Application users should have access to portfolio landing page.

- Adds override to portfolio landing page access check to see if user has access to any applications within the portfolio. - Route for accepting an application invitation redirects directly to portfolio applications route. - Tests ensure application user only sees apps the user has access to on the portfolio landing page.
2019-05-03 09:02:08 -04:00
parent 8bd945d0d4
commit 59a02572ea
6 changed files with 73 additions and 14 deletions
--- a/tests/routes/applications/test_index.py
+++ b/tests/routes/applications/test_index.py
@@ -1,13 +1,6 @@
 from flask import url_for, get_flashed_messages

-from tests.factories import (
-    UserFactory,
-    PortfolioFactory,
-    PortfolioRoleFactory,
-    EnvironmentRoleFactory,
-    EnvironmentFactory,
-    ApplicationFactory,
-)
+from tests.factories import *

 from atst.domain.applications import Applications
 from atst.domain.portfolios import Portfolios
@@ -68,3 +61,31 @@ def test_user_without_permission_has_no_add_application_link(client, user_sessio
        url_for("applications.create", portfolio_id=portfolio.id)
        not in response.data.decode()
    )
+
+
+def test_portfolio_applications_user_with_application_roles(client, user_session):
+    user = UserFactory.create()
+    portfolio = PortfolioFactory.create()
+
+    app1 = ApplicationFactory.create(portfolio=portfolio, name="X-Wing")
+    app2 = ApplicationFactory.create(portfolio=portfolio, name="TIE Fighter")
+    app3 = ApplicationFactory.create(portfolio=portfolio, name="Millenium Falcon")
+
+    ApplicationRoleFactory.create(
+        application=app1, user=user, status=ApplicationRoleStatus.ACTIVE
+    )
+    ApplicationRoleFactory.create(
+        application=app2, user=user, status=ApplicationRoleStatus.ACTIVE
+    )
+
+    user_session(user)
+    response = client.get(
+        url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
+    )
+    assert response.status_code == 200
+
+    body = response.data.decode()
+
+    assert app1.name in body
+    assert app2.name in body
+    assert app3.name not in body
--- a/tests/routes/applications/test_invitations.py
+++ b/tests/routes/applications/test_invitations.py
@@ -16,8 +16,26 @@ def test_accept_application_invitation(client, user_session):

    assert response.status_code == 302
    expected_location = url_for(
-        "portfolios.show_portfolio",
+        "applications.portfolio_applications",
        portfolio_id=application.portfolio_id,
        _external=True,
    )
    assert response.location == expected_location
+
+
+def test_accept_application_invitation_end_to_end(client, user_session):
+    user = UserFactory.create()
+    application = ApplicationFactory.create(name="Millenium Falcon")
+    app_role = ApplicationRoleFactory.create(application=application, user=user)
+    invite = ApplicationInvitationFactory.create(
+        role=app_role, user=user, inviter=application.portfolio.owner
+    )
+
+    user_session(user)
+    response = client.get(
+        url_for("applications.accept_invitation", token=invite.token),
+        follow_redirects=True,
+    )
+
+    assert response.status_code == 200
+    assert application.name in response.data.decode()