user_without_permission_cannot_update_application(client, user_session)
assert application.description == "Cool stuff happening here!"
def test_update_team_env_roles(client, user_session):
environment = EnvironmentFactory.create()
application = environment.application
app_role_1 = ApplicationRoleFactory.create(application=application)
env_role_1 = EnvironmentRoleFactory.create(
environment=environment,
role=CSPRole.BASIC_ACCESS.value,
application_role=app_role_1,
)
app_role_2 = ApplicationRoleFactory.create(application=application)
env_role_2 = EnvironmentRoleFactory.create(
environment=environment,
role=CSPRole.BASIC_ACCESS.value,
application_role=app_role_2,
)
app_role_3 = ApplicationRoleFactory.create(application=application)
env_role_3 = EnvironmentRoleFactory.create(
environment=environment,
role=CSPRole.BASIC_ACCESS.value,
application_role=app_role_3,
)
app_role_4 = ApplicationRoleFactory.create(application=application)
form_data = {
"envs-0-env_id": environment.id,
"envs-0-team_roles-0-members-0-application_role_id": app_role_4.id,
"envs-0-team_roles-0-members-0-role_name": CSPRole.TECHNICAL_READ.value,
"envs-0-team_roles-1-members-0-application_role_id": app_role_1.id,
"envs-0-team_roles-1-members-0-role_name": CSPRole.NETWORK_ADMIN.value,
"envs-0-team_roles-1-members-1-application_role_id": app_role_2.id,
"envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value,
"envs-0-team_roles-1-members-2-application_role_id": app_role_3.id,
"envs-0-team_roles-1-members-2-role_name": NO_ACCESS,
}
user_session(application.portfolio.owner)
response = client.post(
url_for("applications.update_env_roles", environment_id=environment.id),
data=form_data,
follow_redirects=True,
)
assert response.status_code == 200
assert env_role_1.role == CSPRole.NETWORK_ADMIN.value
assert env_role_2.role == CSPRole.BASIC_ACCESS.value
assert not EnvironmentRoles.get(app_role_3.id, environment.id)
assert EnvironmentRoles.get(app_role_4.id, environment.id)
def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
portfolio = PortfolioFactory.create()
other_portfolio = PortfolioFactory.create(

View File

@ -235,43 +235,6 @@ def test_applications_create_access(post_url_assert_status):
post_url_assert_status(rando, url, 404)
# applications.update_env_roles
def test_applications_update_team_env_roles(post_url_assert_status):
ccpo = UserFactory.create_ccpo()
owner = user_with()
app_admin = user_with()
rando = user_with()
app_member = UserFactory.create()
portfolio = PortfolioFactory.create(
owner=owner, applications=[{"name": "mos eisley"}]
)
application = portfolio.applications[0]
environment = EnvironmentFactory.create(application=application)
ApplicationRoleFactory.create(
user=app_admin,
application=application,
permission_sets=PermissionSets.get_many(
[
PermissionSets.VIEW_APPLICATION,
PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
PermissionSets.EDIT_APPLICATION_TEAM,
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
]
),
)
ApplicationRoleFactory.create(user=app_member, application=application)
ApplicationRoleFactory.create(user=ccpo, application=application)
ApplicationRoleFactory.create(user=owner, application=application)
url = url_for("applications.update_env_roles", environment_id=environment.id)
post_url_assert_status(ccpo, url, 302)
post_url_assert_status(owner, url, 302)
post_url_assert_status(app_admin, url, 302)
post_url_assert_status(rando, url, 404)
# portfolios.invite_member
def test_portfolios_invite_member_access(post_url_assert_status):
ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)