Validate the form

2019-04-02 10:16:46 -04:00 · 2019-04-02 10:16:46 -04:00 · 3cfac9e95e
commit 3cfac9e95e
parent c46746d43d
2 changed files with 44 additions and 15 deletions
--- a/atst/routes/portfolios/index.py
+++ b/atst/routes/portfolios/index.py
@ -96,24 +96,25 @@ def edit_portfolio_members(portfolio_id):
    portfolio = Portfolios.get_for_update(portfolio_id)
    member_perms_form = member_forms.MembersPermissionsForm(http_request.form)

-    for subform in member_perms_form.members_permissions:
-        new_perm_set = subform.data["permission_sets"]
-        user_id = subform.user_id.data
-        portfolio_role = PortfolioRoles.get(portfolio.id, user_id)
-        PortfolioRoles.update(portfolio_role, new_perm_set)
+    if member_perms_form.validate():
+        for subform in member_perms_form.members_permissions:
+            new_perm_set = subform.data["permission_sets"]
+            user_id = subform.user_id.data
+            portfolio_role = PortfolioRoles.get(portfolio.id, user_id)
+            PortfolioRoles.update(portfolio_role, new_perm_set)

-    flash("update_portfolio_members", portfolio=portfolio)
+        flash("update_portfolio_members", portfolio=portfolio)

-    return redirect(
-        url_for(
-            "portfolios.portfolio_admin",
-            portfolio_id=portfolio.id,
-            fragment="portfolio-members",
-            _anchor="portfolio-members",
+        return redirect(
+            url_for(
+                "portfolios.portfolio_admin",
+                portfolio_id=portfolio.id,
+                fragment="portfolio-members",
+                _anchor="portfolio-members",
+            )
        )
-    )
-
-    return render_admin_page(portfolio)
+    else:
+        return render_admin_page(portfolio)


@portfolios_bp.route("/portfolios/<portfolio_id>/edit", methods=["POST"])
--- a/tests/routes/portfolios/test_admin.py
+++ b/tests/routes/portfolios/test_admin.py
@ -102,3 +102,31 @@ def test_no_update_member_permissions_without_edit_access(client, user_session):
    assert not rando_pf_role.has_permission_set(
        PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT
    )
+
+
+def test_rerender_admin_page_if_member_perms_form_does_not_validate(
+    client, user_session
+):
+    portfolio = PortfolioFactory.create()
+    user = UserFactory.create()
+    PortfolioRoleFactory.create(
+        user=user,
+        portfolio=portfolio,
+        permission_sets=[PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_ADMIN)],
+    )
+    user_session(user)
+    form_data = {
+        "members_permissions-0-user_id": user.id,
+        "members_permissions-0-perms_app_mgmt": "bad input",
+        "members_permissions-0-perms_funding": "view_portfolio_funding",
+        "members_permissions-0-perms_reporting": "view_portfolio_reports",
+        "members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
+    }
+
+    response = client.post(
+        url_for("portfolios.edit_portfolio_members", portfolio_id=portfolio.id),
+        data=form_data,
+        follow_redirects=True,
+    )
+    assert response.status_code == 200
+    assert "Portfolio Administration" in response.data.decode()