diff --git a/.secrets.baseline b/.secrets.baseline index 36866487..e477008c 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2019-08-29T17:03:11Z", + "generated_at": "2019-09-10T18:56:49Z", "plugins_used": [ { "base64_limit": 4.5, @@ -194,7 +194,7 @@ "hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207", "is_secret": false, "is_verified": false, - "line_number": 544, + "line_number": 507, "type": "Hex High Entropy String" } ] diff --git a/atst/domain/environments.py b/atst/domain/environments.py index e21d4cb9..b77aaa2f 100644 --- a/atst/domain/environments.py +++ b/atst/domain/environments.py @@ -3,7 +3,6 @@ from sqlalchemy.orm.exc import NoResultFound from atst.database import db from atst.models.environment import Environment from atst.domain.environment_roles import EnvironmentRoles -from atst.domain.application_roles import ApplicationRoles from .exceptions import NotFoundError @@ -72,17 +71,6 @@ class Environments(object): return updated - @classmethod - def update_env_roles_by_environment(cls, environment_id, team_roles): - environment = Environments.get(environment_id) - - for member in team_roles: - new_role = member["role_name"] - app_role = ApplicationRoles.get_by_id(member["application_role_id"]) - Environments.update_env_role( - environment=environment, application_role=app_role, new_role=new_role - ) - @classmethod def revoke_access(cls, environment, target_user): EnvironmentRoles.delete(environment.id, target_user.id) diff --git a/atst/forms/app_settings.py b/atst/forms/app_settings.py deleted file mode 100644 index 805c1556..00000000 --- a/atst/forms/app_settings.py +++ /dev/null @@ -1,32 +0,0 @@ -from flask_wtf import FlaskForm -from wtforms.fields import FieldList, FormField, HiddenField, RadioField, StringField - -from .forms import BaseForm -from .data import ENV_ROLES, ENV_ROLE_NO_ACCESS as NO_ACCESS - - -class MemberForm(FlaskForm): - application_role_id = HiddenField() - user_name = StringField() - role_name = RadioField(choices=ENV_ROLES, default=NO_ACCESS) - - @property - def data(self): - _data = super().data - if "role_name" in _data and _data["role_name"] == NO_ACCESS: - _data["role_name"] = None - return _data - - -class RoleForm(FlaskForm): - role = HiddenField() - members = FieldList(FormField(MemberForm)) - - -class EnvironmentRolesForm(FlaskForm): - team_roles = FieldList(FormField(RoleForm)) - env_id = HiddenField() - - -class AppEnvRolesForm(BaseForm): - envs = FieldList(FormField(EnvironmentRolesForm)) diff --git a/atst/forms/team.py b/atst/forms/team.py deleted file mode 100644 index c504b464..00000000 --- a/atst/forms/team.py +++ /dev/null @@ -1,64 +0,0 @@ -from flask_wtf import FlaskForm -from wtforms.fields import FormField, FieldList, HiddenField, RadioField, StringField -from wtforms.validators import Required - -from .application_member import EnvironmentForm as BaseEnvironmentForm -from .data import ENV_ROLES -from .forms import BaseForm -from atst.forms.fields import SelectField -from atst.domain.permission_sets import PermissionSets -from atst.utils.localization import translate - - -class EnvironmentForm(BaseEnvironmentForm): - role = RadioField( - "Role", - choices=ENV_ROLES, - default=None, - filters=[lambda x: None if x == "None" else x], - ) - - -class PermissionsForm(FlaskForm): - perms_team_mgmt = SelectField( - translate("portfolios.applications.members.new.manage_team"), - choices=[ - (PermissionSets.VIEW_APPLICATION, "View"), - (PermissionSets.EDIT_APPLICATION_TEAM, "Edit"), - ], - ) - perms_env_mgmt = SelectField( - translate("portfolios.applications.members.new.manage_envs"), - choices=[ - (PermissionSets.VIEW_APPLICATION, "View"), - (PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, "Edit"), - ], - ) - perms_del_env = SelectField( - choices=[ - (PermissionSets.VIEW_APPLICATION, "No"), - (PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, "Yes"), - ] - ) - - @property - def data(self): - _data = super().data - _data.pop("csrf_token", None) - permission_sets = [] - for field in _data: - if _data[field] is not None: - permission_sets.append(_data[field]) - - return permission_sets - - -class MemberForm(FlaskForm): - role_id = HiddenField(validators=[Required()]) - user_name = StringField() - environment_roles = FieldList(FormField(EnvironmentForm)) - permission_sets = FormField(PermissionsForm) - - -class TeamForm(BaseForm): - members = FieldList(FormField(MemberForm)) diff --git a/atst/routes/applications/settings.py b/atst/routes/applications/settings.py index e586e317..29fea9b1 100644 --- a/atst/routes/applications/settings.py +++ b/atst/routes/applications/settings.py @@ -8,7 +8,6 @@ from atst.domain.application_roles import ApplicationRoles from atst.domain.audit_log import AuditLog from atst.domain.common import Paginator from atst.domain.environment_roles import EnvironmentRoles -from atst.forms.app_settings import AppEnvRolesForm from atst.forms.application import ApplicationForm, EditEnvironmentForm from atst.forms.application_member import NewForm as NewMemberForm from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS @@ -139,7 +138,6 @@ def get_new_member_form(application): def render_settings_page(application, **kwargs): environments_obj = get_environments_obj_for_app(application=application) - members_form = AppEnvRolesForm(data=data_for_app_env_roles_form(application)) new_env_form = EditEnvironmentForm() pagination_opts = Paginator.get_pagination_opts(http_request) audit_events = AuditLog.get_application_events(application, pagination_opts) @@ -155,7 +153,6 @@ def render_settings_page(application, **kwargs): "portfolios/applications/settings.html", application=application, environments_obj=environments_obj, - members_form=members_form, new_env_form=new_env_form, audit_events=audit_events, new_member_form=new_member_form, @@ -265,47 +262,6 @@ def update(application_id): return render_settings_page(application=application, application_form=form) -@applications_bp.route("/environments//roles", methods=["POST"]) -@user_can(Permissions.ASSIGN_ENVIRONMENT_MEMBER, message="update environment roles") -def update_env_roles(environment_id): - environment = Environments.get(environment_id) - application = environment.application - form = AppEnvRolesForm(formdata=http_request.form) - - if form.validate(): - env_data = [] - for env in form.envs.data: - if env["env_id"] == str(environment.id): - for role in env["team_roles"]: - env_data = env_data + role["members"] - - Environments.update_env_roles_by_environment( - environment_id=environment_id, team_roles=env_data - ) - - flash("application_environment_members_updated") - - return redirect( - url_for( - "applications.settings", - application_id=application.id, - fragment="application-environments", - _anchor="application-environments", - active_toggler=environment.id, - active_toggler_section="members", - ) - ) - else: - return ( - render_settings_page( - application=application, - active_toggler=environment.id, - active_toggler_section="edit", - ), - 400, - ) - - @applications_bp.route("/applications//delete", methods=["POST"]) @user_can(Permissions.DELETE_APPLICATION, message="delete application") def delete(application_id): diff --git a/tests/domain/test_application_roles.py b/tests/domain/test_application_roles.py index 3129d91e..753eb69e 100644 --- a/tests/domain/test_application_roles.py +++ b/tests/domain/test_application_roles.py @@ -56,23 +56,6 @@ def test_get_handles_invalid_id(): ApplicationRoles.get(user.id, application.id) -def test_update_permission_sets(): - user = UserFactory.create() - application = ApplicationFactory.create() - app_role = ApplicationRoleFactory.create(user=user, application=application) - - view_app = [PermissionSets.get(PermissionSets.VIEW_APPLICATION)] - new_perms_names = [ - PermissionSets.EDIT_APPLICATION_TEAM, - PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, - ] - new_perms = PermissionSets.get_many(new_perms_names) - # view application permission is included by default - assert app_role.permission_sets == view_app - assert ApplicationRoles.update_permission_sets(app_role, new_perms_names) - assert set(app_role.permission_sets) == set(new_perms + view_app) - - def test_get_by_id(): user = UserFactory.create() application = ApplicationFactory.create() diff --git a/tests/domain/test_environments.py b/tests/domain/test_environments.py index 4589b179..928f06df 100644 --- a/tests/domain/test_environments.py +++ b/tests/domain/test_environments.py @@ -53,51 +53,6 @@ def test_update_env_role_no_change(): ) -def test_update_env_roles_by_environment(): - environment = EnvironmentFactory.create() - app_role_1 = ApplicationRoleFactory.create(application=environment.application) - env_role_1 = EnvironmentRoleFactory.create( - application_role=app_role_1, - environment=environment, - role=CSPRole.BASIC_ACCESS.value, - ) - app_role_2 = ApplicationRoleFactory.create(application=environment.application) - env_role_2 = EnvironmentRoleFactory.create( - application_role=app_role_2, - environment=environment, - role=CSPRole.NETWORK_ADMIN.value, - ) - app_role_3 = ApplicationRoleFactory.create(application=environment.application) - env_role_3 = EnvironmentRoleFactory.create( - application_role=app_role_3, - environment=environment, - role=CSPRole.TECHNICAL_READ.value, - ) - - team_roles = [ - { - "application_role_id": app_role_1.id, - "user_name": app_role_1.user_name, - "role_name": CSPRole.BUSINESS_READ.value, - }, - { - "application_role_id": app_role_2.id, - "user_name": app_role_2.user_name, - "role_name": CSPRole.NETWORK_ADMIN.value, - }, - { - "application_role_id": app_role_3.id, - "user_name": app_role_3.user_name, - "role_name": None, - }, - ] - - Environments.update_env_roles_by_environment(environment.id, team_roles) - assert env_role_1.role == CSPRole.BUSINESS_READ.value - assert env_role_2.role == CSPRole.NETWORK_ADMIN.value - assert not EnvironmentRoles.get(app_role_3.id, environment.id) - - def test_get_excludes_deleted(): env = EnvironmentFactory.create( deleted=True, application=ApplicationFactory.create() diff --git a/tests/forms/test_team.py b/tests/forms/test_team.py deleted file mode 100644 index 39dce8fa..00000000 --- a/tests/forms/test_team.py +++ /dev/null @@ -1,30 +0,0 @@ -from wtforms.validators import ValidationError - -from atst.domain.permission_sets import PermissionSets -from atst.forms.team import * - - -def test_permissions_form_permission_sets(): - form_data = { - "perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, - "perms_env_mgmt": PermissionSets.VIEW_APPLICATION, - "perms_del_env": PermissionSets.VIEW_APPLICATION, - } - form = PermissionsForm(data=form_data) - - assert form.validate() - assert form.data == [ - PermissionSets.EDIT_APPLICATION_TEAM, - PermissionSets.VIEW_APPLICATION, - PermissionSets.VIEW_APPLICATION, - ] - - -def test_permissions_form_invalid(): - form_data = { - "perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM, - "perms_env_mgmt": "not a real choice", - "perms_del_env": PermissionSets.VIEW_APPLICATION, - } - form = PermissionsForm(data=form_data) - assert not form.validate() diff --git a/tests/routes/applications/test_settings.py b/tests/routes/applications/test_settings.py index 9222167d..8dcdcd30 100644 --- a/tests/routes/applications/test_settings.py +++ b/tests/routes/applications/test_settings.py @@ -15,7 +15,6 @@ from atst.domain.exceptions import NotFoundError from atst.models.environment_role import CSPRole from atst.models.portfolio_role import Status as PortfolioRoleStatus from atst.forms.application import EditEnvironmentForm -from atst.forms.app_settings import AppEnvRolesForm from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS from tests.utils import captured_templates @@ -112,7 +111,6 @@ def test_edit_application_environments_obj(app, client, user_session): assert response.status_code == 200 _, context = templates[-1] - assert isinstance(context["members_form"], AppEnvRolesForm) env_obj = context["environments_obj"][0] assert env_obj["name"] == env.name assert env_obj["id"] == env.id @@ -153,50 +151,6 @@ def test_data_for_app_env_roles_form(app, client, user_session): assert response.status_code == 200 _, context = templates[-1] - members_form = context["members_form"] - assert isinstance(members_form, AppEnvRolesForm) - assert members_form.data == { - "envs": [ - { - "env_id": env.id, - "team_roles": [ - { - "role": NO_ACCESS, - "members": [ - { - "application_role_id": str(app_role0.id), - "user_name": app_role0.user_name, - "role_name": None, - } - ], - }, - { - "role": CSPRole.BASIC_ACCESS.value, - "members": [ - { - "application_role_id": str(app_role1.id), - "user_name": app_role1.user_name, - "role_name": CSPRole.BASIC_ACCESS.value, - } - ], - }, - { - "role": CSPRole.NETWORK_ADMIN.value, - "members": [ - { - "application_role_id": str(app_role2.id), - "user_name": app_role2.user_name, - "role_name": CSPRole.NETWORK_ADMIN.value, - } - ], - }, - {"role": CSPRole.BUSINESS_READ.value, "members": []}, - {"role": CSPRole.TECHNICAL_READ.value, "members": []}, - ], - } - ] - } - def test_user_with_permission_can_update_application(client, user_session): owner = UserFactory.create() @@ -253,55 +207,6 @@ def test_user_without_permission_cannot_update_application(client, user_session) assert application.description == "Cool stuff happening here!" -def test_update_team_env_roles(client, user_session): - environment = EnvironmentFactory.create() - application = environment.application - app_role_1 = ApplicationRoleFactory.create(application=application) - env_role_1 = EnvironmentRoleFactory.create( - environment=environment, - role=CSPRole.BASIC_ACCESS.value, - application_role=app_role_1, - ) - app_role_2 = ApplicationRoleFactory.create(application=application) - env_role_2 = EnvironmentRoleFactory.create( - environment=environment, - role=CSPRole.BASIC_ACCESS.value, - application_role=app_role_2, - ) - app_role_3 = ApplicationRoleFactory.create(application=application) - env_role_3 = EnvironmentRoleFactory.create( - environment=environment, - role=CSPRole.BASIC_ACCESS.value, - application_role=app_role_3, - ) - - app_role_4 = ApplicationRoleFactory.create(application=application) - form_data = { - "envs-0-env_id": environment.id, - "envs-0-team_roles-0-members-0-application_role_id": app_role_4.id, - "envs-0-team_roles-0-members-0-role_name": CSPRole.TECHNICAL_READ.value, - "envs-0-team_roles-1-members-0-application_role_id": app_role_1.id, - "envs-0-team_roles-1-members-0-role_name": CSPRole.NETWORK_ADMIN.value, - "envs-0-team_roles-1-members-1-application_role_id": app_role_2.id, - "envs-0-team_roles-1-members-1-role_name": CSPRole.BASIC_ACCESS.value, - "envs-0-team_roles-1-members-2-application_role_id": app_role_3.id, - "envs-0-team_roles-1-members-2-role_name": NO_ACCESS, - } - - user_session(application.portfolio.owner) - response = client.post( - url_for("applications.update_env_roles", environment_id=environment.id), - data=form_data, - follow_redirects=True, - ) - - assert response.status_code == 200 - assert env_role_1.role == CSPRole.NETWORK_ADMIN.value - assert env_role_2.role == CSPRole.BASIC_ACCESS.value - assert not EnvironmentRoles.get(app_role_3.id, environment.id) - assert EnvironmentRoles.get(app_role_4.id, environment.id) - - def test_user_can_only_access_apps_in_their_portfolio(client, user_session): portfolio = PortfolioFactory.create() other_portfolio = PortfolioFactory.create( diff --git a/tests/test_access.py b/tests/test_access.py index 8a43b97a..e7e16040 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -235,43 +235,6 @@ def test_applications_create_access(post_url_assert_status): post_url_assert_status(rando, url, 404) -# applications.update_env_roles -def test_applications_update_team_env_roles(post_url_assert_status): - ccpo = UserFactory.create_ccpo() - owner = user_with() - app_admin = user_with() - rando = user_with() - app_member = UserFactory.create() - - portfolio = PortfolioFactory.create( - owner=owner, applications=[{"name": "mos eisley"}] - ) - application = portfolio.applications[0] - environment = EnvironmentFactory.create(application=application) - - ApplicationRoleFactory.create( - user=app_admin, - application=application, - permission_sets=PermissionSets.get_many( - [ - PermissionSets.VIEW_APPLICATION, - PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, - PermissionSets.EDIT_APPLICATION_TEAM, - PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, - ] - ), - ) - ApplicationRoleFactory.create(user=app_member, application=application) - ApplicationRoleFactory.create(user=ccpo, application=application) - ApplicationRoleFactory.create(user=owner, application=application) - - url = url_for("applications.update_env_roles", environment_id=environment.id) - post_url_assert_status(ccpo, url, 302) - post_url_assert_status(owner, url, 302) - post_url_assert_status(app_admin, url, 302) - post_url_assert_status(rando, url, 404) - - # portfolios.invite_member def test_portfolios_invite_member_access(post_url_assert_status): ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)