pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow CCPO to view workspaces

Browse Source
This commit is contained in:
richard-dds 2018-09-12 11:13:06 -04:00
parent 59761800df
commit e997c5cedd
6 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
atst/domain/authz.py
View File

@ -9,6 +9,10 @@ class Authorization(object):
workspace_user = WorkspaceUsers.get(workspace.id, user.id) workspace_user = WorkspaceUsers.get(workspace.id, user.id)
return permission in workspace_user.permissions() return permission in workspace_user.permissions()
@classmethod
def has_atat_permission(cls, user, permission):
return permission in user.atat_role.permissions
@classmethod @classmethod
def is_in_workspace(cls, user, workspace): def is_in_workspace(cls, user, workspace):
return user in workspace.users return user in workspace.users

13
atst/domain/workspaces/workspaces.py
View File

@ -73,6 +73,19 @@ class Workspaces(object):
) )
return workspaces return workspaces
@classmethod
def for_user(cls, user):
if Authorization.has_atat_permission(user, Permissions.VIEW_WORKSPACE):
workspaces = db.session.query(Workspace).all()
else:
workspaces = (
db.session.query(Workspace)
.join(WorkspaceRole)
.filter(WorkspaceRole.user == user)
.all()
)
return workspaces
@classmethod @classmethod
def create_member(cls, user, workspace, data): def create_member(cls, user, workspace, data):
Authorization.check_workspace_permission( Authorization.check_workspace_permission(

7
atst/models/user.py
View File

@ -4,6 +4,7 @@ from sqlalchemy.dialects.postgresql import UUID
from atst.models import Base from atst.models import Base
from .types import Id from .types import Id
from atst.models.permissions import Permissions
class User(Base): class User(Base):
@ -28,3 +29,9 @@ class User(Base):
@property @property
def full_name(self): def full_name(self):
return "{} {}".format(self.first_name, self.last_name) return "{} {}".format(self.first_name, self.last_name)
@property
def has_workspaces(self):
return (
Permissions.VIEW_WORKSPACE in self.atat_role.permissions
) or self.workspace_roles

2
atst/routes/workspaces.py
View File

@ -46,7 +46,7 @@ def workspace():
@bp.route("/workspaces") @bp.route("/workspaces")
def workspaces(): def workspaces():
workspaces = Workspaces.get_many(g.current_user) workspaces = Workspaces.for_user(g.current_user)
return render_template("workspaces/index.html", page=5, workspaces=workspaces) return render_template("workspaces/index.html", page=5, workspaces=workspaces)

2
templates/navigation/global_navigation.html
View File

@ -22,7 +22,7 @@
] ]
) }} ) }}
{% if g.current_user.workspace_roles %} {% if g.current_user.has_workspaces %}
{{ SidenavItem("Workspaces", href="/workspaces", icon="cloud", active=g.matchesPath('/workspaces')) }} {{ SidenavItem("Workspaces", href="/workspaces", icon="cloud", active=g.matchesPath('/workspaces')) }}
{% endif %} {% endif %}
</ul> </ul>

20
tests/domain/test_workspaces.py
View File

@ -237,3 +237,23 @@ def test_scoped_workspace_returns_all_projects_for_workspace_owner():
assert len(scoped_workspace.projects) == 5 assert len(scoped_workspace.projects) == 5
assert len(scoped_workspace.projects[0].environments) == 3 assert len(scoped_workspace.projects[0].environments) == 3
def test_for_user_workspace_member():
bob = UserFactory.from_atat_role("default")
workspace = Workspaces.create(RequestFactory.create())
Workspaces.add_member(workspace, bob, "developer")
Workspaces.create(RequestFactory.create())
bobs_workspaces = Workspaces.for_user(bob)
assert len(bobs_workspaces) == 1
def test_for_user_ccpo():
sam = UserFactory.from_atat_role("ccpo")
workspace = Workspaces.create(RequestFactory.create())
Workspaces.create(RequestFactory.create())
sams_workspaces = Workspaces.for_user(sam)
assert len(sams_workspaces) == 2