Use application_role_id on environment_roles.
In the future, an `application_invitation1 will not refer to a `user` until someone accepts the invitation; they'll only reference an `application_role`. When a user is invited to an application, the inviter can specify the environments the invitee should have access to. For this to be possible, an `environment_role` should reference an `application_role`, because no `user` entity will be known at that time. In addition to updating all the models and domain methods necessary for this change, this commit deletes unused code and tests that were dependent on `environment_roles` having a `user_id` foreign key.
This commit is contained in:
dandds
@@ -98,7 +98,9 @@ class Applications(BaseDomainClass):
|
||||
role = env_role_data.get("role")
|
||||
if role:
|
||||
environment = Environments.get(env_role_data.get("environment_id"))
|
||||
Environments.add_member(environment, user, env_role_data.get("role"))
|
||||
Environments.add_member(
|
||||
environment, application_role, env_role_data.get("role")
|
||||
)
|
||||
|
||||
return application_role
|
||||
|
||||
@@ -110,8 +112,11 @@ class Applications(BaseDomainClass):
|
||||
|
||||
application_role.status = ApplicationRoleStatus.DISABLED
|
||||
application_role.deleted = True
|
||||
db.session.add(application_role)
|
||||
db.session.commit()
|
||||
|
||||
for env in application.environments:
|
||||
EnvironmentRoles.delete(user_id=user_id, environment_id=env.id)
|
||||
EnvironmentRoles.delete(
|
||||
application_role_id=application_role.id, environment_id=env.id
|
||||
)
|
||||
|
||||
db.session.add(application_role)
|
||||
db.session.commit()
|
||||
|
||||
@@ -75,7 +75,7 @@ class MockCloudProvider(CloudProviderInterface):
|
||||
def get_access_token(self, environment_role):
|
||||
# for now, just create a mock token using the user and environment
|
||||
# cloud IDs and the name of the role in the environment
|
||||
user_id = environment_role.user.cloud_id or ""
|
||||
user_id = environment_role.application_role.user.cloud_id or ""
|
||||
env_id = environment_role.environment.cloud_id or ""
|
||||
role_details = environment_role.role
|
||||
return "::".join([user_id, env_id, role_details])
|
||||
|
||||
@@ -1,24 +1,27 @@
|
||||
from flask import current_app as app
|
||||
|
||||
from atst.database import db
|
||||
from atst.models import EnvironmentRole, Application, Environment
|
||||
from atst.models import EnvironmentRole, ApplicationRole
|
||||
|
||||
|
||||
class EnvironmentRoles(object):
|
||||
@classmethod
|
||||
def create(cls, user, environment, role):
|
||||
env_role = EnvironmentRole(user=user, environment=environment, role=role)
|
||||
if not user.cloud_id:
|
||||
user.cloud_id = app.csp.cloud.create_user(user)
|
||||
def create(cls, application_role, environment, role):
|
||||
env_role = EnvironmentRole(
|
||||
application_role=application_role, environment=environment, role=role
|
||||
)
|
||||
# TODO: move cloud_id behavior to invitation acceptance
|
||||
# if not user.cloud_id:
|
||||
# user.cloud_id = app.csp.cloud.create_user(user)
|
||||
app.csp.cloud.create_role(env_role)
|
||||
return env_role
|
||||
|
||||
@classmethod
|
||||
def get(cls, user_id, environment_id):
|
||||
def get(cls, application_role_id, environment_id):
|
||||
existing_env_role = (
|
||||
db.session.query(EnvironmentRole)
|
||||
.filter(
|
||||
EnvironmentRole.user_id == user_id,
|
||||
EnvironmentRole.application_role_id == application_role_id,
|
||||
EnvironmentRole.environment_id == environment_id,
|
||||
)
|
||||
.one_or_none()
|
||||
@@ -26,8 +29,21 @@ class EnvironmentRoles(object):
|
||||
return existing_env_role
|
||||
|
||||
@classmethod
|
||||
def delete(cls, user_id, environment_id):
|
||||
existing_env_role = EnvironmentRoles.get(user_id, environment_id)
|
||||
def get_by_user_and_environment(cls, user_id, environment_id):
|
||||
existing_env_role = (
|
||||
db.session.query(EnvironmentRole)
|
||||
.join(ApplicationRole)
|
||||
.filter(
|
||||
ApplicationRole.user_id == user_id,
|
||||
EnvironmentRole.environment_id == environment_id,
|
||||
)
|
||||
.one_or_none()
|
||||
)
|
||||
return existing_env_role
|
||||
|
||||
@classmethod
|
||||
def delete(cls, application_role_id, environment_id):
|
||||
existing_env_role = EnvironmentRoles.get(application_role_id, environment_id)
|
||||
if existing_env_role:
|
||||
app.csp.cloud.delete_role(existing_env_role)
|
||||
db.session.delete(existing_env_role)
|
||||
@@ -37,14 +53,10 @@ class EnvironmentRoles(object):
|
||||
return False
|
||||
|
||||
@classmethod
|
||||
def get_for_application_and_user(cls, user_id, application_id):
|
||||
def get_for_application_member(cls, application_role_id):
|
||||
return (
|
||||
db.session.query(EnvironmentRole)
|
||||
.join(Environment)
|
||||
.join(Application, Environment.application_id == Application.id)
|
||||
.filter(EnvironmentRole.user_id == user_id)
|
||||
.filter(Application.id == application_id)
|
||||
.filter(EnvironmentRole.environment_id == Environment.id)
|
||||
.filter(EnvironmentRole.application_role_id == application_role_id)
|
||||
.filter(EnvironmentRole.deleted != True)
|
||||
.all()
|
||||
)
|
||||
|
||||
@@ -3,8 +3,6 @@ from sqlalchemy.orm.exc import NoResultFound
|
||||
|
||||
from atst.database import db
|
||||
from atst.models.environment import Environment
|
||||
from atst.models.environment_role import EnvironmentRole
|
||||
from atst.models.application import Application
|
||||
from atst.domain.environment_roles import EnvironmentRoles
|
||||
from atst.domain.application_roles import ApplicationRoles
|
||||
|
||||
@@ -31,24 +29,13 @@ class Environments(object):
|
||||
return environments
|
||||
|
||||
@classmethod
|
||||
def add_member(cls, environment, user, role):
|
||||
def add_member(cls, environment, application_role, role):
|
||||
environment_user = EnvironmentRoles.create(
|
||||
user=user, environment=environment, role=role
|
||||
application_role=application_role, environment=environment, role=role
|
||||
)
|
||||
db.session.add(environment_user)
|
||||
return environment
|
||||
|
||||
@classmethod
|
||||
def for_user(cls, user, application):
|
||||
return (
|
||||
db.session.query(Environment)
|
||||
.join(EnvironmentRole)
|
||||
.join(Application)
|
||||
.filter(EnvironmentRole.user_id == user.id)
|
||||
.filter(Environment.application_id == application.id)
|
||||
.all()
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def update(cls, environment, name=None):
|
||||
if name is not None:
|
||||
@@ -70,20 +57,22 @@ class Environments(object):
|
||||
return env
|
||||
|
||||
@classmethod
|
||||
def update_env_role(cls, environment, user, new_role):
|
||||
def update_env_role(cls, environment, application_role, new_role):
|
||||
updated = False
|
||||
|
||||
if new_role is None:
|
||||
updated = EnvironmentRoles.delete(user.id, environment.id)
|
||||
updated = EnvironmentRoles.delete(application_role.id, environment.id)
|
||||
else:
|
||||
env_role = EnvironmentRoles.get(user.id, environment.id)
|
||||
env_role = EnvironmentRoles.get(application_role.id, environment.id)
|
||||
if env_role and env_role.role != new_role:
|
||||
env_role.role = new_role
|
||||
updated = True
|
||||
db.session.add(env_role)
|
||||
elif not env_role:
|
||||
env_role = EnvironmentRoles.create(
|
||||
user=user, environment=environment, role=new_role
|
||||
application_role=application_role,
|
||||
environment=environment,
|
||||
role=new_role,
|
||||
)
|
||||
updated = True
|
||||
db.session.add(env_role)
|
||||
@@ -101,16 +90,7 @@ class Environments(object):
|
||||
new_role = member["role_name"]
|
||||
app_role = ApplicationRoles.get_by_id(member["application_role_id"])
|
||||
Environments.update_env_role(
|
||||
environment=environment, user=app_role.user, new_role=new_role
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def update_env_roles_by_member(cls, member, env_roles):
|
||||
for env_roles in env_roles:
|
||||
new_role = env_roles["role"]
|
||||
environment = Environments.get(env_roles["id"])
|
||||
Environments.update_env_role(
|
||||
environment=environment, user=member, new_role=new_role
|
||||
environment=environment, application_role=app_role, new_role=new_role
|
||||
)
|
||||
|
||||
@classmethod
|
||||
|
||||
Reference in New Issue
Block a user