check sitewide perms for portfolio access, restore ccpo tests

atst/domain/authz.py

@@ -24,7 +24,10 @@ class Authorization(object):
 
     @classmethod
     def check_portfolio_permission(cls, user, portfolio, permission, message):
-        if not Authorization.has_portfolio_permission(user, portfolio, permission):
+        if not (
+            Authorization.has_atat_permission(user, permission)
+            or Authorization.has_portfolio_permission(user, portfolio, permission)
+        ):
             raise UnauthorizedError(user, message)
 
     @classmethod

tests/domain/test_audit_log.py

@@ -27,7 +27,6 @@ def test_non_admin_cannot_view_audit_log(developer):
         AuditLog.get_all_events(developer)
 
 
-@pytest.mark.skip(reason="no ccpo access yet")
 def test_ccpo_can_view_audit_log(ccpo):
     events = AuditLog.get_all_events(ccpo)
     assert len(events) > 0
@@ -42,7 +41,6 @@ def test_paginate_audit_log(ccpo):
     assert len(events) == 25
 
 
-@pytest.mark.skip(reason="no ccpo access yet")
 def test_ccpo_can_view_ws_audit_log(ccpo):
     portfolio = PortfolioFactory.create()
     events = AuditLog.get_portfolio_events(ccpo, portfolio)

tests/domain/test_portfolios.py

@@ -149,7 +149,6 @@ def test_owner_can_view_portfolio_members(portfolio, portfolio_owner):
     assert portfolio
 
 
-@pytest.mark.skip(reason="no ccpo access yet")
 def test_ccpo_can_view_portfolio_members(portfolio, portfolio_owner):
     ccpo = UserFactory.create_ccpo()
     assert Portfolios.get_with_members(ccpo, portfolio.id)
@@ -275,7 +274,6 @@ def test_for_user_does_not_return_inactive_portfolios(portfolio, portfolio_owner
     assert len(bobs_portfolios) == 0
 
 
-@pytest.mark.skip(reason="CCPO status not fully implemented")
 def test_for_user_returns_all_portfolios_for_ccpo(portfolio, portfolio_owner):
     sam = UserFactory.create_ccpo()
     PortfolioFactory.create()