Validate the form

atst/routes/portfolios/index.py

@@ -96,6 +96,7 @@ def edit_portfolio_members(portfolio_id):
     portfolio = Portfolios.get_for_update(portfolio_id)
     member_perms_form = member_forms.MembersPermissionsForm(http_request.form)
 
+    if member_perms_form.validate():
         for subform in member_perms_form.members_permissions:
             new_perm_set = subform.data["permission_sets"]
             user_id = subform.user_id.data
@@ -112,7 +113,7 @@ def edit_portfolio_members(portfolio_id):
                 _anchor="portfolio-members",
             )
         )
-
+    else:
         return render_admin_page(portfolio)
 
 

tests/routes/portfolios/test_admin.py

@@ -102,3 +102,31 @@ def test_no_update_member_permissions_without_edit_access(client, user_session):
     assert not rando_pf_role.has_permission_set(
         PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT
     )
+
+
+def test_rerender_admin_page_if_member_perms_form_does_not_validate(
+    client, user_session
+):
+    portfolio = PortfolioFactory.create()
+    user = UserFactory.create()
+    PortfolioRoleFactory.create(
+        user=user,
+        portfolio=portfolio,
+        permission_sets=[PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_ADMIN)],
+    )
+    user_session(user)
+    form_data = {
+        "members_permissions-0-user_id": user.id,
+        "members_permissions-0-perms_app_mgmt": "bad input",
+        "members_permissions-0-perms_funding": "view_portfolio_funding",
+        "members_permissions-0-perms_reporting": "view_portfolio_reports",
+        "members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
+    }
+
+    response = client.post(
+        url_for("portfolios.edit_portfolio_members", portfolio_id=portfolio.id),
+        data=form_data,
+        follow_redirects=True,
+    )
+    assert response.status_code == 200
+    assert "Portfolio Administration" in response.data.decode()