This updates the `Portfolios.for_user` method to screen out deleted
ApplicationRole entities. For extra assurance, we also mark application
roles as disabled when they are deleted.
- Applies our previous CSP namespacing pattern to the upload classes.
- Removes code and config for previous uploader implementation.
- Removes Attachment model's ability to upload files directly and
adjusts tests that expected that behavior.
Adjust the broken tests to use our dynamic fixtures for PKI files. Some
tests still rely on these fixtures, but this is a minimal patch to get
the test suite passing again. Eventually all tests should use the pytest
fixtures.
Like portfolio invitations, now a user is not associated with an
application role until they accept the associated invitation.
- domain method for inviting user to application
- change application route for inviting a member
- ApplicationRole model knows user name from invitation
Portfolio invitations do not associate a user entity until the
invitation has been accepted. User info, including DOD ID, is held on
the invitation itself. When a user accepts and invitation, their user
entry is associated with the corresponding `portfolio_role` entry.
The same change will be applied to `application_role` and application
invitations. For now, small changes have been made to
application-related methods so that that flow works as-is.
In the future, an `application_invitation1 will not refer to a `user` until
someone accepts the invitation; they'll only reference an
`application_role`. When a user is invited to an application, the
inviter can specify the environments the invitee should have access to.
For this to be possible, an `environment_role` should reference an
`application_role`, because no `user` entity will be known at that time.
In addition to updating all the models and domain methods necessary for
this change, this commit deletes unused code and tests that were
dependent on `environment_roles` having a `user_id` foreign key.
Use ApplicationRole.id instead of User.id in forms. This eliminates the
need for the function that checks whether a user is in a given
application, because looking up the application role will raise an error
if the user is not.
- Adds a property to ApplicationRole model so that it knows its related
EnvironmentRole models.
- Rewrite the form data builder in the routes file so that it loops the
application members and their environment roles to build the data
structure.
The download method for Libcloud objects returns a boolean, which means
that our CRL download could fail silently. The RackspaceCRLProvider
would not raise an error until it tried to open the full path for the
downloaded resource. This checks the return status of the download call
and raises an error if the download failed. For reference:
https://libcloud.readthedocs.io/en/latest/storage/api.html#libcloud.storage.base.StorageDriver.download_object
A `before_request` hook queries the database for portfolios, requests,
and task orders based on the route arguments. The resources are added as
attributes on `g`. The portfolio context processor and the access
decorator now rely on those resources being available on `g`.
WIP: find major resources in before_request hook, apply to g
WIP: use g.portfolio for portfolio context processor
WIP: the access decorator should rely on the resources being available on g
