push authz into the workspace domain for revoking tokens

2018-11-07 12:56:22 -05:00 · 2018-11-07 12:56:22 -05:00 · 50888f9e9f
commit 50888f9e9f
parent 4849a89125
2 changed files with 13 additions and 7 deletions
--- a/atst/domain/workspaces/workspaces.py
+++ b/atst/domain/workspaces/workspaces.py
@ -50,6 +50,18 @@ class Workspaces(object):

        return workspace

+    @classmethod
+    def get_for_update_member(cls, user, workspace_id):
+        workspace = WorkspacesQuery.get(workspace_id)
+        Authorization.check_workspace_permission(
+            user,
+            workspace,
+            Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
+            "update a workspace member",
+        )
+
+        return workspace
+
    @classmethod
    def get_by_request(cls, request):
        return WorkspacesQuery.get_by_request(request)
--- a/atst/routes/workspaces.py
+++ b/atst/routes/workspaces.py
@ -368,13 +368,7 @@ def accept_invitation(token):

@bp.route("/workspaces/<workspace_id>/invitations/<token>/revoke", methods=["POST"])
 def revoke_invitation(workspace_id, token):
-    workspace = Workspaces.get(g.current_user, workspace_id)
-    Authorization.check_workspace_permission(
-        g.current_user,
-        workspace,
-        Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
-        "revoke member invitation",
-    )
+    workspace = Workspaces.get_for_update_member(g.current_user, workspace_id)
    Invitations.revoke(token)

    return redirect(url_for("workspaces.workspace_members", workspace_id=workspace.id))