Use access specs

2019-04-17 13:52:06 -04:00 · 2019-04-17 13:52:06 -04:00 · 52669a0265
commit 52669a0265
parent e814f8904d
2 changed files with 20 additions and 19 deletions
--- a/tests/routes/portfolios/test_applications.py
+++ b/tests/routes/portfolios/test_applications.py
@ -351,7 +351,7 @@ def test_edit_application_scope(client, user_session):
    assert response.status_code == 404


-def test_application_team_with_permissions(client, user_session):
+def test_application_team(client, user_session):
    portfolio = PortfolioFactory.create()
    application = ApplicationFactory.create(portfolio=portfolio)

@ -366,21 +366,3 @@ def test_application_team_with_permissions(client, user_session):
    )

    assert response.status_code == 200
-
-
-def test_application_team_without_permissions(client, user_session):
-    random_user = UserFactory.create()
-    portfolio = PortfolioFactory.create()
-    application = ApplicationFactory.create(portfolio=portfolio)
-
-    user_session(random_user)
-
-    response = client.get(
-        url_for(
-            "portfolios.application_team",
-            portfolio_id=portfolio.id,
-            application_id=application.id,
-        )
-    )
-
-    assert response.status_code == 404
--- a/tests/test_access.py
+++ b/tests/test_access.py
@ -12,6 +12,7 @@ from atst.models.portfolio_role import Status as PortfolioRoleStatus

 from tests.factories import (
    AttachmentFactory,
+    ApplicationFactory,
    ApplicationRoleFactory,
    InvitationFactory,
    PortfolioFactory,
@ -815,3 +816,21 @@ def test_task_orders_update_access(post_url_assert_status):
    post_url_assert_status(owner, url, 302)
    post_url_assert_status(ccpo, url, 302)
    post_url_assert_status(rando, url, 404)
+
+
+def test_portfolio_application_team_access(get_url_assert_status):
+    ccpo = UserFactory.create_ccpo()
+    rando = UserFactory.create()
+
+    portfolio = PortfolioFactory.create()
+    application = ApplicationFactory.create(portfolio=portfolio)
+
+    url = url_for(
+        "portfolios.application_team",
+        portfolio_id=portfolio.id,
+        application_id=application.id,
+    )
+
+    get_url_assert_status(ccpo, url, 200)
+    get_url_assert_status(portfolio.owner, url, 200)
+    get_url_assert_status(rando, url, 404)