1. Prevents roles from being created with the role 'None'
2. Only call EnvironmentRoles.delete() if the env_role exists
3. Update the filter on the role field of the app member form to return
'No Access'. This fixed an issue where if a role was deleted, then other
env roles belonging to the app member could not be updated because the
role field of the deleted env_role was invalid
This change makes it so that when an env_role is updated to be None, the
role property on the env_role is changed to be None in addition to being
marked as deleted. This also adds in a check so that previously deleted
env_roles cannot be reassigned a role.
The beat schedule is set to once per minute for each of the three
environment provisioning tasks.
Adding a beat schedule surfaced two problems that are addressed here
with the following changes:
- Commit the SQLALchemy session in order to release the environment
lock. Otherwise the change to the `claimed_until` field is not
persisted.
- Set `none_as_null` on the JSOB fields on the `Environment`. This
avoids problems with querying on Postgres JSON fields that are empty.
This also adds a small change to the development command for the Celery
worker. Multiple child processes were executing the beat jobs, which
lead to exceptions for environment locks and confusing log output. This
contrains the dev command to a single Celery worker.
In the future, an `application_invitation1 will not refer to a `user` until
someone accepts the invitation; they'll only reference an
`application_role`. When a user is invited to an application, the
inviter can specify the environments the invitee should have access to.
For this to be possible, an `environment_role` should reference an
`application_role`, because no `user` entity will be known at that time.
In addition to updating all the models and domain methods necessary for
this change, this commit deletes unused code and tests that were
dependent on `environment_roles` having a `user_id` foreign key.
Use ApplicationRole.id instead of User.id in forms. This eliminates the
need for the function that checks whether a user is in a given
application, because looking up the application role will raise an error
if the user is not.
- Adds a property to ApplicationRole model so that it knows its related
EnvironmentRole models.
- Rewrite the form data builder in the routes file so that it loops the
application members and their environment roles to build the data
structure.
- parent relation will not include applications or environments marked
as deleted
- domain classes will exclude deleted objects from selections
- changed some test factories to use domain_word for resource names,
because they were using person names and it bugged me
