def handle_update_member(application_id, application_role_id, form_data):
app_role = ApplicationRoles.get_by_id(application_role_id)
application = Applications.get(application_id)
existing_env_roles_data = filter_env_roles_form_data(
app_role, application.environments)
form = UpdateMemberForm(formdata=form_data,
environment_roles=existing_env_roles_data)
if form.validate():
try:
ApplicationRoles.update_permission_sets(
app_role, form.data["permission_sets"])
for env_role in form.environment_roles:
environment = Environments.get(env_role.environment_id.data)
new_role = None if env_role.disabled.data else env_role.data[
"role"]
Environments.update_env_role(environment, app_role, new_role)
flash("application_member_updated", user_name=app_role.user_name)
except GeneralCSPException as exc:
log_error(exc)
flash(
"application_member_update_error",
user_name=app_role.user_name,
)
else:
pass
def test_get_by_id():
user = UserFactory.create()
application = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user,
application=application)
assert ApplicationRoles.get_by_id(app_role.id) == app_role
app_role.status = ApplicationRoleStatus.DISABLED
with pytest.raises(NotFoundError):
ApplicationRoles.get_by_id(app_role.id)
def test_enabled_application_role():
application = ApplicationFactory.create()
user = UserFactory.create()
app_role = ApplicationRoleFactory.create(
application=application,
user=user,
status=ApplicationRoleStatus.DISABLED)
assert app_role.status == ApplicationRoleStatus.DISABLED
ApplicationRoles.enable(app_role, app_role.user)
assert app_role.status == ApplicationRoleStatus.ACTIVE
def resend_invite(application_id, application_role_id):
app_role = ApplicationRoles.get_by_id(application_role_id)
invite = app_role.latest_invitation
form = MemberForm(http_request.form)
if form.validate():
new_invite = ApplicationInvitations.resend(g.current_user,
invite.token, form.data)
send_application_invitation(
invitee_email=new_invite.email,
inviter_name=g.current_user.full_name,
token=new_invite.token,
)
flash(
"application_invite_resent",
user_name=new_invite.user_name,
application_name=app_role.application.name,
)
else:
flash(
"application_invite_error",
user_name=app_role.user_name,
application_name=g.application.name,
)
return redirect(
url_for(
"applications.settings",
application_id=application_id,
fragment="application-members",
_anchor="application-members",
))
def revoke_invite(application_id, application_role_id):
app_role = ApplicationRoles.get_by_id(application_role_id)
invite = app_role.latest_invitation
if invite.is_pending:
ApplicationInvitations.revoke(invite.token)
flash(
"application_invite_revoked",
user_name=app_role.user_name,
application_name=g.application.name,
)
else:
flash(
"application_invite_error",
user_name=app_role.user_name,
application_name=g.application.name,
)
return redirect(
url_for(
"applications.settings",
application_id=application_id,
fragment="application-members",
_anchor="application-members",
))
def remove_member(application_id, application_role_id):
application_role = ApplicationRoles.get_by_id(application_role_id)
ApplicationRoles.disable(application_role)
flash(
"application_member_removed",
user_name=application_role.user_name,
application_name=g.application.name,
)
return redirect(
url_for(
"applications.settings",
_anchor="application-members",
application_id=g.application.id,
fragment="application-members",
))
def test_disable(session):
application = ApplicationFactory.create()
user = UserFactory.create()
member_role = ApplicationRoleFactory.create(
application=application,
user=user,
status=ApplicationRoleStatus.ACTIVE)
environment = EnvironmentFactory.create(application=application)
environment_role = EnvironmentRoleFactory.create(
application_role=member_role, environment=environment)
assert member_role.status == ApplicationRoleStatus.ACTIVE
ApplicationRoles.disable(member_role)
session.refresh(member_role)
session.refresh(environment_role)
assert member_role.status == ApplicationRoleStatus.DISABLED
assert environment_role.deleted
def test_get():
user = UserFactory.create()
application = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user,
application=application)
assert ApplicationRoles.get(user.id, application.id)
assert app_role.application == application
assert app_role.user == user
def test_create_application_role():
application = ApplicationFactory.create()
user = UserFactory.create()
application_role = ApplicationRoles.create(
application=application,
user=user,
permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM],
)
assert application_role.permission_sets == PermissionSets.get_many([
PermissionSets.EDIT_APPLICATION_TEAM, PermissionSets.VIEW_APPLICATION
])
assert application_role.application == application
assert application_role.user == user
def update_member(application_id, application_role_id):
app_role = ApplicationRoles.get_by_id(application_role_id)
form = UpdateMemberForm(http_request.form)
if form.validate():
ApplicationRoles.update_permission_sets(app_role, form.data["permission_sets"])
for env_role in form.environment_roles:
environment = Environments.get(env_role.environment_id.data)
Environments.update_env_role(environment, app_role, env_role.data["role"])
flash("application_member_updated", user_name=app_role.user_name)
else:
pass
# TODO: flash error message
return redirect(
url_for(
"applications.settings",
application_id=application_id,
fragment="application-members",
_anchor="application-members",
)
)
def add_applications_to_portfolio(portfolio):
applications = random_applications()
for application_data in applications:
application = Applications.create(
portfolio.owner,
portfolio=portfolio,
name=application_data["name"],
description=application_data["description"],
environment_names=application_data["environments"],
)
users = random.sample(APPLICATION_USERS, k=random.randint(1, 5))
for user_data in users:
try:
user = Users.get_by_dod_id(user_data["dod_id"])
except NotFoundError:
user = Users.create(
user_data["dod_id"],
None,
first_name=user_data["first_name"],
last_name=user_data["last_name"],
email=user_data["email"],
)
app_role = ApplicationRoles.create(
user=user,
application=application,
permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM],
)
ApplicationInvitations.create(portfolio.owner,
app_role,
user_data,
commit=True)
user_environments = random.sample(
application.environments,
k=random.randint(1, len(application.environments)),
)
for env in user_environments:
role = random.choice([e.value for e in CSPRole])
EnvironmentRoles.create(application_role=app_role,
environment=env,
role=role)
def invite(
cls,
application,
inviter,
user_data,
permission_sets_names=None,
environment_roles_data=None,
):
permission_sets_names = permission_sets_names or []
permission_sets = ApplicationRoles._permission_sets_for_names(
permission_sets_names
)
app_role = ApplicationRole(
application=application, permission_sets=permission_sets
)
db.session.add(app_role)
for env_role_data in environment_roles_data:
env_role_name = env_role_data.get("role")
environment_id = env_role_data.get("environment_id")
if env_role_name is not None:
# pylint: disable=cell-var-from-loop
environment = first_or_none(
lambda e: str(e.id) == str(environment_id), application.environments
)
if environment is None:
raise NotFoundError("environment")
else:
env_role = EnvironmentRole(
application_role=app_role,
environment=environment,
role=env_role_name,
)
db.session.add(env_role)
invitation = ApplicationInvitations.create(
inviter=inviter, role=app_role, member_data=user_data
)
db.session.add(invitation)
db.session.commit()
return invitation
def test_get_members_data(app, client, user_session):
user = UserFactory.create()
application = ApplicationFactory.create(environments=[{
"name":
"testing",
"members": [{
"user": user,
"role_name": CSPRole.BASIC_ACCESS.value
}],
}])
environment = application.environments[0]
app_role = ApplicationRoles.get(user_id=user.id,
application_id=application.id)
env_role = EnvironmentRoles.get(application_role_id=app_role.id,
environment_id=environment.id)
user_session(application.portfolio.owner)
with captured_templates(app) as templates:
response = app.test_client().get(
url_for("applications.settings", application_id=application.id))
assert response.status_code == 200
_, context = templates[-1]
member = context["members"][0]
assert member["role_id"] == app_role.id
assert member["user_name"] == user.full_name
assert member["permission_sets"] == {
"perms_team_mgmt": False,
"perms_env_mgmt": False,
"perms_del_env": False,
}
assert member["environment_roles"] == [{
"environment_id":
str(environment.id),
"environment_name":
environment.name,
"role":
env_role.role,
}]
assert member["role_status"]
assert isinstance(member["form"], UpdateMemberForm)
def revoke(cls, token):
invite = super().revoke(token)
ApplicationRoles.disable(invite.role)
return invite
def test_get_handles_invalid_id():
user = UserFactory.create()
application = ApplicationFactory.create()
with pytest.raises(NotFoundError):
ApplicationRoles.get(user.id, application.id)
