- Populate the POSTed form with additional data from the existing TO
model. This way the pdf attachment has to be explicitly overwritten.
- Adjust the frontend so that if there is an existing PDF, it only sends
a file input back if the user removes the existing PDF.
Like portfolio invitations, now a user is not associated with an
application role until they accept the associated invitation.
- domain method for inviting user to application
- change application route for inviting a member
- ApplicationRole model knows user name from invitation
`portfolios.create_member` now just sends an invitation, so it should be
with the invitation routes. This also de-duplicates the function for
sending a portfolio invitation email.
Portfolio invitations do not associate a user entity until the
invitation has been accepted. User info, including DOD ID, is held on
the invitation itself. When a user accepts and invitation, their user
entry is associated with the corresponding `portfolio_role` entry.
The same change will be applied to `application_role` and application
invitations. For now, small changes have been made to
application-related methods so that that flow works as-is.
In the future, an `application_invitation1 will not refer to a `user` until
someone accepts the invitation; they'll only reference an
`application_role`. When a user is invited to an application, the
inviter can specify the environments the invitee should have access to.
For this to be possible, an `environment_role` should reference an
`application_role`, because no `user` entity will be known at that time.
In addition to updating all the models and domain methods necessary for
this change, this commit deletes unused code and tests that were
dependent on `environment_roles` having a `user_id` foreign key.
This gives us better test isolation. Previously, we were manually
setting `g.current_user` with a factory instance and not cleaning it up
properly, which could break later tests.
