Workspaces.revoke_access

atst/domain/workspaces/workspaces.py

@@ -138,3 +138,12 @@ class Workspaces(object):
             workspace.name = new_data["name"]
 
         WorkspacesQuery.add_and_commit(workspace)
+
+    @classmethod
+    def revoke_access(cls, user, workspace, target_workspace_role):
+        # TODO: What permission to here? Do we need a new one?
+        # Authorization.check_workspace_permission(
+        #     user, workspace, Permissions.REQUEST_NEW_CSP_ROLE, "revoke workspace access"
+        # )
+        target_workspace_role.status = WorkspaceRoleStatus.DISABLED
+        return WorkspacesQuery.add_and_commit(target_workspace_role)

tests/domain/test_workspaces.py

@@ -11,8 +11,8 @@ from atst.models.workspace_role import Status as WorkspaceRoleStatus
 from tests.factories import (
     RequestFactory,
     UserFactory,
-    InvitationFactory,
     WorkspaceRoleFactory,
+    WorkspaceFactory,
 )
 
 
@@ -302,3 +302,10 @@ def test_can_create_workspaces_with_matching_names():
     workspace_name = "Great Workspace"
     Workspaces.create(RequestFactory.create(), name=workspace_name)
     Workspaces.create(RequestFactory.create(), name=workspace_name)
+
+
+def test_can_remove_workspace_access():
+    workspace = WorkspaceFactory.create()
+    workspace_role = WorkspaceRoleFactory.create(workspace=workspace)
+    Workspaces.revoke_access(workspace.owner, workspace, workspace_role)
+    assert Workspaces.for_user(workspace_role.user) == []