From e07640db5737c5d8944e9927ea5e330111302057 Mon Sep 17 00:00:00 2001 From: dandds Date: Thu, 21 Mar 2019 18:53:07 -0400 Subject: [PATCH] add messages to all route access decorators --- atst/routes/portfolios/applications.py | 12 ++++----- atst/routes/portfolios/index.py | 8 +++--- atst/routes/portfolios/invitations.py | 4 +-- atst/routes/portfolios/members.py | 16 ++++++------ atst/routes/portfolios/task_orders.py | 34 +++++++++++++++++++------- atst/routes/task_orders/index.py | 9 ++++--- atst/routes/task_orders/invite.py | 2 +- atst/routes/task_orders/new.py | 12 +++++++-- atst/routes/task_orders/signing.py | 10 ++++++-- 9 files changed, 71 insertions(+), 36 deletions(-) diff --git a/atst/routes/portfolios/applications.py b/atst/routes/portfolios/applications.py index adee204c..f0de8fec 100644 --- a/atst/routes/portfolios/applications.py +++ b/atst/routes/portfolios/applications.py @@ -18,14 +18,14 @@ from atst.models.permissions import Permissions @portfolios_bp.route("/portfolios//applications") -@user_can(Permissions.VIEW_APPLICATION) +@user_can(Permissions.VIEW_APPLICATION, message="view portfolio applications") def portfolio_applications(portfolio_id): portfolio = Portfolios.get(g.current_user, portfolio_id) return render_template("portfolios/applications/index.html", portfolio=portfolio) @portfolios_bp.route("/portfolios//applications/new") -@user_can(Permissions.CREATE_APPLICATION) +@user_can(Permissions.CREATE_APPLICATION, message="view create new application form") def new_application(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) form = NewApplicationForm() @@ -35,7 +35,7 @@ def new_application(portfolio_id): @portfolios_bp.route("/portfolios//applications/new", methods=["POST"]) -@user_can(Permissions.CREATE_APPLICATION) +@user_can(Permissions.CREATE_APPLICATION, message="create new application") def create_application(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) form = NewApplicationForm(http_request.form) @@ -58,7 +58,7 @@ def create_application(portfolio_id): @portfolios_bp.route("/portfolios//applications//edit") -@user_can(Permissions.EDIT_APPLICATION) +@user_can(Permissions.EDIT_APPLICATION, message="view application edit form") def edit_application(portfolio_id, application_id): portfolio = Portfolios.get_for_update(portfolio_id) application = Applications.get(application_id) @@ -75,7 +75,7 @@ def edit_application(portfolio_id, application_id): @portfolios_bp.route( "/portfolios//applications//edit", methods=["POST"] ) -@user_can(Permissions.EDIT_APPLICATION) +@user_can(Permissions.EDIT_APPLICATION, message="update application") def update_application(portfolio_id, application_id): portfolio = Portfolios.get_for_update(portfolio_id) application = Applications.get(application_id) @@ -107,7 +107,7 @@ def wrap_environment_role_lookup( @portfolios_bp.route("/portfolios//environments//access") -@user_can(None, exceptions=[wrap_environment_role_lookup]) +@user_can(None, exceptions=[wrap_environment_role_lookup], message="access environment") def access_environment(portfolio_id, environment_id): env_role = EnvironmentRoles.get(g.current_user.id, environment_id) token = app.csp.cloud.get_access_token(env_role) diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py index da43015c..6aadb012 100644 --- a/atst/routes/portfolios/index.py +++ b/atst/routes/portfolios/index.py @@ -52,7 +52,7 @@ def render_admin_page(portfolio, form): @portfolios_bp.route("/portfolios//admin") -@user_can(Permissions.VIEW_PORTFOLIO_ADMIN) +@user_can(Permissions.VIEW_PORTFOLIO_ADMIN, message="view portfolio admin page") def portfolio_admin(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) form = PortfolioForm(data={"name": portfolio.name}) @@ -60,7 +60,7 @@ def portfolio_admin(portfolio_id): @portfolios_bp.route("/portfolios//edit", methods=["POST"]) -@user_can(Permissions.EDIT_PORTFOLIO_NAME) +@user_can(Permissions.EDIT_PORTFOLIO_NAME, message="edit portfolio") def edit_portfolio(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) form = PortfolioForm(http_request.form) @@ -75,7 +75,7 @@ def edit_portfolio(portfolio_id): @portfolios_bp.route("/portfolios/") -@user_can(Permissions.VIEW_PORTFOLIO) +@user_can(Permissions.VIEW_PORTFOLIO, message="view portfolio") def show_portfolio(portfolio_id): return redirect( url_for("portfolios.portfolio_applications", portfolio_id=portfolio_id) @@ -83,7 +83,7 @@ def show_portfolio(portfolio_id): @portfolios_bp.route("/portfolios//reports") -@user_can(Permissions.VIEW_PORTFOLIO_REPORTS) +@user_can(Permissions.VIEW_PORTFOLIO_REPORTS, message="view portfolio reports") def portfolio_reports(portfolio_id): portfolio = Portfolios.get(g.current_user, portfolio_id) today = date.today() diff --git a/atst/routes/portfolios/invitations.py b/atst/routes/portfolios/invitations.py index 95bc3007..4774bd24 100644 --- a/atst/routes/portfolios/invitations.py +++ b/atst/routes/portfolios/invitations.py @@ -45,7 +45,7 @@ def accept_invitation(token): @portfolios_bp.route( "/portfolios//invitations//revoke", methods=["POST"] ) -@user_can(Permissions.EDIT_PORTFOLIO_USERS) +@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="revoke invitation") def revoke_invitation(portfolio_id, token): portfolio = Portfolios.get_for_update(portfolio_id) Invitations.revoke(token) @@ -56,7 +56,7 @@ def revoke_invitation(portfolio_id, token): @portfolios_bp.route( "/portfolios//invitations//resend", methods=["POST"] ) -@user_can(Permissions.EDIT_PORTFOLIO_USERS) +@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="resend invitation") def resend_invitation(portfolio_id, token): invite = Invitations.resend(g.current_user, token) send_invite_email(g.current_user.full_name, invite.token, invite.email) diff --git a/atst/routes/portfolios/members.py b/atst/routes/portfolios/members.py index 234ca550..46aaf8fb 100644 --- a/atst/routes/portfolios/members.py +++ b/atst/routes/portfolios/members.py @@ -34,7 +34,7 @@ def serialize_portfolio_role(portfolio_role): @portfolios_bp.route("/portfolios//members") -@user_can(Permissions.VIEW_PORTFOLIO_USERS) +@user_can(Permissions.VIEW_PORTFOLIO_USERS, message="view portfolio members") def portfolio_members(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) members_list = [serialize_portfolio_role(k) for k in portfolio.members] @@ -48,7 +48,7 @@ def portfolio_members(portfolio_id): @portfolios_bp.route("/portfolios//applications//members") -@user_can(Permissions.VIEW_APPLICATION_MEMBER) +@user_can(Permissions.VIEW_APPLICATION_MEMBER, message="view application members") def application_members(portfolio_id, application_id): portfolio = Portfolios.get_for_update(portfolio_id) application = Applications.get(application_id) @@ -64,7 +64,9 @@ def application_members(portfolio_id, application_id): @portfolios_bp.route("/portfolios//members/new") -@user_can(Permissions.CREATE_PORTFOLIO_USERS) +@user_can( + Permissions.CREATE_PORTFOLIO_USERS, message="view create new portfolio member form" +) def new_member(portfolio_id): portfolio = Portfolios.get(g.current_user, portfolio_id) form = member_forms.NewForm() @@ -74,7 +76,7 @@ def new_member(portfolio_id): @portfolios_bp.route("/portfolios//members/new", methods=["POST"]) -@user_can(Permissions.CREATE_PORTFOLIO_USERS) +@user_can(Permissions.CREATE_PORTFOLIO_USERS, message="create new portfolio member") def create_member(portfolio_id): portfolio = Portfolios.get(g.current_user, portfolio_id) form = member_forms.NewForm(http_request.form) @@ -103,7 +105,7 @@ def create_member(portfolio_id): @portfolios_bp.route("/portfolios//members//member_edit") -@user_can(Permissions.VIEW_PORTFOLIO_USERS) +@user_can(Permissions.VIEW_PORTFOLIO_USERS, message="view portfolio member") def view_member(portfolio_id, member_id): portfolio = Portfolios.get(g.current_user, portfolio_id) member = PortfolioRoles.get(portfolio_id, member_id) @@ -134,7 +136,7 @@ def view_member(portfolio_id, member_id): @portfolios_bp.route( "/portfolios//members//member_edit", methods=["POST"] ) -@user_can(Permissions.EDIT_PORTFOLIO_USERS) +@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio member") def update_member(portfolio_id, member_id): portfolio = Portfolios.get(g.current_user, portfolio_id) member = PortfolioRoles.get(portfolio_id, member_id) @@ -169,7 +171,7 @@ def update_member(portfolio_id, member_id): @portfolios_bp.route( "/portfolios//members//revoke_access", methods=["POST"] ) -@user_can(Permissions.EDIT_PORTFOLIO_USERS) +@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="revoke portfolio access") def revoke_access(portfolio_id, member_id): revoked_role = Portfolios.revoke_access(portfolio_id, member_id) flash("revoked_portfolio_access", member_name=revoked_role.user.full_name) diff --git a/atst/routes/portfolios/task_orders.py b/atst/routes/portfolios/task_orders.py index 7f1c749c..67ef9519 100644 --- a/atst/routes/portfolios/task_orders.py +++ b/atst/routes/portfolios/task_orders.py @@ -25,7 +25,7 @@ from atst.models.permissions import Permissions @portfolios_bp.route("/portfolios//task_orders") -@user_can(Permissions.VIEW_PORTFOLIO_FUNDING) +@user_can(Permissions.VIEW_PORTFOLIO_FUNDING, message="view portfolio funding") def portfolio_funding(portfolio_id): portfolio = Portfolios.get(g.current_user, portfolio_id) task_orders_by_status = defaultdict(list) @@ -69,7 +69,7 @@ def portfolio_funding(portfolio_id): @portfolios_bp.route("/portfolios//task_order/") -@user_can(Permissions.VIEW_TASK_ORDER_DETAILS) +@user_can(Permissions.VIEW_TASK_ORDER_DETAILS, message="view task order details") def view_task_order(portfolio_id, task_order_id): portfolio = Portfolios.get(g.current_user, portfolio_id) task_order = TaskOrders.get(task_order_id) @@ -97,7 +97,11 @@ def wrap_check_is_ko_or_cor(user, _perm, task_order_id=None, **_kwargs): @portfolios_bp.route("/portfolios//task_order//review") -@user_can(None, exceptions=[wrap_check_is_ko_or_cor]) +@user_can( + None, + exceptions=[wrap_check_is_ko_or_cor], + message="view contracting officer review form", +) def ko_review(portfolio_id, task_order_id): task_order = TaskOrders.get(task_order_id) portfolio = Portfolios.get(g.current_user, portfolio_id) @@ -117,7 +121,9 @@ def ko_review(portfolio_id, task_order_id): "/portfolios//task_order//resend_invite", methods=["POST"], ) -@user_can(Permissions.EDIT_TASK_ORDER_DETAILS) +@user_can( + Permissions.EDIT_TASK_ORDER_DETAILS, message="resend task order officer invites" +) def resend_invite(portfolio_id, task_order_id): invite_type = http_request.args.get("invite_type") @@ -175,7 +181,11 @@ def resend_invite(portfolio_id, task_order_id): @portfolios_bp.route( "/portfolios//task_order//review", methods=["POST"] ) -@user_can(None, exceptions=[wrap_check_is_ko_or_cor]) +@user_can( + None, + exceptions=[wrap_check_is_ko_or_cor], + message="submit contracting officer review", +) def submit_ko_review(portfolio_id, task_order_id, form=None): task_order = TaskOrders.get(task_order_id) form_data = {**http_request.form, **http_request.files} @@ -209,7 +219,9 @@ def submit_ko_review(portfolio_id, task_order_id, form=None): @portfolios_bp.route( "/portfolios//task_order//invitations" ) -@user_can(Permissions.EDIT_TASK_ORDER_DETAILS) +@user_can( + Permissions.EDIT_TASK_ORDER_DETAILS, message="view task order invitations page" +) def task_order_invitations(portfolio_id, task_order_id): portfolio = Portfolios.get(g.current_user, portfolio_id) task_order = TaskOrders.get(task_order_id) @@ -230,7 +242,7 @@ def task_order_invitations(portfolio_id, task_order_id): "/portfolios//task_order//invitations", methods=["POST"], ) -@user_can(Permissions.EDIT_TASK_ORDER_DETAILS) +@user_can(Permissions.EDIT_TASK_ORDER_DETAILS, message="edit task order invitations") def edit_task_order_invitations(portfolio_id, task_order_id): portfolio = Portfolios.get(g.current_user, portfolio_id) task_order = TaskOrders.get(task_order_id) @@ -286,7 +298,9 @@ def wrap_check_is_so(user, _perm, task_order_id=None, **_kwargs): @portfolios_bp.route("/portfolios//task_order//dd254") -@user_can(None, exceptions=[wrap_check_is_so]) +@user_can( + None, exceptions=[wrap_check_is_so], message="view security officer review form" +) def so_review(portfolio_id, task_order_id): task_order = TaskOrders.get(task_order_id) form = so_review_form(task_order) @@ -302,7 +316,9 @@ def so_review(portfolio_id, task_order_id): @portfolios_bp.route( "/portfolios//task_order//dd254", methods=["POST"] ) -@user_can(None, exceptions=[wrap_check_is_so]) +@user_can( + None, exceptions=[wrap_check_is_so], message="submit security officer review form" +) def submit_so_review(portfolio_id, task_order_id): task_order = TaskOrders.get(task_order_id) form = DD254Form(http_request.form) diff --git a/atst/routes/task_orders/index.py b/atst/routes/task_orders/index.py index 7eb2ea23..1f775cc8 100644 --- a/atst/routes/task_orders/index.py +++ b/atst/routes/task_orders/index.py @@ -10,7 +10,7 @@ from atst.models.permissions import Permissions @task_orders_bp.route("/task_orders/download_summary/") -@user_can(Permissions.VIEW_TASK_ORDER_DETAILS) +@user_can(Permissions.VIEW_TASK_ORDER_DETAILS, message="download task order summary") def download_summary(task_order_id): task_order = TaskOrders.get(task_order_id) byte_str = BytesIO() @@ -34,7 +34,10 @@ def send_file(attachment): @task_orders_bp.route("/task_orders/csp_estimate/") -@user_can(Permissions.VIEW_TASK_ORDER_DETAILS) +@user_can( + Permissions.VIEW_TASK_ORDER_DETAILS, + message="download task order cloud service provider estimate", +) def download_csp_estimate(task_order_id): task_order = TaskOrders.get(task_order_id) if task_order.csp_estimate: @@ -44,7 +47,7 @@ def download_csp_estimate(task_order_id): @task_orders_bp.route("/task_orders/pdf/") -@user_can(Permissions.VIEW_TASK_ORDER_DETAILS) +@user_can(Permissions.VIEW_TASK_ORDER_DETAILS, message="download task order PDF") def download_task_order_pdf(task_order_id): task_order = TaskOrders.get(task_order_id) if task_order.pdf: diff --git a/atst/routes/task_orders/invite.py b/atst/routes/task_orders/invite.py index ffc872c7..4021adda 100644 --- a/atst/routes/task_orders/invite.py +++ b/atst/routes/task_orders/invite.py @@ -9,7 +9,7 @@ from atst.models.permissions import Permissions @task_orders_bp.route("/task_orders/invite/", methods=["POST"]) -@user_can(Permissions.EDIT_TASK_ORDER_DETAILS) +@user_can(Permissions.EDIT_TASK_ORDER_DETAILS, message="invite task order officers") def invite(task_order_id): task_order = TaskOrders.get(task_order_id) if TaskOrders.all_sections_complete(task_order): diff --git a/atst/routes/task_orders/new.py b/atst/routes/task_orders/new.py index b698fb6d..22624827 100644 --- a/atst/routes/task_orders/new.py +++ b/atst/routes/task_orders/new.py @@ -263,7 +263,11 @@ def is_new_task_order(*_args, **kwargs): @task_orders_bp.route("/task_orders/new/") @task_orders_bp.route("/task_orders/new//") @task_orders_bp.route("/portfolios//task_orders/new/") -@user_can(Permissions.CREATE_TASK_ORDER, exceptions=[is_new_task_order]) +@user_can( + Permissions.CREATE_TASK_ORDER, + exceptions=[is_new_task_order], + message="view new task order form", +) def new(screen, task_order_id=None, portfolio_id=None): workflow = ShowTaskOrderWorkflow( g.current_user, screen, task_order_id, portfolio_id @@ -310,7 +314,11 @@ def new(screen, task_order_id=None, portfolio_id=None): @task_orders_bp.route( "/portfolios//task_orders/new/", methods=["POST"] ) -@user_can(Permissions.CREATE_TASK_ORDER, exceptions=[is_new_task_order]) +@user_can( + Permissions.CREATE_TASK_ORDER, + exceptions=[is_new_task_order], + message="update task order", +) def update(screen, task_order_id=None, portfolio_id=None): form_data = {**http_request.form, **http_request.files} workflow = UpdateTaskOrderWorkflow( diff --git a/atst/routes/task_orders/signing.py b/atst/routes/task_orders/signing.py index c12f32fd..3b4f4bc5 100644 --- a/atst/routes/task_orders/signing.py +++ b/atst/routes/task_orders/signing.py @@ -28,7 +28,11 @@ def wrap_check_is_ko(user, _perm, task_order_id=None, **_kwargs): @task_orders_bp.route("/task_orders//digital_signature", methods=["GET"]) -@user_can(None, exceptions=[wrap_check_is_ko]) +@user_can( + None, + exceptions=[wrap_check_is_ko], + message="view contracting officer signature page", +) def signature_requested(task_order_id): task_order = find_unsigned_ko_to(task_order_id) @@ -43,7 +47,9 @@ def signature_requested(task_order_id): @task_orders_bp.route( "/task_orders//digital_signature", methods=["POST"] ) -@user_can(None, exceptions=[wrap_check_is_ko]) +@user_can( + None, exceptions=[wrap_check_is_ko], message="submit contracting officer signature" +) def record_signature(task_order_id): task_order = find_unsigned_ko_to(task_order_id)