242 lines
7.7 KiB
Python
242 lines
7.7 KiB
Python
from sqlalchemy.orm.exc import NoResultFound
|
|
|
|
from atat.database import db
|
|
from atat.models.permissions import Permissions
|
|
from atat.models.permission_set import PermissionSet
|
|
from .exceptions import NotFoundError
|
|
|
|
|
|
class PermissionSets(object):
|
|
VIEW_PORTFOLIO = "view_portfolio"
|
|
VIEW_PORTFOLIO_APPLICATION_MANAGEMENT = "view_portfolio_application_management"
|
|
VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding"
|
|
VIEW_PORTFOLIO_REPORTS = "view_portfolio_reports"
|
|
VIEW_PORTFOLIO_ADMIN = "view_portfolio_admin"
|
|
EDIT_PORTFOLIO_APPLICATION_MANAGEMENT = "edit_portfolio_application_management"
|
|
EDIT_PORTFOLIO_FUNDING = "edit_portfolio_funding"
|
|
EDIT_PORTFOLIO_REPORTS = "edit_portfolio_reports"
|
|
EDIT_PORTFOLIO_ADMIN = "edit_portfolio_admin"
|
|
PORTFOLIO_POC = "portfolio_poc"
|
|
VIEW_AUDIT_LOG = "view_audit_log"
|
|
MANAGE_CCPO_USERS = "manage_ccpo_users"
|
|
|
|
VIEW_APPLICATION = "view_application"
|
|
EDIT_APPLICATION_ENVIRONMENTS = "edit_application_environments"
|
|
EDIT_APPLICATION_TEAM = "edit_application_team"
|
|
DELETE_APPLICATION_ENVIRONMENTS = "delete_application_environments"
|
|
|
|
@classmethod
|
|
def get(cls, perms_set_name):
|
|
try:
|
|
role = db.session.query(PermissionSet).filter_by(name=perms_set_name).one()
|
|
except NoResultFound:
|
|
raise NotFoundError("permission_set")
|
|
|
|
return role
|
|
|
|
@classmethod
|
|
def get_all(cls):
|
|
return db.session.query(PermissionSet).all()
|
|
|
|
@classmethod
|
|
def get_many(cls, perms_set_names):
|
|
permission_sets = (
|
|
db.session.query(PermissionSet)
|
|
.filter(PermissionSet.name.in_(perms_set_names))
|
|
.all()
|
|
)
|
|
|
|
if len(permission_sets) != len(perms_set_names):
|
|
raise NotFoundError("permission_set")
|
|
|
|
return permission_sets
|
|
|
|
|
|
ATAT_PERMISSION_SETS = [
|
|
{
|
|
"name": PermissionSets.VIEW_AUDIT_LOG,
|
|
"display_name": "View Audit Log",
|
|
"description": "",
|
|
"permissions": [Permissions.VIEW_AUDIT_LOG],
|
|
},
|
|
{
|
|
"name": PermissionSets.MANAGE_CCPO_USERS,
|
|
"display_name": "View Audit Log",
|
|
"description": "",
|
|
"permissions": [
|
|
Permissions.VIEW_CCPO_USER,
|
|
Permissions.CREATE_CCPO_USER,
|
|
Permissions.EDIT_CCPO_USER,
|
|
Permissions.DELETE_CCPO_USER,
|
|
],
|
|
},
|
|
]
|
|
|
|
_PORTFOLIO_BASIC_PERMISSION_SETS = [
|
|
{
|
|
"name": PermissionSets.VIEW_PORTFOLIO,
|
|
"description": "View basic portfolio info",
|
|
"display_name": "View Portfolio",
|
|
"permissions": [Permissions.VIEW_PORTFOLIO],
|
|
}
|
|
]
|
|
|
|
_PORTFOLIO_APP_MGMT_PERMISSION_SETS = [
|
|
{
|
|
"name": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
|
|
"description": "View applications and related resources",
|
|
"display_name": "Application Management",
|
|
"permissions": [
|
|
Permissions.VIEW_APPLICATION,
|
|
Permissions.VIEW_APPLICATION_MEMBER,
|
|
Permissions.VIEW_ENVIRONMENT,
|
|
],
|
|
},
|
|
{
|
|
"name": PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT,
|
|
"description": "Edit applications and related resources",
|
|
"display_name": "Application Management",
|
|
"permissions": [
|
|
Permissions.EDIT_APPLICATION,
|
|
Permissions.CREATE_APPLICATION,
|
|
Permissions.DELETE_APPLICATION,
|
|
Permissions.EDIT_APPLICATION_MEMBER,
|
|
Permissions.DELETE_APPLICATION_MEMBER,
|
|
Permissions.CREATE_APPLICATION_MEMBER,
|
|
Permissions.EDIT_ENVIRONMENT,
|
|
Permissions.CREATE_ENVIRONMENT,
|
|
Permissions.DELETE_ENVIRONMENT,
|
|
Permissions.ASSIGN_ENVIRONMENT_MEMBER,
|
|
],
|
|
},
|
|
]
|
|
|
|
_PORTFOLIO_FUNDING_PERMISSION_SETS = [
|
|
{
|
|
"name": PermissionSets.VIEW_PORTFOLIO_FUNDING,
|
|
"description": "View a portfolio's task orders",
|
|
"display_name": "Funding",
|
|
"permissions": [
|
|
Permissions.VIEW_PORTFOLIO_FUNDING,
|
|
Permissions.VIEW_TASK_ORDER_DETAILS,
|
|
],
|
|
},
|
|
{
|
|
"name": PermissionSets.EDIT_PORTFOLIO_FUNDING,
|
|
"description": "Edit a portfolio's task orders and add new ones",
|
|
"display_name": "Funding",
|
|
"permissions": [
|
|
Permissions.CREATE_TASK_ORDER,
|
|
Permissions.EDIT_TASK_ORDER_DETAILS,
|
|
],
|
|
},
|
|
]
|
|
|
|
_PORTFOLIO_REPORTS_PERMISSION_SETS = [
|
|
{
|
|
"name": PermissionSets.VIEW_PORTFOLIO_REPORTS,
|
|
"description": "View a portfolio's reports",
|
|
"display_name": "Reporting",
|
|
"permissions": [Permissions.VIEW_PORTFOLIO_REPORTS],
|
|
},
|
|
{
|
|
"name": PermissionSets.EDIT_PORTFOLIO_REPORTS,
|
|
"description": "Edit a portfolio's reports (no-op)",
|
|
"display_name": "Reporting",
|
|
"permissions": [],
|
|
},
|
|
]
|
|
|
|
_PORTFOLIO_ADMIN_PERMISSION_SETS = [
|
|
{
|
|
"name": PermissionSets.VIEW_PORTFOLIO_ADMIN,
|
|
"description": "View a portfolio's admin options",
|
|
"display_name": "Portfolio Administration",
|
|
"permissions": [
|
|
Permissions.VIEW_PORTFOLIO_ADMIN,
|
|
Permissions.VIEW_PORTFOLIO_NAME,
|
|
Permissions.VIEW_PORTFOLIO_USERS,
|
|
Permissions.VIEW_PORTFOLIO_ACTIVITY_LOG,
|
|
Permissions.VIEW_PORTFOLIO_POC,
|
|
],
|
|
},
|
|
{
|
|
"name": PermissionSets.EDIT_PORTFOLIO_ADMIN,
|
|
"description": "Edit a portfolio's admin options",
|
|
"display_name": "Portfolio Administration",
|
|
"permissions": [
|
|
Permissions.EDIT_PORTFOLIO_NAME,
|
|
Permissions.EDIT_PORTFOLIO_USERS,
|
|
Permissions.CREATE_PORTFOLIO_USERS,
|
|
],
|
|
},
|
|
]
|
|
|
|
_PORTFOLIO_POC_PERMISSION_SETS = [
|
|
{
|
|
"name": "portfolio_poc",
|
|
"description": "Permissions belonging to the Portfolio POC",
|
|
"display_name": "Portfolio Point of Contact",
|
|
"permissions": [Permissions.EDIT_PORTFOLIO_POC, Permissions.ARCHIVE_PORTFOLIO],
|
|
}
|
|
]
|
|
|
|
PORTFOLIO_PERMISSION_SETS = (
|
|
_PORTFOLIO_BASIC_PERMISSION_SETS
|
|
+ _PORTFOLIO_APP_MGMT_PERMISSION_SETS
|
|
+ _PORTFOLIO_FUNDING_PERMISSION_SETS
|
|
+ _PORTFOLIO_REPORTS_PERMISSION_SETS
|
|
+ _PORTFOLIO_ADMIN_PERMISSION_SETS
|
|
+ _PORTFOLIO_POC_PERMISSION_SETS
|
|
)
|
|
|
|
_APPLICATION_BASIC_PERMISSION_SET = {
|
|
"name": PermissionSets.VIEW_APPLICATION,
|
|
"description": "View application data",
|
|
"display_name": "View applications",
|
|
"permissions": [
|
|
Permissions.VIEW_APPLICATION,
|
|
Permissions.VIEW_APPLICATION_MEMBER,
|
|
Permissions.VIEW_ENVIRONMENT,
|
|
],
|
|
}
|
|
|
|
# need perm to assign and unassign users to environments
|
|
_APPLICATION_ENVIRONMENTS_PERMISSION_SET = {
|
|
"name": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
|
"description": "Manage environments for an application",
|
|
"display_name": "Manage environments",
|
|
"permissions": [
|
|
Permissions.EDIT_ENVIRONMENT,
|
|
Permissions.CREATE_ENVIRONMENT,
|
|
Permissions.ASSIGN_ENVIRONMENT_MEMBER,
|
|
],
|
|
}
|
|
|
|
_APPLICATION_TEAM_PERMISSION_SET = {
|
|
"name": PermissionSets.EDIT_APPLICATION_TEAM,
|
|
"description": "Manage team members for an application",
|
|
"display_name": "Manage team",
|
|
"permissions": [
|
|
Permissions.EDIT_APPLICATION_MEMBER,
|
|
Permissions.DELETE_APPLICATION_MEMBER,
|
|
Permissions.CREATE_APPLICATION_MEMBER,
|
|
Permissions.ASSIGN_ENVIRONMENT_MEMBER,
|
|
Permissions.VIEW_APPLICATION_ACTIVITY_LOG,
|
|
],
|
|
}
|
|
|
|
_APPLICATION_ENVIRONMENT_DELETE_PERMISSION_SET = {
|
|
"name": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
|
"description": "Delete environments within an application",
|
|
"display_name": "Delete environments",
|
|
"permissions": [Permissions.DELETE_ENVIRONMENT],
|
|
}
|
|
|
|
APPLICATION_PERMISSION_SETS = [
|
|
_APPLICATION_BASIC_PERMISSION_SET,
|
|
_APPLICATION_TEAM_PERMISSION_SET,
|
|
_APPLICATION_ENVIRONMENTS_PERMISSION_SET,
|
|
_APPLICATION_ENVIRONMENT_DELETE_PERMISSION_SET,
|
|
]
|