Add route for applications.revoke_invite

2019-09-20 10:09:25 -04:00 · 2019-09-20 10:09:25 -04:00 · 5c54c043c0
commit 5c54c043c0
parent a4f0b10bbb
7 changed files with 82 additions and 1 deletions
--- a/.secrets.baseline
+++ b/.secrets.baseline
@ -194,7 +194,7 @@
        "hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207",
        "is_secret": false,
        "is_verified": false,
-        "line_number": 525,
+        "line_number": 543,
        "type": "Hex High Entropy String"
      }
    ]
--- a/atst/domain/application_roles.py
+++ b/atst/domain/application_roles.py
@ -70,3 +70,16 @@ class ApplicationRoles(object):
        db.session.commit()

        return application_role
+
+    @classmethod
+    def _update_status(cls, application_role, new_status):
+        application_role.status = new_status
+        db.session.add(application_role)
+        db.session.commit()
+
+        return application_role
+
+    @classmethod
+    def disable(cls, application_role):
+        application_role.deleted = True
+        return cls._update_status(application_role, ApplicationRoleStatus.DISABLED)
--- a/atst/domain/invitations.py
+++ b/atst/domain/invitations.py
@ -143,3 +143,10 @@ class PortfolioInvitations(BaseInvitations):
 class ApplicationInvitations(BaseInvitations):
    model = ApplicationInvitation
    role_domain_class = ApplicationRoles
+
+    @classmethod
+    def _update_status(cls, invite, new_status):
+        invite = super()._update_status(invite, new_status)
+        ApplicationRoles.disable(invite.role)
+
+        return invite
--- a/atst/routes/applications/settings.py
+++ b/atst/routes/applications/settings.py
@ -8,6 +8,7 @@ from atst.domain.application_roles import ApplicationRoles
 from atst.domain.audit_log import AuditLog
 from atst.domain.common import Paginator
 from atst.domain.environment_roles import EnvironmentRoles
+from atst.domain.invitations import ApplicationInvitations
 from atst.forms.application_member import NewForm as NewMemberForm, UpdateMemberForm
 from atst.forms.application import NameAndDescriptionForm, EditEnvironmentForm
 from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
@ -379,3 +380,25 @@ def update_member(application_id, application_role_id):
            _anchor="application-members",
        )
    )
+
+
+@applications_bp.route(
+    "/applications/<application_id>/members/<application_role_id>/revoke_invite",
+    methods=["POST"],
+)
+@user_can(Permissions.DELETE_APPLICATION_MEMBER, message="revoke appliction invitation")
+def revoke_invite(application_id, application_role_id):
+    app_role = ApplicationRoles.get_by_id(application_role_id)
+    invite = app_role.latest_invitation
+
+    if invite.is_revokable:
+        ApplicationInvitations.revoke(invite.token)
+
+    return redirect(
+        url_for(
+            "applications.settings",
+            application_id=application_id,
+            fragment="application-members",
+            _anchor="application-members",
+        )
+    )
--- a/tests/factories.py
+++ b/tests/factories.py
@ -259,6 +259,7 @@ class ApplicationInvitationFactory(Base):
    email = factory.Faker("email")
    status = InvitationStatus.PENDING
    expiration_time = PortfolioInvitations.current_expiration_time()
+    role = factory.SubFactory(ApplicationRoleFactory)


 class AttachmentFactory(Base):
--- a/tests/routes/applications/test_settings.py
+++ b/tests/routes/applications/test_settings.py
@ -14,6 +14,7 @@ from atst.domain.common import Paginator
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.portfolios import Portfolios
 from atst.domain.exceptions import NotFoundError
+from atst.models.application_role import Status as ApplicationRoleStatus
 from atst.models.environment_role import CSPRole
 from atst.models.permissions import Permissions
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
@ -540,3 +541,21 @@ def test_update_member(client, user_session):
    # check that the user has roles in the correct envs
    assert environment_roles[0].environment in [env, env_2]
    assert environment_roles[1].environment in [env, env_2]
+
+
+def test_revoke_invite(client, user_session):
+    invite = ApplicationInvitationFactory.create()
+    app_role = invite.role
+    application = app_role.application
+
+    user_session(application.portfolio.owner)
+    response = client.post(
+        url_for(
+            "applications.revoke_invite",
+            application_id=application.id,
+            application_role_id=app_role.id,
+        )
+    )
+
+    assert invite.is_revoked
+    assert app_role.status == ApplicationRoleStatus.DISABLED
--- a/tests/test_access.py
+++ b/tests/test_access.py
@ -572,6 +572,24 @@ def test_applications_update_member(post_url_assert_status):
    post_url_assert_status(rando, url, 404)


+# applications.revoke_invite
+def test_applications_revoke_invite(post_url_assert_status):
+    ccpo = UserFactory.create_ccpo()
+    rando = UserFactory.create()
+    application = ApplicationFactory.create()
+
+    for user, status in [(ccpo, 302), (application.portfolio.owner, 302), (rando, 404)]:
+        app_role = ApplicationRoleFactory.create()
+        invite = ApplicationInvitationFactory.create(role=app_role)
+
+        url = url_for(
+            "applications.revoke_invite",
+            application_id=application.id,
+            application_role_id=app_role.id,
+        )
+        post_url_assert_status(user, url, status)
+
+
 # task_orders.download_task_order_pdf
 def test_task_orders_download_task_order_pdf_access(get_url_assert_status, monkeypatch):
    monkeypatch.setattr(