Application members should not see deleted applications.

This updates the `Portfolios.for_user` method to screen out deleted ApplicationRole entities. For extra assurance, we also mark application roles as disabled when they are deleted.
2019-08-15 10:20:30 -04:00
parent 068405607c
commit 24b2d95f03
3 changed files with 17 additions and 0 deletions
--- a/atst/domain/applications.py
+++ b/atst/domain/applications.py
@@ -63,6 +63,7 @@ class Applications(BaseDomainClass):

        for role in application.roles:
            role.deleted = True
+            role.status = ApplicationRoleStatus.DISABLED
            db.session.add(role)

        db.session.add(application)
--- a/atst/domain/portfolios/query.py
+++ b/atst/domain/portfolios/query.py
@@ -35,6 +35,7 @@ class PortfoliosQuery(Query):
                                    ApplicationRole.status
                                    == ApplicationRoleStatus.ACTIVE
                                )
+                                .filter(ApplicationRole.deleted == False)
                                .subquery()
                            )
                        )