remove access checks from domain methods

tests/routes/portfolios/test_applications.py

@@ -175,6 +175,7 @@ def test_user_with_permission_can_update_application(client, user_session):
     assert application.description == "A very cool application."
 
 
+@pytest.mark.auth
 def test_user_without_permission_cannot_update_application(client, user_session):
     dev = UserFactory.create()
     owner = UserFactory.create()

tests/routes/portfolios/test_invitations.py

@@ -1,3 +1,4 @@
+import pytest
 import datetime
 from flask import url_for
 
@@ -94,6 +95,7 @@ def test_member_accepts_invalid_invite(client, user_session):
     assert response.status_code == 404
 
 
+@pytest.mark.auth
 def test_user_who_has_not_accepted_portfolio_invite_cannot_view(client, user_session):
     user = UserFactory.create()
     portfolio = PortfolioFactory.create()

tests/routes/portfolios/test_members.py

@@ -60,6 +60,7 @@ def test_user_with_permission_has_add_member_link(client, user_session):
     )
 
 
+@pytest.mark.auth
 def test_user_without_permission_has_no_add_member_link(client, user_session):
     user = UserFactory.create()
     portfolio = PortfolioFactory.create()
@@ -72,6 +73,7 @@ def test_user_without_permission_has_no_add_member_link(client, user_session):
     )
 
 
+@pytest.mark.auth
 def test_permissions_for_view_member(client, user_session):
     user = UserFactory.create()
     portfolio = PortfolioFactory.create()

tests/routes/task_orders/test_index.py

@@ -1,3 +1,4 @@
+import pytest
 from flask import url_for
 from io import BytesIO
 import re
@@ -62,6 +63,7 @@ class TestDownloadCSPEstimate:
         )
         assert response.status_code == 404
 
+    @pytest.mark.auth
     def test_download_with_wrong_user(self, client, user_session):
         other_user = UserFactory.create()
         user_session(other_user)