From fa2f7f29f3a89793b732f8aa192ed59e9cbfb28f Mon Sep 17 00:00:00 2001 From: dandds Date: Fri, 3 May 2019 10:17:00 -0400 Subject: [PATCH] Do not scope environment access on applications. Application users can see all environments on an application. Limiting access to the CSP console for an an environment should be handled differently. --- atst/domain/portfolios/scopes.py | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/atst/domain/portfolios/scopes.py b/atst/domain/portfolios/scopes.py index 9d058813..2d5ebd17 100644 --- a/atst/domain/portfolios/scopes.py +++ b/atst/domain/portfolios/scopes.py @@ -1,7 +1,6 @@ from atst.domain.authz import Authorization from atst.models.permissions import Permissions from atst.domain.applications import Applications -from atst.domain.environments import Environments class ScopedResource(object): @@ -35,31 +34,6 @@ class ScopedPortfolio(ScopedResource): ) if can_view_all_applications: - applications = self.resource.applications + return self.resource.applications else: - applications = Applications.for_user(self.user, self.resource) - - return [ - ScopedApplication(self.user, application) for application in applications - ] - - -class ScopedApplication(ScopedResource): - """ - An object that obeys the same API as a Portfolio, but with the added - functionality that it only returns sub-resources (environments) - that the given user is allowed to see. - """ - - @property - def environments(self): - can_view_all_environments = Authorization.has_portfolio_permission( - self.user, self.resource.portfolio, Permissions.VIEW_ENVIRONMENT - ) - - if can_view_all_environments: - environments = self.resource.environments - else: - environments = Environments.for_user(self.user, self.resource) - - return environments + return Applications.for_user(self.user, self.resource)