add access tests for all access-protected routes

- cleans up skipped access tests in domain tests
- cleans up other skipped tests that are no longer relevant

tests/domain/test_audit_log.py

@@ -22,18 +22,6 @@ def developer():
     return UserFactory.create()
 
 
-@pytest.mark.skip(reason="redo as a route access test")
-def test_non_admin_cannot_view_audit_log(developer):
-    with pytest.raises(UnauthorizedError):
-        AuditLog.get_all_events(developer)
-
-
-@pytest.mark.skip(reason="redo as a route access test")
-def test_ccpo_can_view_audit_log():
-    events = AuditLog.get_all_events()
-    assert len(events) > 0
-
-
 def test_paginate_audit_log():
     user = UserFactory.create()
     for _ in range(100):
@@ -43,39 +31,6 @@ def test_paginate_audit_log():
     assert len(events) == 25
 
 
-@pytest.mark.skip(reason="redo as a route access test")
-def test_ccpo_can_view_ws_audit_log():
-    portfolio = PortfolioFactory.create()
-    events = AuditLog.get_portfolio_events(portfolio)
-    assert len(events) > 0
-
-
-@pytest.mark.skip(reason="redo as a route access test")
-def test_ws_admin_can_view_ws_audit_log():
-    portfolio = PortfolioFactory.create()
-    admin = UserFactory.create()
-    PortfolioRoleFactory.create(
-        portfolio=portfolio, user=admin, status=PortfolioRoleStatus.ACTIVE
-    )
-    events = AuditLog.get_portfolio_events(portfolio)
-    assert len(events) > 0
-
-
-@pytest.mark.skip(reason="redo as a route access test")
-def test_ws_owner_can_view_ws_audit_log():
-    portfolio = PortfolioFactory.create()
-    events = AuditLog.get_portfolio_events(portfolio)
-    assert len(events) > 0
-
-
-@pytest.mark.skip(reason="redo as a route access test")
-def test_other_users_cannot_view_portfolio_audit_log():
-    with pytest.raises(UnauthorizedError):
-        portfolio = PortfolioFactory.create()
-        dev = UserFactory.create()
-        AuditLog.get_portfolio_events(dev, portfolio)
-
-
 def test_paginate_ws_audit_log():
     portfolio = PortfolioFactory.create()
     application = ApplicationFactory.create(portfolio=portfolio)

tests/domain/test_portfolios.py

@@ -46,26 +46,6 @@ def test_portfolio_has_timestamps(portfolio):
     assert portfolio.time_created == portfolio.time_updated
 
 
-@pytest.mark.skip(reason="redo as a route access test")
-def test_portfolios_get_ensures_user_is_in_portfolio(portfolio, portfolio_owner):
-    outside_user = UserFactory.create()
-    with pytest.raises(UnauthorizedError):
-        Portfolios.get(outside_user, portfolio.id)
-
-
-def test_get_for_update_applications_allows_owner(portfolio, portfolio_owner):
-    Portfolios.get_for_update(portfolio.id)
-
-
-@pytest.mark.skip(reason="redo as a route access test")
-def test_get_for_update_applications_blocks_developer(portfolio):
-    developer = UserFactory.create()
-    PortfolioRoles.add(developer, portfolio.id)
-
-    with pytest.raises(UnauthorizedError):
-        Portfolios.get_for_update(portfolio.id)
-
-
 def test_can_create_portfolio_role(portfolio, portfolio_owner):
     user_data = {
         "first_name": "New",
@@ -96,22 +76,6 @@ def test_can_add_existing_user_to_portfolio(portfolio, portfolio_owner):
     assert not new_member.user.provisional
 
 
-@pytest.mark.skip(reason="redo as a route access test")
-def test_need_permission_to_create_portfolio_role(portfolio, portfolio_owner):
-    random_user = UserFactory.create()
-
-    user_data = {
-        "first_name": "New",
-        "last_name": "User",
-        "email": "new.user@mail.com",
-        "portfolio_role": "developer",
-        "dod_id": "1234567890",
-    }
-
-    with pytest.raises(UnauthorizedError):
-        Portfolios.create_member(portfolio, user_data)
-
-
 def test_update_portfolio_role_role(portfolio, portfolio_owner):
     user_data = {
         "first_name": "New",
@@ -128,42 +92,6 @@ def test_update_portfolio_role_role(portfolio, portfolio_owner):
     assert updated_member.portfolio == portfolio
 
 
-@pytest.mark.skip(reason="redo as a route access test")
-def test_need_permission_to_update_portfolio_role_role(portfolio, portfolio_owner):
-    random_user = UserFactory.create()
-    user_data = {
-        "first_name": "New",
-        "last_name": "User",
-        "email": "new.user@mail.com",
-        "portfolio_role": "developer",
-        "dod_id": "1234567890",
-    }
-    member = Portfolios.create_member(portfolio, user_data)
-    role_name = "developer"
-
-    with pytest.raises(UnauthorizedError):
-        Portfolios.update_member(member, role_name)
-
-
-def test_owner_can_view_portfolio_members(portfolio, portfolio_owner):
-    portfolio = Portfolios.get_for_update(portfolio.id)
-
-    assert portfolio
-
-
-def test_ccpo_can_view_portfolio_members(portfolio, portfolio_owner):
-    ccpo = UserFactory.create_ccpo()
-    assert Portfolios.get_for_update(portfolio.id)
-
-
-@pytest.mark.skip(reason="redo as a route access test")
-def test_random_user_cannot_view_portfolio_members(portfolio):
-    developer = UserFactory.create()
-
-    with pytest.raises(UnauthorizedError):
-        portfolio = Portfolios.get_for_update(portfolio.id)
-
-
 def test_scoped_portfolio_for_admin_missing_view_apps_perms(portfolio_owner, portfolio):
     Applications.create(
         portfolio, "My Application 2", "My application 2", ["dev", "staging", "prod"]
@@ -265,28 +193,6 @@ def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner):
     assert len(sams_portfolios) == 2
 
 
-@pytest.mark.skip(reason="redo as a route access test")
-def test_get_for_update_information(portfolio, portfolio_owner):
-    owner_ws = Portfolios.get_for_update(portfolio.id)
-    assert portfolio == owner_ws
-
-    admin = UserFactory.create()
-    perm_sets = get_all_portfolio_permission_sets()
-    PortfolioRoleFactory.create(
-        user=admin, portfolio=portfolio, permission_sets=perm_sets
-    )
-    admin_ws = Portfolios.get_for_update(portfolio.id)
-    assert portfolio == admin_ws
-
-    # TODO: implement ccpo roles
-    # ccpo = UserFactory.create_ccpo()
-    # assert Portfolios.get_for_update(portfolio.id)
-
-    developer = UserFactory.create()
-    with pytest.raises(UnauthorizedError):
-        Portfolios.get_for_update(portfolio.id)
-
-
 def test_can_create_portfolios_with_matching_names():
     portfolio_name = "Great Portfolio"
     PortfolioFactory.create(name=portfolio_name)

tests/domain/test_task_orders.py

@@ -93,46 +93,6 @@ def test_add_officer_who_is_already_portfolio_member():
     assert member.user == owner
 
 
-@pytest.mark.skip(reason="redo as route access test")
-def test_task_order_access():
-    creator = UserFactory.create()
-    member = UserFactory.create()
-    rando = UserFactory.create()
-    officer = UserFactory.create()
-
-    def check_access(can, cannot, method_name, method_args):
-        method = getattr(TaskOrders, method_name)
-
-        for user in can:
-            assert method(user, *method_args)
-
-        for user in cannot:
-            with pytest.raises(UnauthorizedError):
-                method(user, *method_args)
-
-    portfolio = PortfolioFactory.create(owner=creator)
-    task_order = TaskOrderFactory.create(creator=creator, portfolio=portfolio)
-    PortfolioRoleFactory.create(
-        user=member,
-        portfolio=task_order.portfolio,
-        permission_sets=[
-            PermissionSets.get(prms)
-            for prms in PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
-        ],
-    )
-    TaskOrders.add_officer(task_order, "contracting_officer", officer.to_dictionary())
-
-    check_access([creator, officer, member], [rando], "get", [task_order.id])
-    check_access([creator, officer], [member, rando], "create", [portfolio])
-    check_access([creator, officer], [member, rando], "update", [task_order])
-    check_access(
-        [creator, officer],
-        [member, rando],
-        "add_officer",
-        [task_order, "contracting_officer", UserFactory.dictionary()],
-    )
-
-
 def test_dd254_complete():
     finished = DD254Factory.create()
     unfinished = DD254Factory.create(certifying_official=None)