Add route to update portfolio manager perms, add modal form to update in the UI

atst/routes/portfolios/admin.py

@@ -19,9 +19,6 @@ from atst.domain.exceptions import UnauthorizedError
 
 def filter_perm_sets_data(member):
     perm_sets_data = {
-        "perms_portfolio_mgmt": bool(
-            member.has_permission_set(PermissionSets.EDIT_PORTFOLIO_ADMIN)
-        ),
         "perms_app_mgmt": bool(
             member.has_permission_set(
                 PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT
@@ -33,6 +30,9 @@ def filter_perm_sets_data(member):
         "perms_reporting": bool(
             member.has_permission_set(PermissionSets.EDIT_PORTFOLIO_REPORTS)
         ),
+        "perms_portfolio_mgmt": bool(
+            member.has_permission_set(PermissionSets.EDIT_PORTFOLIO_ADMIN)
+        ),
     }
 
     return perm_sets_data
@@ -41,6 +41,7 @@ def filter_perm_sets_data(member):
 def filter_members_data(members_list, portfolio):
     members_data = []
     for member in members_list:
+        permission_sets = filter_perm_sets_data(member)
         members_data.append(
             {
                 "role_id": member.id,
@@ -48,7 +49,7 @@ def filter_members_data(members_list, portfolio):
                 "permission_sets": filter_perm_sets_data(member),
                 "status": member.display_status,
                 "ppoc": PermissionSets.PORTFOLIO_POC in member.permission_sets,
-                # add in stuff here for forms
+                "form": member_forms.PermissionsForm(permission_sets),
             }
         )
 
@@ -166,3 +167,30 @@ def remove_member(portfolio_id, portfolio_role_id):
             fragment="portfolio-members",
         )
     )
+
+
+@portfolios_bp.route(
+    "/portfolios/<portfolio_id>/members/<portfolio_role_id>", methods=["POST"]
+)
+@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio members")
+def update_member(portfolio_id, portfolio_role_id):
+    form_data = http_request.form
+    form = member_forms.PermissionsForm(formdata=form_data)
+    portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id)
+    portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id)
+
+    if form.validate() and portfolio.owner_role != portfolio_role:
+        PortfolioRoles.update(portfolio_role, form.data["permission_sets"])
+        flash("update_portfolio_member", member_name=portfolio_role.full_name)
+
+        return redirect(
+            url_for(
+                "portfolios.admin",
+                portfolio_id=portfolio_id,
+                _anchor="portfolio-members",
+                fragment="portfolio-members",
+            )
+        )
+    else:
+        flash("update_portfolio_member_error", member_name=portfolio_role.full_name)
+        return (render_admin_page(portfolio), 400)

atst/utils/flash.py

@@ -153,6 +153,18 @@ MESSAGES = {
         "message": "flash.task_order.submitted.message",
         "category": "success",
     },
+    "update_portfolio_member": {
+        "title_template": "Success!",
+        "message_template": """
+        You have successfully updated access permissions for {{ member_name }}.
+        """,
+        "category": "success",
+    },
+    "update_portfolio_member_error": {
+        "title_template": "Permissions for {{ member_name }} could not be updated",
+        "message_template": "An unexpected problem occurred with your request, please try again. If the problem persists, contact an administrator.",
+        "category": "error",
+    },
     "updated_application_team_settings": {
         "title": "flash.success",
         "message": "flash.updated_application_team_settings",

templates/portfolios/fragments/portfolio_members.html

@@ -7,6 +7,29 @@
 {% import "portfolios/fragments/member_form_fields.html" as member_form_fields %}
 {% from "components/toggle_menu.html" import ToggleMenu %}
 
+{% if user_can(permissions.EDIT_PORTFOLIO_USERS) -%}
+  {% for member in members -%}
+    {% set modal_name = "edit_member-{}".format(loop.index) %}
+    {% call Modal(modal_name, classes="form-content--app-mem") %}
+      <div class="modal__form--header">
+        <h1>{{ Icon('avatar') }} {{ "portfolios.applications.members.form.edit_access_header" | translate({ "user": member.user_name }) }}</h1>
+      </div>
+      <base-form inline-template>
+        <form id='{{ modal_name }}' method="POST" action="{{ url_for('portfolios.update_member', portfolio_id=portfolio.id, portfolio_role_id=member.role_id) }}">
+          {{ member.form.csrf_token }}
+          {{ member_form.SubmitStep(
+            name=modal_name,
+            form=member_form_fields.PermsFields(member.form, member_role_id=member.role_id),
+            submit_text="Save Changes",
+            previous=False,
+            modal=modal_name,
+          ) }}
+        </form>
+      </base-form>
+    {% endcall %}
+  {%- endfor %}
+{%- endif %}
+
 <h3>Portfolio Managers</h3>
 <div class="panel">
   <section class="member-list">
@@ -20,6 +43,7 @@
         </thead>
         <tbody>
           {% for member in members -%}
+            {% set perms_modal = "edit_member-{}".format(loop.index) %}
             <tr>
               <td>
                 <strong>{{ member.user_name }}{% if member.role_id == current_member_id %} (You){% endif %}</strong>
@@ -39,7 +63,7 @@
                 {%-endfor %}
                 {% if user_can(permissions.EDIT_PORTFOLIO_USERS) -%}
                   {% call ToggleMenu() %}
-                    <a href="#">Edit Permissions</a>
+                    <a v-on:click="openModal('{{ perms_modal }}')">Edit Permissions</a>
                     <a href="#">Resend Invite</a>
                     <a href="#">Revoke Invite</a>
                   {% endcall %}
@@ -68,13 +92,13 @@
           form=member_form_fields.InfoFields(new_manager_form.user_data),
           next_button_text="Next: Permissions",
           previous=False,
-          modal=new_manager_modal_name,
+          modal=new_manager_modal,
         ),
         member_form.SubmitStep(
           name=new_manager_modal,
           form=member_form_fields.PermsFields(new_manager_form),
           submit_text="Add Mananger",
-          modal=new_manager_modal_name,
+          modal=new_manager_modal,
         )
       ],
     ) }}

tests/routes/portfolios/test_admin.py

@@ -222,3 +222,54 @@ def test_remove_portfolio_member_ppoc(client, user_session):
         PortfolioRoles.get(portfolio_id=portfolio.id, user_id=portfolio.owner.id).status
         == PortfolioRoleStatus.ACTIVE
     )
+
+
+def test_portfolios_update_member(client, user_session):
+    portfolio = PortfolioFactory.create()
+    portfolio_role = PortfolioRoleFactory.create(
+        portfolio=portfolio,
+        permission_sets=[PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_ADMIN)],
+    )
+
+    form_data = {
+        "perms_app_mgmt": "y",
+    }
+
+    user_session(portfolio.owner)
+    response = client.post(
+        url_for(
+            "portfolios.update_member",
+            portfolio_id=portfolio.id,
+            portfolio_role_id=portfolio_role.id,
+        ),
+        data=form_data,
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 302
+    assert portfolio_role.has_permission_set(
+        PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT
+    )
+    assert not portfolio_role.has_permission_set(PermissionSets.EDIT_PORTFOLIO_ADMIN)
+
+
+def test_can_not_update_ppoc_permissions(client, user_session):
+    portfolio = PortfolioFactory.create()
+    owner = portfolio.owner
+
+    form_data = {
+        "perms_app_mgmt": "y",
+    }
+
+    user_session(owner)
+    response = client.post(
+        url_for(
+            "portfolios.update_member",
+            portfolio_id=portfolio.id,
+            portfolio_role_id=portfolio.owner_role.id,
+        ),
+        data=form_data,
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 400

tests/routes/portfolios/test_invitations.py

@@ -269,10 +269,10 @@ def test_existing_member_invite_resent_to_email_submitted_in_form(
 
 
 _DEFAULT_PERMS_FORM_DATA = {
-    "permission_sets-perms_app_mgmt": False,
+    "permission_sets-perms_app_mgmt": "n",
-    "permission_sets-perms_funding": False,
+    "permission_sets-perms_funding": "n",
-    "permission_sets-perms_reporting": False,
+    "permission_sets-perms_reporting": "n",
-    "permission_sets-perms_portfolio_mgmt": False,
+    "permission_sets-perms_portfolio_mgmt": "n",
 }
 
 

tests/test_access.py

@@ -373,6 +373,24 @@ def test_portfolios_edit_access(post_url_assert_status):
     post_url_assert_status(rando, url, 404)
 
 
+# portfolios.update_member
+def test_portfolios_update_member_access(post_url_assert_status):
+    ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)
+    owner = user_with()
+    rando = user_with()
+    portfolio = PortfolioFactory.create(owner=owner)
+    portfolio_role = PortfolioRoleFactory.create(portfolio=portfolio)
+
+    url = url_for(
+        "portfolios.update_member",
+        portfolio_id=portfolio.id,
+        portfolio_role_id=portfolio_role.id,
+    )
+    post_url_assert_status(ccpo, url, 302)
+    post_url_assert_status(owner, url, 302)
+    post_url_assert_status(rando, url, 404)
+
+
 # applications.new
 def test_applications_new_access(get_url_assert_status):
     ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)