diff --git a/atst/domain/authz.py b/atst/domain/authz.py index 467d5150..cdfafdac 100644 --- a/atst/domain/authz.py +++ b/atst/domain/authz.py @@ -9,6 +9,10 @@ class Authorization(object): workspace_user = WorkspaceUsers.get(workspace.id, user.id) return permission in workspace_user.permissions() + @classmethod + def has_atat_permission(cls, user, permission): + return permission in user.atat_role.permissions + @classmethod def is_in_workspace(cls, user, workspace): return user in workspace.users diff --git a/atst/domain/workspaces/workspaces.py b/atst/domain/workspaces/workspaces.py index f87f3347..cc023a54 100644 --- a/atst/domain/workspaces/workspaces.py +++ b/atst/domain/workspaces/workspaces.py @@ -73,6 +73,19 @@ class Workspaces(object): ) return workspaces + @classmethod + def for_user(cls, user): + if Authorization.has_atat_permission(user, Permissions.VIEW_WORKSPACE): + workspaces = db.session.query(Workspace).all() + else: + workspaces = ( + db.session.query(Workspace) + .join(WorkspaceRole) + .filter(WorkspaceRole.user == user) + .all() + ) + return workspaces + @classmethod def create_member(cls, user, workspace, data): Authorization.check_workspace_permission( diff --git a/atst/models/user.py b/atst/models/user.py index 643fd3f5..39d2a171 100644 --- a/atst/models/user.py +++ b/atst/models/user.py @@ -4,6 +4,7 @@ from sqlalchemy.dialects.postgresql import UUID from atst.models import Base from .types import Id +from atst.models.permissions import Permissions class User(Base): @@ -28,3 +29,9 @@ class User(Base): @property def full_name(self): return "{} {}".format(self.first_name, self.last_name) + + @property + def has_workspaces(self): + return ( + Permissions.VIEW_WORKSPACE in self.atat_role.permissions + ) or self.workspace_roles diff --git a/atst/routes/workspaces.py b/atst/routes/workspaces.py index f13f6ec1..d4465f32 100644 --- a/atst/routes/workspaces.py +++ b/atst/routes/workspaces.py @@ -46,7 +46,7 @@ def workspace(): @bp.route("/workspaces") def workspaces(): - workspaces = Workspaces.get_many(g.current_user) + workspaces = Workspaces.for_user(g.current_user) return render_template("workspaces/index.html", page=5, workspaces=workspaces) diff --git a/templates/navigation/global_navigation.html b/templates/navigation/global_navigation.html index f306f6b7..5314042e 100644 --- a/templates/navigation/global_navigation.html +++ b/templates/navigation/global_navigation.html @@ -22,7 +22,7 @@ ] ) }} - {% if g.current_user.workspace_roles %} + {% if g.current_user.has_workspaces %} {{ SidenavItem("Workspaces", href="/workspaces", icon="cloud", active=g.matchesPath('/workspaces')) }} {% endif %} diff --git a/tests/domain/test_workspaces.py b/tests/domain/test_workspaces.py index cf63facf..c1390fea 100644 --- a/tests/domain/test_workspaces.py +++ b/tests/domain/test_workspaces.py @@ -237,3 +237,23 @@ def test_scoped_workspace_returns_all_projects_for_workspace_owner(): assert len(scoped_workspace.projects) == 5 assert len(scoped_workspace.projects[0].environments) == 3 + + +def test_for_user_workspace_member(): + bob = UserFactory.from_atat_role("default") + workspace = Workspaces.create(RequestFactory.create()) + Workspaces.add_member(workspace, bob, "developer") + + Workspaces.create(RequestFactory.create()) + + bobs_workspaces = Workspaces.for_user(bob) + assert len(bobs_workspaces) == 1 + + +def test_for_user_ccpo(): + sam = UserFactory.from_atat_role("ccpo") + workspace = Workspaces.create(RequestFactory.create()) + Workspaces.create(RequestFactory.create()) + + sams_workspaces = Workspaces.for_user(sam) + assert len(sams_workspaces) == 2