pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Application members should not see deleted applications.

Browse Source 
This updates the `Portfolios.for_user` method to screen out deleted
ApplicationRole entities. For extra assurance, we also mark application
roles as disabled when they are deleted.
This commit is contained in:
dandds
2019-08-15 10:20:30 -04:00
parent 068405607c
commit 24b2d95f03
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tests/domain/test_portfolios.py
View File

@@ -225,3 +225,18 @@ def test_for_user_does_not_include_deleted_portfolios():
user = UserFactory.create()
PortfolioFactory.create(owner=user, deleted=True)
assert len(Portfolios.for_user(user)) == 0
def test_for_user_does_not_include_deleted_application_roles():
user1 = UserFactory.create()
user2 = UserFactory.create()
portfolio = PortfolioFactory.create()
app = ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(
status=ApplicationRoleStatus.ACTIVE, user=user1, application=app
)
assert len(Portfolios.for_user(user1)) == 1
ApplicationRoleFactory.create(
status=ApplicationRoleStatus.ACTIVE, user=user2, application=app, deleted=True
)
assert len(Portfolios.for_user(user2)) == 0