Application users should have access to portfolio landing page.

- Adds override to portfolio landing page access check to see if user
  has access to any applications within the portfolio.
- Route for accepting an application invitation redirects directly to
  portfolio applications route.
- Tests ensure application user only sees apps the user has access to on
  the portfolio landing page.

atst/routes/applications/index.py

@@ -5,7 +5,21 @@ from atst.domain.authz.decorator import user_can_access_decorator as user_can
 from atst.models.permissions import Permissions
 
 
+def has_portfolio_applications(_user, portfolio=None, **_kwargs):
+    """
+    If the portfolio exists and the user has access to applications
+    within the scoped portfolio, the user has access to the
+    portfolio landing page.
+    """
+    if portfolio and portfolio.applications:
+        return True
+
+
 @applications_bp.route("/portfolios/<portfolio_id>/applications")
-@user_can(Permissions.VIEW_APPLICATION, message="view portfolio applications")
+@user_can(
+    Permissions.VIEW_APPLICATION,
+    override=has_portfolio_applications,
+    message="view portfolio applications",
+)
 def portfolio_applications(portfolio_id):
     return render_template("portfolios/applications/index.html")

atst/routes/applications/invitations.py

@@ -10,6 +10,7 @@ def accept_invitation(token):
 
     return redirect(
         url_for(
-            "portfolios.show_portfolio", portfolio_id=invite.application.portfolio_id
+            "applications.portfolio_applications",
+            portfolio_id=invite.application.portfolio_id,
         )
     )