Use application_role_id on environment_roles.

In the future, an `application_invitation1 will not refer to a `user` until
someone accepts the invitation; they'll only reference an
`application_role`. When a user is invited to an application, the
inviter can specify the environments the invitee should have access to.
For this to be possible, an `environment_role` should reference an
`application_role`, because no `user` entity will be known at that time.

In addition to updating all the models and domain methods necessary for
this change, this commit deletes unused code and tests that were
dependent on `environment_roles` having a `user_id` foreign key.

tests/routes/applications/test_init.py

@@ -1,33 +1,16 @@
 from flask import url_for, get_flashed_messages
 
-from tests.factories import (
-    UserFactory,
-    PortfolioFactory,
-    PortfolioRoleFactory,
-    EnvironmentRoleFactory,
-    EnvironmentFactory,
-    ApplicationFactory,
-)
-
-from atst.domain.applications import Applications
-from atst.domain.portfolios import Portfolios
-from atst.models.portfolio_role import Status as PortfolioRoleStatus
-
-from tests.utils import captured_templates
-
-
-def create_environment(user):
-    portfolio = PortfolioFactory.create()
-    portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio, user=user)
-    application = ApplicationFactory.create(portfolio=portfolio)
-    return EnvironmentFactory.create(application=application, name="new environment!")
+from tests.factories import *
 
 
 def test_environment_access_with_env_role(client, user_session):
     user = UserFactory.create()
-    environment = create_environment(user)
-    env_role = EnvironmentRoleFactory.create(
-        user=user, environment=environment, role="developer"
+    environment = EnvironmentFactory.create()
+    app_role = ApplicationRoleFactory.create(
+        user=user, application=environment.application
+    )
+    EnvironmentRoleFactory.create(
+        application_role=app_role, environment=environment, role="developer"
     )
     user_session(user)
     response = client.get(
@@ -39,7 +22,7 @@ def test_environment_access_with_env_role(client, user_session):
 
 def test_environment_access_with_no_role(client, user_session):
     user = UserFactory.create()
-    environment = create_environment(user)
+    environment = EnvironmentFactory.create()
     user_session(user)
     response = client.get(
         url_for("applications.access_environment", environment_id=environment.id)

tests/routes/applications/test_settings.py

@@ -98,15 +98,14 @@ def test_edit_application_environments_obj(app, client, user_session):
         {"env"},
     )
     env = application.environments[0]
-    app_role = ApplicationRoleFactory.create(application=application)
+    app_role1 = ApplicationRoleFactory.create(application=application)
     env_role1 = EnvironmentRoleFactory.create(
-        environment=env, role=CSPRole.BASIC_ACCESS.value
+        application_role=app_role1, environment=env, role=CSPRole.BASIC_ACCESS.value
     )
-    ApplicationRoleFactory.create(application=application, user=env_role1.user)
+    app_role2 = ApplicationRoleFactory.create(application=application)
     env_role2 = EnvironmentRoleFactory.create(
-        environment=env, role=CSPRole.NETWORK_ADMIN.value
+        application_role=app_role2, environment=env, role=CSPRole.NETWORK_ADMIN.value
     )
-    ApplicationRoleFactory.create(application=application, user=env_role2.user)
 
     user_session(portfolio.owner)
 
@@ -125,7 +124,7 @@ def test_edit_application_environments_obj(app, client, user_session):
         assert isinstance(env_obj["edit_form"], EditEnvironmentForm)
         assert (
             env_obj["members"].sort()
-            == [env_role1.user.full_name, env_role2.user.full_name].sort()
+            == [app_role1.user_name, app_role2.user_name].sort()
         )
         assert isinstance(context["audit_events"], Paginator)
 
@@ -140,17 +139,13 @@ def test_data_for_app_env_roles_form(app, client, user_session):
     )
     env = application.environments[0]
     app_role0 = ApplicationRoleFactory.create(application=application)
+    app_role1 = ApplicationRoleFactory.create(application=application)
     env_role1 = EnvironmentRoleFactory.create(
-        environment=env, role=CSPRole.BASIC_ACCESS.value
-    )
-    app_role1 = ApplicationRoleFactory.create(
-        application=application, user=env_role1.user
+        application_role=app_role1, environment=env, role=CSPRole.BASIC_ACCESS.value
     )
+    app_role2 = ApplicationRoleFactory.create(application=application)
     env_role2 = EnvironmentRoleFactory.create(
-        environment=env, role=CSPRole.NETWORK_ADMIN.value
-    )
-    app_role2 = ApplicationRoleFactory.create(
-        application=application, user=env_role2.user
+        application_role=app_role2, environment=env, role=CSPRole.NETWORK_ADMIN.value
     )
 
     user_session(portfolio.owner)
@@ -175,7 +170,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
                             "members": [
                                 {
                                     "application_role_id": str(app_role0.id),
-                                    "user_name": app_role0.user.full_name,
+                                    "user_name": app_role0.user_name,
                                     "role_name": None,
                                 }
                             ],
@@ -185,7 +180,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
                             "members": [
                                 {
                                     "application_role_id": str(app_role1.id),
-                                    "user_name": env_role1.user.full_name,
+                                    "user_name": app_role1.user_name,
                                     "role_name": CSPRole.BASIC_ACCESS.value,
                                 }
                             ],
@@ -195,7 +190,7 @@ def test_data_for_app_env_roles_form(app, client, user_session):
                             "members": [
                                 {
                                     "application_role_id": str(app_role2.id),
-                                    "user_name": env_role2.user.full_name,
+                                    "user_name": app_role2.user_name,
                                     "role_name": CSPRole.NETWORK_ADMIN.value,
                                 }
                             ],
@@ -268,15 +263,21 @@ def test_update_team_env_roles(client, user_session):
     application = environment.application
     app_role_1 = ApplicationRoleFactory.create(application=application)
     env_role_1 = EnvironmentRoleFactory.create(
-        environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_1.user
+        environment=environment,
+        role=CSPRole.BASIC_ACCESS.value,
+        application_role=app_role_1,
     )
     app_role_2 = ApplicationRoleFactory.create(application=application)
     env_role_2 = EnvironmentRoleFactory.create(
-        environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_2.user
+        environment=environment,
+        role=CSPRole.BASIC_ACCESS.value,
+        application_role=app_role_2,
     )
     app_role_3 = ApplicationRoleFactory.create(application=application)
     env_role_3 = EnvironmentRoleFactory.create(
-        environment=environment, role=CSPRole.BASIC_ACCESS.value, user=app_role_3.user
+        environment=environment,
+        role=CSPRole.BASIC_ACCESS.value,
+        application_role=app_role_3,
     )
 
     app_role_4 = ApplicationRoleFactory.create(application=application)
@@ -302,8 +303,8 @@ def test_update_team_env_roles(client, user_session):
     assert response.status_code == 200
     assert env_role_1.role == CSPRole.NETWORK_ADMIN.value
     assert env_role_2.role == CSPRole.BASIC_ACCESS.value
-    assert not EnvironmentRoles.get(env_role_3.user.id, environment.id)
-    assert EnvironmentRoles.get(app_role_4.user.id, environment.id)
+    assert not EnvironmentRoles.get(app_role_3.id, environment.id)
+    assert EnvironmentRoles.get(app_role_4.id, environment.id)
 
 
 def test_user_can_only_access_apps_in_their_portfolio(client, user_session):

tests/routes/applications/test_team.py

@@ -94,7 +94,9 @@ def test_update_team_environment_roles(client, user_session):
     )
     environment = EnvironmentFactory.create(application=application)
     env_role = EnvironmentRoleFactory.create(
-        user=app_role.user, environment=environment, role=CSPRole.NETWORK_ADMIN.value
+        application_role=app_role,
+        environment=environment,
+        role=CSPRole.NETWORK_ADMIN.value,
     )
     user_session(owner)
     response = client.post(
@@ -121,7 +123,9 @@ def test_update_team_revoke_environment_access(client, user_session, db, session
     )
     environment = EnvironmentFactory.create(application=application)
     env_role = EnvironmentRoleFactory.create(
-        user=app_role.user, environment=environment, role=CSPRole.BASIC_ACCESS.value
+        application_role=app_role,
+        environment=environment,
+        role=CSPRole.BASIC_ACCESS.value,
     )
     user_session(owner)
     response = client.post(
@@ -177,8 +181,11 @@ def test_create_member(client, user_session):
     assert response.location == expected_url
     assert len(user.application_roles) == 1
     assert user.application_roles[0].application == application
-    assert len(user.environment_roles) == 1
-    assert user.environment_roles[0].environment == env
+    environment_roles = [
+        er for ar in user.application_roles for er in ar.environment_roles
+    ]
+    assert len(environment_roles) == 1
+    assert environment_roles[0].environment == env
 
 
 def test_remove_member_success(client, user_session):