pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #488 from dod-ccpo/workspace-role-change-bug-#162345640

Browse Source 
Workspace role change bug #162345640
This commit is contained in:
dandds 2018-12-13 14:29:46 -05:00 committed by GitHub
commit e7ee2b3f43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 68 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
atst/domain/environment_roles.py
View File

@ -21,3 +21,6 @@ class EnvironmentRoles(object):
if existing_env_role: if existing_env_role:
db.session.delete(existing_env_role) db.session.delete(existing_env_role)
db.session.commit() db.session.commit()
return True
else:
return False

17
atst/domain/environments.py
View File

@ -65,27 +65,38 @@ class Environments(object):
Permissions.ADD_AND_ASSIGN_CSP_ROLES, Permissions.ADD_AND_ASSIGN_CSP_ROLES,
"assign environment roles", "assign environment roles",
) )
updated = False
for id_and_role in ids_and_roles: for id_and_role in ids_and_roles:
new_role = id_and_role["role"] new_role = id_and_role["role"]
environment = Environments.get(id_and_role["id"]) environment = Environments.get(id_and_role["id"])
if new_role is None: if new_role is None:
EnvironmentRoles.delete(workspace_role.user.id, environment.id) role_deleted = EnvironmentRoles.delete(
workspace_role.user.id, environment.id
)
if role_deleted:
updated = True
else: else:
env_role = EnvironmentRoles.get( env_role = EnvironmentRoles.get(
workspace_role.user.id, id_and_role["id"] workspace_role.user.id, id_and_role["id"]
) )
if env_role: if env_role and env_role.role != new_role:
env_role.role = new_role env_role.role = new_role
else: updated = True
db.session.add(env_role)
elif not env_role:
env_role = EnvironmentRole( env_role = EnvironmentRole(
user=workspace_role.user, environment=environment, role=new_role user=workspace_role.user, environment=environment, role=new_role
) )
updated = True
db.session.add(env_role) db.session.add(env_role)
if updated:
db.session.commit() db.session.commit()
return updated
@classmethod @classmethod
def revoke_access(cls, user, environment, target_user): def revoke_access(cls, user, environment, target_user):
Authorization.check_workspace_permission( Authorization.check_workspace_permission(

13
atst/routes/workspaces/members.py
View File

@ -147,22 +147,23 @@ def update_member(workspace_id, member_id):
form = EditMemberForm(http_request.form) form = EditMemberForm(http_request.form)
if form.validate(): if form.validate():
new_role_name = None new_role_name = None
if form.data["workspace_role"] != member.role: if form.data["workspace_role"] != member.role.name:
member = Workspaces.update_member( member = Workspaces.update_member(
g.current_user, workspace, member, form.data["workspace_role"] g.current_user, workspace, member, form.data["workspace_role"]
) )
new_role_name = member.role_displayname new_role_name = member.role_displayname
Environments.update_environment_roles(
g.current_user, workspace, member, ids_and_roles
)
flash( flash(
"workspace_role_updated", "workspace_role_updated",
member_name=member.user_name, member_name=member.user_name,
updated_role=new_role_name, updated_role=new_role_name,
) )
updated_roles = Environments.update_environment_roles(
g.current_user, workspace, member, ids_and_roles
)
if updated_roles:
flash("environment_access_changed")
return redirect( return redirect(
url_for("workspaces.workspace_members", workspace_id=workspace.id) url_for("workspaces.workspace_members", workspace_id=workspace.id)
) )

5
atst/utils/flash.py
View File

@ -96,6 +96,11 @@ MESSAGES = {
""", """,
"category": "warning", "category": "warning",
}, },
"environment_access_changed": {
"title_template": "User access successfully changed.",
"message_template": "",
"category": "success",
},
} }

33
tests/domain/test_environments.py
View File

@ -38,7 +38,7 @@ def test_update_environment_roles():
] ]
workspace_role = workspace.members[0] workspace_role = workspace.members[0]
Environments.update_environment_roles( assert Environments.update_environment_roles(
owner, workspace, workspace_role, new_ids_and_roles owner, workspace, workspace_role, new_ids_and_roles
) )
new_dev_env_role = EnvironmentRoles.get(workspace_role.user.id, dev_env.id) new_dev_env_role = EnvironmentRoles.get(workspace_role.user.id, dev_env.id)
@ -89,7 +89,7 @@ def test_remove_environment_role():
] ]
workspace_role = WorkspaceRoles.get(workspace.id, developer.id) workspace_role = WorkspaceRoles.get(workspace.id, developer.id)
Environments.update_environment_roles( assert Environments.update_environment_roles(
owner, workspace, workspace_role, new_environment_roles owner, workspace, workspace_role, new_environment_roles
) )
@ -99,6 +99,35 @@ def test_remove_environment_role():
assert EnvironmentRoles.get(developer.id, still_fa).role == "financial_auditor" assert EnvironmentRoles.get(developer.id, still_fa).role == "financial_auditor"
def test_no_update_to_environment_roles():
owner = UserFactory.create()
developer = UserFactory.from_atat_role("developer")
workspace = WorkspaceFactory.create(
owner=owner,
members=[{"user": developer, "role_name": "developer"}],
projects=[
{
"name": "project1",
"environments": [
{
"name": "project1 dev",
"members": [{"user": developer, "role_name": "devops"}],
}
],
}
],
)
dev_env = workspace.projects[0].environments[0]
new_ids_and_roles = [{"id": dev_env.id, "role": "devops"}]
workspace_role = WorkspaceRoles.get(workspace.id, developer.id)
assert not Environments.update_environment_roles(
owner, workspace, workspace_role, new_ids_and_roles
)
def test_get_scoped_environments(db): def test_get_scoped_environments(db):
developer = UserFactory.create() developer = UserFactory.create()
workspace = WorkspaceFactory.create( workspace = WorkspaceFactory.create(

4
tests/routes/workspaces/test_members.py
View File

@ -93,6 +93,7 @@ def test_update_member_workspace_role(client, user_session):
follow_redirects=True, follow_redirects=True,
) )
assert response.status_code == 200 assert response.status_code == 200
assert b"role updated successfully" in response.data
assert member.role_name == "security_auditor" assert member.role_name == "security_auditor"
@ -140,6 +141,8 @@ def test_update_member_environment_role(client, user_session):
follow_redirects=True, follow_redirects=True,
) )
assert response.status_code == 200 assert response.status_code == 200
assert b"role updated successfully" not in response.data
assert b"access successfully changed" in response.data
assert EnvironmentRoles.get(user.id, env1_id).role == "security_auditor" assert EnvironmentRoles.get(user.id, env1_id).role == "security_auditor"
assert EnvironmentRoles.get(user.id, env2_id).role == "devops" assert EnvironmentRoles.get(user.id, env2_id).role == "devops"
@ -167,6 +170,7 @@ def test_update_member_environment_role_with_no_data(client, user_session):
follow_redirects=True, follow_redirects=True,
) )
assert response.status_code == 200 assert response.status_code == 200
assert b"access successfully changed" not in response.data
assert EnvironmentRoles.get(user.id, env1_id).role == "developer" assert EnvironmentRoles.get(user.id, env1_id).role == "developer"