pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #849 from dod-ccpo/fix-remove-port-member

Browse Source 
Fix removing portfolio member
This commit is contained in:
leigh-mil 2019-05-29 16:12:33 -04:00 committed by GitHub
commit fc01fa6522
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 48 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
atst/routes/portfolios/admin.py
View File

@ -166,22 +166,23 @@ def edit(portfolio_id):
@portfolios_bp.route(
"/portfolios/<portfolio_id>/members/<user_id>/delete", methods=["POST"]
"/portfolios/<portfolio_id>/members/<portfolio_role_id>/delete", methods=["POST"]
)
@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio members")
def remove_member(portfolio_id, user_id):
if str(g.current_user.id) == user_id:
def remove_member(portfolio_id, portfolio_role_id):
portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id)
if g.current_user.id == portfolio_role.user_id:
raise UnauthorizedError(
g.current_user, "you cant remove yourself from the portfolio"
)
portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id)
if user_id == str(portfolio.owner.id):
if portfolio_role.user_id == portfolio.owner.id:
raise UnauthorizedError(
g.current_user, "you can't delete the portfolios PPoC from the portfolio"
)
portfolio_role = PortfolioRoles.get(portfolio_id=portfolio_id, user_id=user_id)
# TODO: should this cascade and disable any application and environment
# roles they might have?
PortfolioRoles.disable(portfolio_role=portfolio_role)

3
templates/fragments/admin/members_edit.html
View File

@ -1,3 +1,5 @@
{% from "components/alert.html" import Alert %}
{% from "components/modal.html" import Modal %}
{% from "components/options_input.html" import OptionsInput %}
{% for subform in member_perms_form.members_permissions %}
@ -29,6 +31,7 @@
{{ "portfolios.members.archive_button" | translate }}
</a>
</td>
{% if not ppoc %}
{{ subform.member_id() }}
{% endif %}

52
templates/fragments/admin/portfolio_members.html
View File

@ -76,34 +76,32 @@
{% include "fragments/admin/add_new_portfolio_member.html" %}
{% endif %}
{% if user_can(permissions.EDIT_PORTFOLIO_USERS) %}
{% for member in portfolio.members %}
{% set modal_id = "portfolio_id_{}_user_id_{}".format(portfolio.id, member.user_id) %}
{% call Modal(name=modal_id, dismissable=False) %}
<h1>{{ "portfolios.admin.alert_header" | translate }}</h1>
{{
Alert(
title="portfolios.admin.alert_title" | translate,
message="portfolios.admin.alert_message" | translate,
level="warning"
)
}}
<div class="panel__footer">
<div class="action-group">
<form method="POST" action="{{ url_for('portfolios.remove_member', portfolio_id=portfolio.id, user_id=member.user_id) }}">
{{ member_perms_form.csrf_token }}
<button class="usa-button usa-button-danger">
{{ "portfolios.members.archive_button" | translate }}
</button>
</form>
<a v-on:click="closeModal('{{ modal_id }}')" class="action-group__action icon-link icon-link--default">{{ "common.cancel" | translate }}</a>
{% if user_can(permissions.EDIT_PORTFOLIO_USERS) %}
{% for subform in member_perms_form.members_permissions %}
{% set modal_id = "portfolio_id_{}_user_id_{}".format(portfolio.id, subform.member_id.data) %}
{% call Modal(name=modal_id, dismissable=False) %}
<h1>{{ "portfolios.admin.alert_header" | translate }}</h1>
{{
Alert(
title="portfolios.admin.alert_title" | translate,
message="portfolios.admin.alert_message" | translate,
level="warning"
)
}}
<div class="panel__footer">
<div class="action-group">
<form method="POST" action="{{ url_for('portfolios.remove_member', portfolio_id=portfolio.id, portfolio_role_id=subform.member_id.data)}}">
{{ member_perms_form.csrf_token }}
<button class="usa-button usa-button-danger">
{{ "portfolios.members.archive_button" | translate }}
</button>
</form>
<a v-on:click="closeModal('{{ modal_id }}')" class="action-group__action icon-link icon-link--default">{{ "common.cancel" | translate }}</a>
</div>
</div>
</div>
{% endcall %}
{% endfor %}
{% endif %}
{% endcall %}
{% endfor %}
{% endif %}
</div>
</base-form>
</section>

18
tests/routes/portfolios/test_admin.py
View File

@ -305,12 +305,16 @@ def test_remove_portfolio_member(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
PortfolioRoleFactory.create(portfolio=portfolio, user=user)
member = PortfolioRoleFactory.create(portfolio=portfolio, user=user)
user_session(portfolio.owner)
response = client.post(
url_for("portfolios.remove_member", portfolio_id=portfolio.id, user_id=user.id),
url_for(
"portfolios.remove_member",
portfolio_id=portfolio.id,
portfolio_role_id=member.id,
),
follow_redirects=False,
)
@ -330,6 +334,9 @@ def test_remove_portfolio_member(client, user_session):
def test_remove_portfolio_member_self(client, user_session):
portfolio = PortfolioFactory.create()
portfolio_role = PortfolioRoles.get(
portfolio_id=portfolio.id, user_id=portfolio.owner.id
)
user_session(portfolio.owner)
@ -337,7 +344,7 @@ def test_remove_portfolio_member_self(client, user_session):
url_for(
"portfolios.remove_member",
portfolio_id=portfolio.id,
user_id=portfolio.owner.id,
portfolio_role_id=portfolio_role.id,
),
follow_redirects=False,
)
@ -358,6 +365,9 @@ def test_remove_portfolio_member_ppoc(client, user_session):
user=user,
permission_sets=[PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_ADMIN)],
)
ppoc_port_role = PortfolioRoles.get(
portfolio_id=portfolio.id, user_id=portfolio.owner.id
)
user_session(user)
@ -365,7 +375,7 @@ def test_remove_portfolio_member_ppoc(client, user_session):
url_for(
"portfolios.remove_member",
portfolio_id=portfolio.id,
user_id=portfolio.owner.id,
portfolio_role_id=ppoc_port_role.id,
),
follow_redirects=False,
)