organize portfolio permission sets by domain

2019-03-14 08:50:38 -04:00 · 2019-03-14 08:50:38 -04:00 · ee37a5543a
commit ee37a5543a
parent 78aa2dfcc6
4 changed files with 66 additions and 56 deletions
--- a/atst/domain/permission_sets.py
+++ b/atst/domain/permission_sets.py
@ -81,13 +81,16 @@ ATAT_ROLES = [
    },
 ]

-_VIEW_PORTFOLIO_PERMISSION_SETS = [
+_PORTFOLIO_BASIC_PERMISSION_SETS = [
    {
        "name": PermissionSets.VIEW_PORTFOLIO,
        "description": "View basic portfolio info",
        "display_name": "View Portfolio",
        "permissions": [Permissions.VIEW_PORTFOLIO],
-    },
+    }
+]
+
+_PORTFOLIO_APP_MGMT_PERMISSION_SETS = [
    {
        "name": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
        "description": "View applications and related resources",
@ -98,36 +101,6 @@ _VIEW_PORTFOLIO_PERMISSION_SETS = [
            Permissions.VIEW_ENVIRONMENT,
        ],
    },
-    {
-        "name": PermissionSets.VIEW_PORTFOLIO_FUNDING,
-        "description": "View a portfolio's task orders",
-        "display_name": "Funding",
-        "permissions": [
-            Permissions.VIEW_PORTFOLIO_FUNDING,
-            Permissions.VIEW_TASK_ORDER_DETAILS,
-        ],
-    },
-    {
-        "name": PermissionSets.VIEW_PORTFOLIO_REPORTS,
-        "description": "View a portfolio's reports",
-        "display_name": "Reporting",
-        "permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
-    },
-    {
-        "name": PermissionSets.VIEW_PORTFOLIO_ADMIN,
-        "description": "View a portfolio's admin options",
-        "display_name": "Portfolio Administration",
-        "permissions": [
-            Permissions.VIEW_PORTFOLIO_ADMIN,
-            Permissions.VIEW_PORTFOLIO_NAME,
-            Permissions.VIEW_PORTFOLIO_USERS,
-            Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG,
-            Permissions.VIEW_PORTFOLIO_POC,
-        ],
-    },
-]
-
-_EDIT_PORTFOLIO_PERMISSION_SETS = [
    {
        "name": PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT,
        "description": "Edit applications and related resources",
@ -141,6 +114,18 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
            Permissions.CREATE_ENVIRONMENT,
        ],
    },
+]
+
+_PORTFOLIO_FUNDING_PERMISSION_SETS = [
+    {
+        "name": PermissionSets.VIEW_PORTFOLIO_FUNDING,
+        "description": "View a portfolio's task orders",
+        "display_name": "Funding",
+        "permissions": [
+            Permissions.VIEW_PORTFOLIO_FUNDING,
+            Permissions.VIEW_TASK_ORDER_DETAILS,
+        ],
+    },
    {
        "name": PermissionSets.EDIT_PORTFOLIO_FUNDING,
        "description": "Edit a portfolio's task orders and add new ones",
@ -150,12 +135,36 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
            Permissions.EDIT_TASK_ORDER_DETAILS,
        ],
    },
+]
+
+_PORTFOLIO_REPORTS_PERMISSION_SETS = [
+    {
+        "name": PermissionSets.VIEW_PORTFOLIO_REPORTS,
+        "description": "View a portfolio's reports",
+        "display_name": "Reporting",
+        "permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
+    },
    {
        "name": PermissionSets.EDIT_PORTFOLIO_REPORTS,
        "description": "Edit a portfolio's reports (no-op)",
        "display_name": "Reporting",
        "permissions": [],
    },
+]
+
+_PORTFOLIO_ADMIN_PERMISSION_SETS = [
+    {
+        "name": PermissionSets.VIEW_PORTFOLIO_ADMIN,
+        "description": "View a portfolio's admin options",
+        "display_name": "Portfolio Administration",
+        "permissions": [
+            Permissions.VIEW_PORTFOLIO_ADMIN,
+            Permissions.VIEW_PORTFOLIO_NAME,
+            Permissions.VIEW_PORTFOLIO_USERS,
+            Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG,
+            Permissions.VIEW_PORTFOLIO_POC,
+        ],
+    },
    {
        "name": PermissionSets.EDIT_PORTFOLIO_ADMIN,
        "description": "Edit a portfolio's admin options",
@ -168,18 +177,20 @@ _EDIT_PORTFOLIO_PERMISSION_SETS = [
    },
 ]

+_PORTFOLIO_POC_PERMISSION_SETS = [
+    {
+        "name": "portfolio_poc",
+        "description": "Permissions belonging to the Portfolio POC",
+        "display_name": "Portfolio Point of Contact",
+        "permissions": [Permissions.EDIT_PORTFOLIO_POC, Permissions.ARCHIVE_PORTFOLIO],
+    }
+]
+
 PORTFOLIO_PERMISSION_SETS = (
-    _VIEW_PORTFOLIO_PERMISSION_SETS
-    + _EDIT_PORTFOLIO_PERMISSION_SETS
-    + [
-        {
-            "name": "portfolio_poc",
-            "description": "Permissions belonging to the Portfolio POC",
-            "display_name": "Portfolio Point of Contact",
-            "permissions": [
-                Permissions.EDIT_PORTFOLIO_POC,
-                Permissions.ARCHIVE_PORTFOLIO,
-            ],
-        }
-    ]
+    _PORTFOLIO_BASIC_PERMISSION_SETS
+    + _PORTFOLIO_APP_MGMT_PERMISSION_SETS
+    + _PORTFOLIO_FUNDING_PERMISSION_SETS
+    + _PORTFOLIO_REPORTS_PERMISSION_SETS
+    + _PORTFOLIO_ADMIN_PERMISSION_SETS
+    + _PORTFOLIO_POC_PERMISSION_SETS
 )
--- a/atst/domain/portfolio_roles.py
+++ b/atst/domain/portfolio_roles.py
@ -96,7 +96,7 @@ class PortfolioRoles(object):

        return new_portfolio_role

-    _DEFAULT_PORTFOLIO_PERMS_SETS = {
+    DEFAULT_PORTFOLIO_PERMISSION_SETS = {
        PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
        PermissionSets.VIEW_PORTFOLIO_FUNDING,
        PermissionSets.VIEW_PORTFOLIO_REPORTS,
@ -105,7 +105,7 @@ class PortfolioRoles(object):

    @classmethod
    def _permission_sets_for_names(cls, set_names):
-        perms_set_names = PortfolioRoles._DEFAULT_PORTFOLIO_PERMS_SETS.union(
+        perms_set_names = PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS.union(
            set(set_names)
        )
        return [
--- a/tests/domain/test_task_orders.py
+++ b/tests/domain/test_task_orders.py
@ -2,7 +2,8 @@ import pytest

 from atst.domain.task_orders import TaskOrders, TaskOrderError, DD254s
 from atst.domain.exceptions import UnauthorizedError
-from atst.domain.permission_sets import PermissionSets, _VIEW_PORTFOLIO_PERMISSION_SETS
+from atst.domain.permission_sets import PermissionSets
+from atst.domain.portfolio_roles import PortfolioRoles
 from atst.models.attachment import Attachment

 from tests.factories import (
@ -116,7 +117,8 @@ def test_task_order_access():
        user=member,
        portfolio=task_order.portfolio,
        permission_sets=[
-            PermissionSets.get(prms["name"]) for prms in _VIEW_PORTFOLIO_PERMISSION_SETS
+            PermissionSets.get(prms)
+            for prms in PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
        ],
    )
    TaskOrders.add_officer(
--- a/tests/factories.py
+++ b/tests/factories.py
@ -14,17 +14,13 @@ from atst.models.task_order import TaskOrder
 from atst.models.user import User
 from atst.models.permission_set import PermissionSet
 from atst.models.portfolio import Portfolio
-from atst.domain.permission_sets import (
-    PermissionSets,
-    PORTFOLIO_PERMISSION_SETS,
-    _VIEW_PORTFOLIO_PERMISSION_SETS,
-    _EDIT_PORTFOLIO_PERMISSION_SETS,
-)
+from atst.domain.permission_sets import PermissionSets, PORTFOLIO_PERMISSION_SETS
 from atst.models.portfolio_role import PortfolioRole, Status as PortfolioRoleStatus
 from atst.models.environment_role import EnvironmentRole
 from atst.models.invitation import Invitation, Status as InvitationStatus
 from atst.models.dd_254 import DD254
 from atst.domain.invitations import Invitations
+from atst.domain.portfolio_roles import PortfolioRoles


 def random_choice(choices):
@ -70,7 +66,8 @@ def _random_date(year_min, year_max, operation):

 def base_portfolio_permission_sets():
    return [
-        PermissionSets.get(prms["name"]) for prms in _VIEW_PORTFOLIO_PERMISSION_SETS
+        PermissionSets.get(prms)
+        for prms in PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
    ]