organize portfolio permission sets by domain

2019-03-14 08:50:38 -04:00
parent 78aa2dfcc6
commit ee37a5543a
4 changed files with 66 additions and 56 deletions
--- a/atst/domain/permission_sets.py
+++ b/atst/domain/permission_sets.py
@@ -81,13 +81,16 @@ ATAT_ROLES = [
    },
 ]

-_VIEW_PORTFOLIO_PERMISSION_SETS = [
+_PORTFOLIO_BASIC_PERMISSION_SETS = [
    {
        "name": PermissionSets.VIEW_PORTFOLIO,
        "description": "View basic portfolio info",
        "display_name": "View Portfolio",
        "permissions": [Permissions.VIEW_PORTFOLIO],
-    },
+    }
+]
+
+_PORTFOLIO_APP_MGMT_PERMISSION_SETS = [
    {
        "name": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
        "description": "View applications and related resources",
@@ -98,36 +101,6 @@ _VIEW_PORTFOLIO_PERMISSION_SETS = [
            Permissions.VIEW_ENVIRONMENT,
        ],
    },
-    {
-        "name": PermissionSets.VIEW_PORTFOLIO_FUNDING,
-        "description": "View a portfolio's task orders",
-        "display_name": "Funding",
-        "permissions": [
-            Permissions.VIEW_PORTFOLIO_FUNDING,
-            Permissions.VIEW_TASK_ORDER_DETAILS,
-        ],
-    },
-    {
-        "name": PermissionSets.VIEW_PORTFOLIO_REPORTS,
-        "description": "View a portfolio's reports",
-        "display_name": "Reporting",
-        "permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
-    },
-    {
-        "name": PermissionSets.VIEW_PORTFOLIO_ADMIN,
-        "description": "View a portfolio's admin options",
-        "display_name": "Portfolio Administration",
-        "permissions": [
-            Permissions.VIEW_PORTFOLIO_ADMIN,
-            Permissions.VIEW_PORTFOLIO_NAME,
-            Permissions.VIEW_PORTFOLIO_USERS,
-            Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG,
-            Permissions.VIEW_PORTFOLIO_POC,
-        ],
-    },
-]
-
-_EDIT_PORTFOLIO_PERMISSION_SETS = [
    {
        "name": PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT,
        "description": "Edit applications and related resources",
@@ -141,6 +114,18 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
            Permissions.CREATE_ENVIRONMENT,
        ],
    },
+]
+
+_PORTFOLIO_FUNDING_PERMISSION_SETS = [
+    {
+        "name": PermissionSets.VIEW_PORTFOLIO_FUNDING,
+        "description": "View a portfolio's task orders",
+        "display_name": "Funding",
+        "permissions": [
+            Permissions.VIEW_PORTFOLIO_FUNDING,
+            Permissions.VIEW_TASK_ORDER_DETAILS,
+        ],
+    },
    {
        "name": PermissionSets.EDIT_PORTFOLIO_FUNDING,
        "description": "Edit a portfolio's task orders and add new ones",
@@ -150,12 +135,36 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
            Permissions.EDIT_TASK_ORDER_DETAILS,
        ],
    },
+]
+
+_PORTFOLIO_REPORTS_PERMISSION_SETS = [
+    {
+        "name": PermissionSets.VIEW_PORTFOLIO_REPORTS,
+        "description": "View a portfolio's reports",
+        "display_name": "Reporting",
+        "permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
+    },
    {
        "name": PermissionSets.EDIT_PORTFOLIO_REPORTS,
        "description": "Edit a portfolio's reports (no-op)",
        "display_name": "Reporting",
        "permissions": [],
    },
+]
+
+_PORTFOLIO_ADMIN_PERMISSION_SETS = [
+    {
+        "name": PermissionSets.VIEW_PORTFOLIO_ADMIN,
+        "description": "View a portfolio's admin options",
+        "display_name": "Portfolio Administration",
+        "permissions": [
+            Permissions.VIEW_PORTFOLIO_ADMIN,
+            Permissions.VIEW_PORTFOLIO_NAME,
+            Permissions.VIEW_PORTFOLIO_USERS,
+            Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG,
+            Permissions.VIEW_PORTFOLIO_POC,
+        ],
+    },
    {
        "name": PermissionSets.EDIT_PORTFOLIO_ADMIN,
        "description": "Edit a portfolio's admin options",
@@ -168,18 +177,20 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
    },
 ]

+_PORTFOLIO_POC_PERMISSION_SETS = [
+    {
+        "name": "portfolio_poc",
+        "description": "Permissions belonging to the Portfolio POC",
+        "display_name": "Portfolio Point of Contact",
+        "permissions": [Permissions.EDIT_PORTFOLIO_POC, Permissions.ARCHIVE_PORTFOLIO],
+    }
+]
+
 PORTFOLIO_PERMISSION_SETS = (
-    _VIEW_PORTFOLIO_PERMISSION_SETS
-    + _EDIT_PORTFOLIO_PERMISSION_SETS
-    + [
-        {
-            "name": "portfolio_poc",
-            "description": "Permissions belonging to the Portfolio POC",
-            "display_name": "Portfolio Point of Contact",
-            "permissions": [
-                Permissions.EDIT_PORTFOLIO_POC,
-                Permissions.ARCHIVE_PORTFOLIO,
-            ],
-        }
-    ]
+    _PORTFOLIO_BASIC_PERMISSION_SETS
+    + _PORTFOLIO_APP_MGMT_PERMISSION_SETS
+    + _PORTFOLIO_FUNDING_PERMISSION_SETS
+    + _PORTFOLIO_REPORTS_PERMISSION_SETS
+    + _PORTFOLIO_ADMIN_PERMISSION_SETS
+    + _PORTFOLIO_POC_PERMISSION_SETS
 )
--- a/atst/domain/portfolio_roles.py
+++ b/atst/domain/portfolio_roles.py
@@ -96,7 +96,7 @@ class PortfolioRoles(object):

        return new_portfolio_role

-    _DEFAULT_PORTFOLIO_PERMS_SETS = {
+    DEFAULT_PORTFOLIO_PERMISSION_SETS = {
        PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
        PermissionSets.VIEW_PORTFOLIO_FUNDING,
        PermissionSets.VIEW_PORTFOLIO_REPORTS,
@@ -105,7 +105,7 @@ class PortfolioRoles(object):

    @classmethod
    def _permission_sets_for_names(cls, set_names):
-        perms_set_names = PortfolioRoles._DEFAULT_PORTFOLIO_PERMS_SETS.union(
+        perms_set_names = PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS.union(
            set(set_names)
        )
        return [