Add route for applications.revoke_invite

.secrets.baseline

@@ -194,7 +194,7 @@
         "hashed_secret": "e4f14805dfd1e6af030359090c535e149e6b4207",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 525,
+        "line_number": 543,
         "type": "Hex High Entropy String"
       }
     ]

atst/domain/application_roles.py

@@ -70,3 +70,16 @@ class ApplicationRoles(object):
         db.session.commit()
 
         return application_role
+
+    @classmethod
+    def _update_status(cls, application_role, new_status):
+        application_role.status = new_status
+        db.session.add(application_role)
+        db.session.commit()
+
+        return application_role
+
+    @classmethod
+    def disable(cls, application_role):
+        application_role.deleted = True
+        return cls._update_status(application_role, ApplicationRoleStatus.DISABLED)

atst/domain/invitations.py

@@ -143,3 +143,10 @@ class PortfolioInvitations(BaseInvitations):
 class ApplicationInvitations(BaseInvitations):
     model = ApplicationInvitation
     role_domain_class = ApplicationRoles
+
+    @classmethod
+    def _update_status(cls, invite, new_status):
+        invite = super()._update_status(invite, new_status)
+        ApplicationRoles.disable(invite.role)
+
+        return invite

atst/routes/applications/settings.py

@@ -8,6 +8,7 @@ from atst.domain.application_roles import ApplicationRoles
 from atst.domain.audit_log import AuditLog
 from atst.domain.common import Paginator
 from atst.domain.environment_roles import EnvironmentRoles
+from atst.domain.invitations import ApplicationInvitations
 from atst.forms.application_member import NewForm as NewMemberForm, UpdateMemberForm
 from atst.forms.application import NameAndDescriptionForm, EditEnvironmentForm
 from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
@@ -379,3 +380,25 @@ def update_member(application_id, application_role_id):
             _anchor="application-members",
         )
     )
+
+
+@applications_bp.route(
+    "/applications/<application_id>/members/<application_role_id>/revoke_invite",
+    methods=["POST"],
+)
+@user_can(Permissions.DELETE_APPLICATION_MEMBER, message="revoke appliction invitation")
+def revoke_invite(application_id, application_role_id):
+    app_role = ApplicationRoles.get_by_id(application_role_id)
+    invite = app_role.latest_invitation
+
+    if invite.is_revokable:
+        ApplicationInvitations.revoke(invite.token)
+
+    return redirect(
+        url_for(
+            "applications.settings",
+            application_id=application_id,
+            fragment="application-members",
+            _anchor="application-members",
+        )
+    )

tests/factories.py

@@ -259,6 +259,7 @@ class ApplicationInvitationFactory(Base):
     email = factory.Faker("email")
     status = InvitationStatus.PENDING
     expiration_time = PortfolioInvitations.current_expiration_time()
+    role = factory.SubFactory(ApplicationRoleFactory)
 
 
 class AttachmentFactory(Base):

tests/routes/applications/test_settings.py

@@ -14,6 +14,7 @@ from atst.domain.common import Paginator
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.portfolios import Portfolios
 from atst.domain.exceptions import NotFoundError
+from atst.models.application_role import Status as ApplicationRoleStatus
 from atst.models.environment_role import CSPRole
 from atst.models.permissions import Permissions
 from atst.models.portfolio_role import Status as PortfolioRoleStatus
@@ -540,3 +541,21 @@ def test_update_member(client, user_session):
     # check that the user has roles in the correct envs
     assert environment_roles[0].environment in [env, env_2]
     assert environment_roles[1].environment in [env, env_2]
+
+
+def test_revoke_invite(client, user_session):
+    invite = ApplicationInvitationFactory.create()
+    app_role = invite.role
+    application = app_role.application
+
+    user_session(application.portfolio.owner)
+    response = client.post(
+        url_for(
+            "applications.revoke_invite",
+            application_id=application.id,
+            application_role_id=app_role.id,
+        )
+    )
+
+    assert invite.is_revoked
+    assert app_role.status == ApplicationRoleStatus.DISABLED

tests/test_access.py

@@ -572,6 +572,24 @@ def test_applications_update_member(post_url_assert_status):
     post_url_assert_status(rando, url, 404)
 
 
+# applications.revoke_invite
+def test_applications_revoke_invite(post_url_assert_status):
+    ccpo = UserFactory.create_ccpo()
+    rando = UserFactory.create()
+    application = ApplicationFactory.create()
+
+    for user, status in [(ccpo, 302), (application.portfolio.owner, 302), (rando, 404)]:
+        app_role = ApplicationRoleFactory.create()
+        invite = ApplicationInvitationFactory.create(role=app_role)
+
+        url = url_for(
+            "applications.revoke_invite",
+            application_id=application.id,
+            application_role_id=app_role.id,
+        )
+        post_url_assert_status(user, url, status)
+
+
 # task_orders.download_task_order_pdf
 def test_task_orders_download_task_order_pdf_access(get_url_assert_status, monkeypatch):
     monkeypatch.setattr(