Update Point of Contact

tests/routes/portfolios/test_portfolios_index.py

@@ -1,9 +1,12 @@
-from flask import url_for
+import pytest
 
+from flask import url_for
 from atst.domain.permission_sets import PermissionSets
+from atst.domain.portfolios import Portfolios
 from atst.models.permissions import Permissions
 from atst.domain.portfolio_roles import PortfolioRoles
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
+from atst.domain.exceptions import UnauthorizedError
 
 from tests.factories import (
     random_future_date,
@@ -28,6 +31,114 @@ def test_update_portfolio_name(client, user_session):
     assert portfolio.name == "a cool new name"
 
 
+def updating_ppoc_successfully(client, old_ppoc, new_ppoc, portfolio):
+    response = client.post(
+        url_for("portfolios.update_ppoc", portfolio_id=portfolio.id, _external=True),
+        data={"user_id": new_ppoc.id},
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 302
+    assert response.headers["Location"] == url_for(
+        "portfolios.portfolio_admin",
+        portfolio_id=portfolio.id,
+        fragment="primary-point-of-contact",
+        _anchor="primary-point-of-contact",
+        _external=True,
+    )
+    assert portfolio.owner.id == new_ppoc.id
+    assert (
+        Permissions.EDIT_PORTFOLIO_POC
+        in PortfolioRoles.get(
+            portfolio_id=portfolio.id, user_id=new_ppoc.id
+        ).permissions
+    )
+    assert (
+        Permissions.EDIT_PORTFOLIO_POC
+        not in PortfolioRoles.get(portfolio.id, old_ppoc.id).permissions
+    )
+
+
+def test_update_ppoc_no_user_id_specified(client, user_session):
+    portfolio = PortfolioFactory.create()
+
+    user_session(portfolio.owner)
+
+    response = client.post(
+        url_for("portfolios.update_ppoc", portfolio_id=portfolio.id, _external=True),
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 404
+
+
+def test_update_ppoc_to_member_not_on_portfolio(client, user_session):
+    portfolio = PortfolioFactory.create()
+    original_ppoc = portfolio.owner
+    non_portfolio_member = UserFactory.create()
+
+    user_session(original_ppoc)
+
+    response = client.post(
+        url_for("portfolios.update_ppoc", portfolio_id=portfolio.id, _external=True),
+        data={"user_id": non_portfolio_member.id},
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 404
+    assert portfolio.owner.id == original_ppoc.id
+
+
+def test_update_ppoc_when_ppoc(client, user_session):
+    portfolio = PortfolioFactory.create()
+    original_ppoc = portfolio.owner
+    new_ppoc = UserFactory.create()
+    Portfolios.add_member(
+        member=new_ppoc,
+        portfolio=portfolio,
+        permission_sets=[PermissionSets.VIEW_PORTFOLIO],
+    )
+
+    user_session(original_ppoc)
+
+    updating_ppoc_successfully(
+        client=client, new_ppoc=new_ppoc, old_ppoc=original_ppoc, portfolio=portfolio
+    )
+
+
+def test_update_ppoc_when_cpo(client, user_session):
+    ccpo = UserFactory.create_ccpo()
+    portfolio = PortfolioFactory.create()
+    original_ppoc = portfolio.owner
+    new_ppoc = UserFactory.create()
+    Portfolios.add_member(
+        member=new_ppoc,
+        portfolio=portfolio,
+        permission_sets=[PermissionSets.VIEW_PORTFOLIO],
+    )
+
+    user_session(ccpo)
+
+    updating_ppoc_successfully(
+        client=client, new_ppoc=new_ppoc, old_ppoc=original_ppoc, portfolio=portfolio
+    )
+
+
+def test_update_ppoc_when_not_ppoc(client, user_session):
+    portfolio = PortfolioFactory.create()
+    new_owner = UserFactory.create()
+
+    user_session(new_owner)
+
+    response = client.post(
+        url_for("portfolios.update_ppoc", portfolio_id=portfolio.id, _external=True),
+        data={"dod_id": new_owner.dod_id},
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 404
+
+
 def test_portfolio_index_with_existing_portfolios(client, user_session):
     portfolio = PortfolioFactory.create()
     user_session(portfolio.owner)