Remove unused route to update team roles
This commit is contained in:
leigh-mil
parent
a4df658857
commit
e391c3269d
@ -12,7 +12,6 @@ from atst.forms.app_settings import AppEnvRolesForm
|
||||
from atst.forms.application import ApplicationForm, EditEnvironmentForm
|
||||
from atst.forms.application_member import NewForm as NewMemberForm
|
||||
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
||||
from atst.forms.team import TeamForm
|
||||
from atst.domain.authz.decorator import user_can_access_decorator as user_can
|
||||
from atst.models.environment_role import CSPRole
|
||||
from atst.models.permissions import Permissions
|
||||
@ -340,44 +339,6 @@ def delete_environment(environment_id):
|
||||
)
|
||||
|
||||
|
||||
@applications_bp.route("/application/<application_id>/team", methods=["POST"])
|
||||
@user_can(Permissions.EDIT_APPLICATION_MEMBER, message="update application member")
|
||||
def update_team(application_id):
|
||||
application = Applications.get(application_id)
|
||||
form = TeamForm(http_request.form)
|
||||
|
||||
if form.validate():
|
||||
for member_form in form.members:
|
||||
app_role = ApplicationRoles.get_by_id(member_form.role_id.data)
|
||||
new_perms = [
|
||||
perm
|
||||
for perm in member_form.data["permission_sets"]
|
||||
if perm != PermissionSets.VIEW_APPLICATION
|
||||
]
|
||||
ApplicationRoles.update_permission_sets(app_role, new_perms)
|
||||
|
||||
for environment_role_form in member_form.environment_roles:
|
||||
environment = Environments.get(
|
||||
environment_role_form.environment_id.data
|
||||
)
|
||||
Environments.update_env_role(
|
||||
environment, app_role, environment_role_form.data.get("role")
|
||||
)
|
||||
|
||||
flash("updated_application_team_settings", application_name=application.name)
|
||||
|
||||
return redirect(
|
||||
url_for(
|
||||
"applications.settings",
|
||||
application_id=application_id,
|
||||
fragment="application-members",
|
||||
_anchor="application-members",
|
||||
)
|
||||
)
|
||||
else:
|
||||
return (render_settings_page(application), 400)
|
||||
|
||||
|
||||
@applications_bp.route("/application/<application_id>/members/new", methods=["POST"])
|
||||
@user_can(
|
||||
Permissions.CREATE_APPLICATION_MEMBER, message="create new application member"
|
||||
|
||||
@ -428,136 +428,6 @@ def test_delete_environment(client, user_session):
|
||||
assert len(application.environments) == 0
|
||||
|
||||
|
||||
def test_update_team_permissions(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
actual_perms_names = [perm.name for perm in app_role.permission_sets]
|
||||
expected_perms_names = [
|
||||
PermissionSets.VIEW_APPLICATION,
|
||||
PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
]
|
||||
assert expected_perms_names == actual_perms_names
|
||||
|
||||
|
||||
def test_update_team_with_bad_permission_sets(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
permission_sets = app_role.permission_sets
|
||||
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": "some random string",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 400
|
||||
assert app_role.permission_sets == permission_sets
|
||||
|
||||
|
||||
def test_update_team_with_non_app_user(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": str(uuid.uuid4()),
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_update_team_environment_roles(client, user_session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, permission_sets=[]
|
||||
)
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
env_role = EnvironmentRoleFactory.create(
|
||||
application_role=app_role,
|
||||
environment=environment,
|
||||
role=CSPRole.NETWORK_ADMIN.value,
|
||||
)
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-environment_roles-0-environment_id": environment.id,
|
||||
"members-0-environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
||||
|
||||
|
||||
def test_update_team_revoke_environment_access(client, user_session, db, session):
|
||||
application = ApplicationFactory.create()
|
||||
owner = application.portfolio.owner
|
||||
user = UserFactory.create()
|
||||
app_role = ApplicationRoleFactory.create(
|
||||
application=application, user=user, permission_sets=[]
|
||||
)
|
||||
environment = EnvironmentFactory.create(application=application)
|
||||
env_role = EnvironmentRoleFactory.create(
|
||||
application_role=app_role,
|
||||
environment=environment,
|
||||
role=CSPRole.BASIC_ACCESS.value,
|
||||
)
|
||||
assert user in environment.users
|
||||
|
||||
user_session(owner)
|
||||
response = client.post(
|
||||
url_for("applications.update_team", application_id=application.id),
|
||||
data={
|
||||
"members-0-role_id": app_role.id,
|
||||
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
||||
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
||||
"members-0-environment_roles-0-environment_id": environment.id,
|
||||
"members-0-environment_roles-0-role": NO_ACCESS,
|
||||
},
|
||||
)
|
||||
|
||||
assert response.status_code == 302
|
||||
env_role_exists = db.exists().where(EnvironmentRole.id == env_role.id)
|
||||
assert not session.query(env_role_exists).scalar()
|
||||
assert user not in environment.users
|
||||
|
||||
|
||||
def test_create_member(monkeypatch, client, user_session, session):
|
||||
job_mock = Mock()
|
||||
monkeypatch.setattr("atst.jobs.send_mail.delay", job_mock)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user