add access tests for all access-protected routes

- cleans up skipped access tests in domain tests
- cleans up other skipped tests that are no longer relevant

tests/domain/test_task_orders.py

@@ -93,46 +93,6 @@ def test_add_officer_who_is_already_portfolio_member():
     assert member.user == owner
 
 
-@pytest.mark.skip(reason="redo as route access test")
-def test_task_order_access():
-    creator = UserFactory.create()
-    member = UserFactory.create()
-    rando = UserFactory.create()
-    officer = UserFactory.create()
-
-    def check_access(can, cannot, method_name, method_args):
-        method = getattr(TaskOrders, method_name)
-
-        for user in can:
-            assert method(user, *method_args)
-
-        for user in cannot:
-            with pytest.raises(UnauthorizedError):
-                method(user, *method_args)
-
-    portfolio = PortfolioFactory.create(owner=creator)
-    task_order = TaskOrderFactory.create(creator=creator, portfolio=portfolio)
-    PortfolioRoleFactory.create(
-        user=member,
-        portfolio=task_order.portfolio,
-        permission_sets=[
-            PermissionSets.get(prms)
-            for prms in PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
-        ],
-    )
-    TaskOrders.add_officer(task_order, "contracting_officer", officer.to_dictionary())
-
-    check_access([creator, officer, member], [rando], "get", [task_order.id])
-    check_access([creator, officer], [member, rando], "create", [portfolio])
-    check_access([creator, officer], [member, rando], "update", [task_order])
-    check_access(
-        [creator, officer],
-        [member, rando],
-        "add_officer",
-        [task_order, "contracting_officer", UserFactory.dictionary()],
-    )
-
-
 def test_dd254_complete():
     finished = DD254Factory.create()
     unfinished = DD254Factory.create(certifying_official=None)