334 lines
12 KiB
Python
334 lines
12 KiB
Python
import pytest
|
|
from flask import url_for
|
|
|
|
from tests.factories import (
|
|
UserFactory,
|
|
PortfolioFactory,
|
|
PortfolioRoleFactory,
|
|
InvitationFactory,
|
|
)
|
|
from atst.domain.portfolios import Portfolios
|
|
from atst.domain.portfolio_roles import PortfolioRoles
|
|
from atst.domain.applications import Applications
|
|
from atst.domain.environments import Environments
|
|
from atst.domain.environment_roles import EnvironmentRoles
|
|
from atst.domain.permission_sets import PermissionSets
|
|
from atst.queue import queue
|
|
from atst.models.portfolio_role import Status as PortfolioRoleStatus
|
|
from atst.models.invitation import Status as InvitationStatus
|
|
|
|
_DEFAULT_PERMS_FORM_DATA = {
|
|
"perms_app_mgmt": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT,
|
|
"perms_funding": PermissionSets.VIEW_PORTFOLIO_FUNDING,
|
|
"perms_reporting": PermissionSets.VIEW_PORTFOLIO_REPORTS,
|
|
"perms_portfolio_mgmt": PermissionSets.VIEW_PORTFOLIO_ADMIN,
|
|
}
|
|
|
|
|
|
def create_portfolio_and_invite_user(
|
|
ws_role="developer",
|
|
ws_status=PortfolioRoleStatus.PENDING,
|
|
invite_status=InvitationStatus.PENDING,
|
|
):
|
|
owner = UserFactory.create()
|
|
portfolio = PortfolioFactory.create(owner=owner)
|
|
if ws_role != "owner":
|
|
user = UserFactory.create()
|
|
member = PortfolioRoleFactory.create(
|
|
user=user, portfolio=portfolio, status=ws_status
|
|
)
|
|
InvitationFactory.create(
|
|
inviter=portfolio.owner,
|
|
user=user,
|
|
portfolio_role=member,
|
|
email=member.user.email,
|
|
status=invite_status,
|
|
)
|
|
return (portfolio, member)
|
|
else:
|
|
return (portfolio, portfolio.members[0])
|
|
|
|
|
|
def test_user_with_permission_has_add_member_link(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user_session(portfolio.owner)
|
|
response = client.get("/portfolios/{}/members".format(portfolio.id))
|
|
assert response.status_code == 200
|
|
assert (
|
|
'href="/portfolios/{}/members/new"'.format(portfolio.id).encode()
|
|
in response.data
|
|
)
|
|
|
|
|
|
def test_user_without_permission_has_no_add_member_link(client, user_session):
|
|
user = UserFactory.create()
|
|
portfolio = PortfolioFactory.create()
|
|
Portfolios._create_portfolio_role(user, portfolio)
|
|
user_session(user)
|
|
response = client.get("/portfolios/{}/members".format(portfolio.id))
|
|
assert (
|
|
'href="/portfolios/{}/members/new"'.format(portfolio.id).encode()
|
|
not in response.data
|
|
)
|
|
|
|
|
|
def test_permissions_for_view_member(client, user_session):
|
|
user = UserFactory.create()
|
|
portfolio = PortfolioFactory.create()
|
|
Portfolios._create_portfolio_role(user, portfolio)
|
|
member = PortfolioRoles.add(user, portfolio.id)
|
|
user_session(user)
|
|
response = client.get(
|
|
url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id)
|
|
)
|
|
assert response.status_code == 404
|
|
|
|
|
|
def test_create_member(client, user_session):
|
|
user = UserFactory.create()
|
|
portfolio = PortfolioFactory.create()
|
|
user_session(portfolio.owner)
|
|
queue_length = len(queue.get_queue())
|
|
|
|
response = client.post(
|
|
url_for("portfolios.create_member", portfolio_id=portfolio.id),
|
|
data={
|
|
"dod_id": user.dod_id,
|
|
"first_name": "Wilbur",
|
|
"last_name": "Zuckerman",
|
|
"email": "some_pig@zuckermans.com",
|
|
"portfolio_role": "developer",
|
|
**_DEFAULT_PERMS_FORM_DATA,
|
|
},
|
|
follow_redirects=True,
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
assert user.full_name in response.data.decode()
|
|
assert user.has_portfolios
|
|
assert user.invitations
|
|
assert len(queue.get_queue()) == queue_length + 1
|
|
portfolio_role = user.portfolio_roles[0]
|
|
assert len(portfolio_role.permission_sets) == 5
|
|
|
|
|
|
@pytest.mark.skip(reason="permission set display not implemented")
|
|
def test_view_member_shows_role(client, user_session):
|
|
user = UserFactory.create()
|
|
portfolio = PortfolioFactory.create()
|
|
Portfolios._create_portfolio_role(user, portfolio)
|
|
member = PortfolioRoles.add(user, portfolio.id)
|
|
user_session(portfolio.owner)
|
|
response = client.get(
|
|
url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id)
|
|
)
|
|
assert response.status_code == 200
|
|
assert "initial-choice='developer'".encode() in response.data
|
|
|
|
|
|
def test_update_member_portfolio_role(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user = UserFactory.create()
|
|
member = PortfolioRoles.add(user, portfolio.id)
|
|
user_session(portfolio.owner)
|
|
response = client.post(
|
|
url_for(
|
|
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
|
),
|
|
data={
|
|
**_DEFAULT_PERMS_FORM_DATA,
|
|
"perms_funding": PermissionSets.EDIT_PORTFOLIO_FUNDING,
|
|
},
|
|
follow_redirects=True,
|
|
)
|
|
assert response.status_code == 200
|
|
edit_funding = PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_FUNDING)
|
|
assert edit_funding in member.permission_sets
|
|
|
|
|
|
def test_update_member_portfolio_role_with_no_data(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user = UserFactory.create()
|
|
member = PortfolioRoles.add(user, portfolio.id)
|
|
user_session(portfolio.owner)
|
|
original_perms_len = len(member.permission_sets)
|
|
response = client.post(
|
|
url_for(
|
|
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
|
),
|
|
data={},
|
|
follow_redirects=True,
|
|
)
|
|
assert response.status_code == 200
|
|
assert len(member.permission_sets) == original_perms_len
|
|
|
|
|
|
def test_update_member_environment_role(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user = UserFactory.create()
|
|
member = PortfolioRoles.add(user, portfolio.id)
|
|
application = Applications.create(
|
|
portfolio.owner,
|
|
portfolio,
|
|
"Snazzy Application",
|
|
"A new application for me and my friends",
|
|
{"env1", "env2"},
|
|
)
|
|
env1_id = application.environments[0].id
|
|
env2_id = application.environments[1].id
|
|
for env in application.environments:
|
|
Environments.add_member(env, user, "developer")
|
|
user_session(portfolio.owner)
|
|
response = client.post(
|
|
url_for(
|
|
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
|
),
|
|
data={
|
|
"env_" + str(env1_id): "security_auditor",
|
|
"env_" + str(env2_id): "devops",
|
|
**_DEFAULT_PERMS_FORM_DATA,
|
|
},
|
|
follow_redirects=True,
|
|
)
|
|
assert response.status_code == 200
|
|
assert b"role updated successfully" not in response.data
|
|
assert b"access successfully changed" in response.data
|
|
assert EnvironmentRoles.get(user.id, env1_id).role == "security_auditor"
|
|
assert EnvironmentRoles.get(user.id, env2_id).role == "devops"
|
|
|
|
|
|
def test_update_member_environment_role_with_no_data(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user = UserFactory.create()
|
|
member = PortfolioRoles.add(user, portfolio.id)
|
|
application = Applications.create(
|
|
portfolio.owner,
|
|
portfolio,
|
|
"Snazzy Application",
|
|
"A new application for me and my friends",
|
|
{"env1"},
|
|
)
|
|
env1_id = application.environments[0].id
|
|
for env in application.environments:
|
|
Environments.add_member(env, user, "developer")
|
|
user_session(portfolio.owner)
|
|
response = client.post(
|
|
url_for(
|
|
"portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id
|
|
),
|
|
data={"env_" + str(env1_id): None, "env_" + str(env1_id): ""},
|
|
follow_redirects=True,
|
|
)
|
|
assert response.status_code == 200
|
|
assert b"access successfully changed" not in response.data
|
|
assert EnvironmentRoles.get(user.id, env1_id).role == "developer"
|
|
|
|
|
|
def test_revoke_active_member_access(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user = UserFactory.create()
|
|
member = PortfolioRoleFactory.create(
|
|
portfolio=portfolio, user=user, status=PortfolioRoleStatus.ACTIVE
|
|
)
|
|
Applications.create(
|
|
portfolio.owner,
|
|
portfolio,
|
|
"Snazzy Application",
|
|
"A new application for me and my friends",
|
|
{"env1"},
|
|
)
|
|
user_session(portfolio.owner)
|
|
response = client.post(
|
|
url_for(
|
|
"portfolios.revoke_access", portfolio_id=portfolio.id, member_id=member.id
|
|
)
|
|
)
|
|
assert response.status_code == 302
|
|
assert PortfolioRoles.get_by_id(member.id).num_environment_roles == 0
|
|
|
|
|
|
def test_does_not_show_any_buttons_if_owner(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
user_session(portfolio.owner)
|
|
response = client.get(
|
|
url_for(
|
|
"portfolios.view_member",
|
|
portfolio_id=portfolio.id,
|
|
member_id=portfolio.owner.id,
|
|
)
|
|
)
|
|
assert "Remove Portfolio Access" not in response.data.decode()
|
|
assert "Resend Invitation" not in response.data.decode()
|
|
assert "Revoke Invitation" not in response.data.decode()
|
|
|
|
|
|
def test_only_shows_revoke_access_button_if_active(client, user_session):
|
|
portfolio, member = create_portfolio_and_invite_user(
|
|
ws_status=PortfolioRoleStatus.ACTIVE, invite_status=InvitationStatus.ACCEPTED
|
|
)
|
|
user_session(portfolio.owner)
|
|
response = client.get(
|
|
url_for(
|
|
"portfolios.view_member",
|
|
portfolio_id=portfolio.id,
|
|
member_id=member.user.id,
|
|
)
|
|
)
|
|
assert response.status_code == 200
|
|
assert "Remove Portfolio Access" in response.data.decode()
|
|
assert "Revoke Invitation" not in response.data.decode()
|
|
assert "Resend Invitation" not in response.data.decode()
|
|
|
|
|
|
def test_only_shows_revoke_invite_button_if_pending(client, user_session):
|
|
portfolio, member = create_portfolio_and_invite_user(
|
|
ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.PENDING
|
|
)
|
|
user_session(portfolio.owner)
|
|
# member = next((memb for memb in portfolio.members if memb != portfolio.owner), None)
|
|
response = client.get(
|
|
url_for(
|
|
"portfolios.view_member",
|
|
portfolio_id=portfolio.id,
|
|
member_id=member.user.id,
|
|
)
|
|
)
|
|
assert "Revoke Invitation" in response.data.decode()
|
|
assert "Remove Portfolio Access" not in response.data.decode()
|
|
assert "Resend Invitation" not in response.data.decode()
|
|
|
|
|
|
def test_only_shows_resend_button_if_expired(client, user_session):
|
|
portfolio, member = create_portfolio_and_invite_user(
|
|
ws_status=PortfolioRoleStatus.PENDING,
|
|
invite_status=InvitationStatus.REJECTED_EXPIRED,
|
|
)
|
|
user_session(portfolio.owner)
|
|
response = client.get(
|
|
url_for(
|
|
"portfolios.view_member",
|
|
portfolio_id=portfolio.id,
|
|
member_id=member.user.id,
|
|
)
|
|
)
|
|
assert "Resend Invitation" in response.data.decode()
|
|
assert "Revoke Invitation" not in response.data.decode()
|
|
assert "Remove Portfolio Access" not in response.data.decode()
|
|
|
|
|
|
def test_only_shows_resend_button_if_revoked(client, user_session):
|
|
portfolio, member = create_portfolio_and_invite_user(
|
|
ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.REVOKED
|
|
)
|
|
user_session(portfolio.owner)
|
|
response = client.get(
|
|
url_for(
|
|
"portfolios.view_member",
|
|
portfolio_id=portfolio.id,
|
|
member_id=member.user.id,
|
|
)
|
|
)
|
|
assert "Resend Invitation" in response.data.decode()
|
|
assert "Remove Portfolio Access" not in response.data.decode()
|
|
assert "Revoke Invitation" not in response.data.decode()
|