From 3464de340d08f9e15d9d66cf9a631b18a447a202 Mon Sep 17 00:00:00 2001
From: George Drummond <george-ctr@friends.dds.mil>
Date: Wed, 20 Mar 2019 10:36:31 -0400
Subject: [PATCH 1/3] View Primary Point of Contact (non-PoC)

---
 atst/routes/portfolios/index.py               |  1 +
 .../fragments/primary_point_of_contact.html   | 16 +++++++------
 .../portfolios/test_portfolios_index.py       | 23 ++++++++++++++++++-
 translations.yaml                             |  4 ++++
 4 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py
index 8bf9aff6..a85fa3ef 100644
--- a/atst/routes/portfolios/index.py
+++ b/atst/routes/portfolios/index.py
@@ -34,6 +34,7 @@ def portfolio_admin(portfolio_id):
         "portfolios/admin.html",
         form=form,
         portfolio=portfolio,
+        current_user=g.current_user,
         audit_events=audit_events,
     )
 
diff --git a/templates/fragments/primary_point_of_contact.html b/templates/fragments/primary_point_of_contact.html
index 6ff9b795..eaba275a 100644
--- a/templates/fragments/primary_point_of_contact.html
+++ b/templates/fragments/primary_point_of_contact.html
@@ -1,7 +1,7 @@
 <div class="panel">
   <div class="panel__content">
-    <h2>Primary Point of Contact</h2>
-    <p>The PoC has the ability to edit all aspects of a portfolio.</p>
+    <h2>{{ "fragments.ppoc.title" | translate }}</h2>
+    <p>{{ "fragments.ppoc.subtitle" | translate }}</p>
 
     <p>
       <strong>
@@ -14,10 +14,12 @@
       {{ portfolio.owner.phone_number | usPhone }}
     </p>
 
-    <div class="flex-reverse-row">
-      <a class="usa-button-primary">
-        Update Primary PoC
-      </a>
-    </div>
+    {% if portfolio.owner == current_user %}
+      <div class="flex-reverse-row">
+        <a class="usa-button-primary">
+          {{ "fragments.ppoc.update_btn" | translate }}
+        </a>
+      </div>
+    {% endif %}
   </div>
 </div>
diff --git a/tests/routes/portfolios/test_portfolios_index.py b/tests/routes/portfolios/test_portfolios_index.py
index 799b8248..1704ec85 100644
--- a/tests/routes/portfolios/test_portfolios_index.py
+++ b/tests/routes/portfolios/test_portfolios_index.py
@@ -1,9 +1,13 @@
 from flask import url_for
 
+from atst.domain.permission_sets import PermissionSets
+from atst.models.permissions import Permissions
+
 from tests.factories import (
     random_future_date,
     random_past_date,
     PortfolioFactory,
+    PortfolioRoleFactory,
     TaskOrderFactory,
     UserFactory,
 )
@@ -48,7 +52,7 @@ def test_portfolio_index_without_existing_portfolios(client, user_session):
     )
 
 
-def test_portfolio_admin_screen(client, user_session):
+def test_portfolio_admin_screen_when_ppoc(client, user_session):
     portfolio = PortfolioFactory.create()
     user_session(portfolio.owner)
     response = client.get(
@@ -56,6 +60,23 @@ def test_portfolio_admin_screen(client, user_session):
     )
     assert response.status_code == 200
     assert portfolio.name in response.data.decode()
+    assert translate("fragments.ppoc.update_btn").encode("utf8") in response.data
+
+
+def test_portfolio_admin_screen_when_not_ppoc(client, user_session):
+    portfolio = PortfolioFactory.create()
+    user = UserFactory.create()
+    permission_sets = PermissionSets.get_all()
+    PortfolioRoleFactory.create(
+        portfolio=portfolio, user=user, permission_sets=permission_sets
+    )
+    user_session(user)
+    response = client.get(
+        url_for("portfolios.portfolio_admin", portfolio_id=portfolio.id)
+    )
+    assert response.status_code == 200
+    assert portfolio.name in response.data.decode()
+    assert translate("fragments.ppoc.update_btn").encode("utf8") not in response.data
 
 
 def test_portfolio_reports(client, user_session):
diff --git a/translations.yaml b/translations.yaml
index 3fc9a1e7..5b0fbb88 100644
--- a/translations.yaml
+++ b/translations.yaml
@@ -304,6 +304,10 @@ fragments:
     bullet_3: Add both the Task Order (TO) and Line(s) of Accounting (LOA) numbers
   portfolio_admin:
     none: Not Selected
+  ppoc:
+    title: Primary Point of Contact
+    subtitle: The PoC has the ability to edit all aspects of a portfolio.
+    update_btn: Update Primary PoC
 login:
   ccpo_logo_alt_text: Cloud Computing Program Office Logo
   certificate_selection:

From 2d73911081cf7f47345b1ea8625157a8e758baba Mon Sep 17 00:00:00 2001
From: George Drummond <george-ctr@friends.dds.mil>
Date: Wed, 20 Mar 2019 13:06:22 -0400
Subject: [PATCH 2/3] Declare specific permissions in test

---
 templates/fragments/primary_point_of_contact.html | 2 +-
 tests/routes/portfolios/test_portfolios_index.py  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/fragments/primary_point_of_contact.html b/templates/fragments/primary_point_of_contact.html
index eaba275a..692bdbd6 100644
--- a/templates/fragments/primary_point_of_contact.html
+++ b/templates/fragments/primary_point_of_contact.html
@@ -14,7 +14,7 @@
       {{ portfolio.owner.phone_number | usPhone }}
     </p>
 
-    {% if portfolio.owner == current_user %}
+    {% if user_can(permissions.EDIT_PORTFOLIO_POC) %}
       <div class="flex-reverse-row">
         <a class="usa-button-primary">
           {{ "fragments.ppoc.update_btn" | translate }}
diff --git a/tests/routes/portfolios/test_portfolios_index.py b/tests/routes/portfolios/test_portfolios_index.py
index 1704ec85..7f631c52 100644
--- a/tests/routes/portfolios/test_portfolios_index.py
+++ b/tests/routes/portfolios/test_portfolios_index.py
@@ -66,7 +66,9 @@ def test_portfolio_admin_screen_when_ppoc(client, user_session):
 def test_portfolio_admin_screen_when_not_ppoc(client, user_session):
     portfolio = PortfolioFactory.create()
     user = UserFactory.create()
-    permission_sets = PermissionSets.get_all()
+    permission_sets = PermissionSets.get_many(
+        [PermissionSets.EDIT_PORTFOLIO_ADMIN, PermissionSets.VIEW_PORTFOLIO_ADMIN]
+    )
     PortfolioRoleFactory.create(
         portfolio=portfolio, user=user, permission_sets=permission_sets
     )

From d7a2fb89483e9b48081e5d5a01127341309b26db Mon Sep 17 00:00:00 2001
From: George Drummond <george-ctr@friends.dds.mil>
Date: Wed, 20 Mar 2019 13:09:19 -0400
Subject: [PATCH 3/3] current_user isn't for this route anymore

---
 atst/routes/portfolios/index.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py
index a85fa3ef..8bf9aff6 100644
--- a/atst/routes/portfolios/index.py
+++ b/atst/routes/portfolios/index.py
@@ -34,7 +34,6 @@ def portfolio_admin(portfolio_id):
         "portfolios/admin.html",
         form=form,
         portfolio=portfolio,
-        current_user=g.current_user,
         audit_events=audit_events,
     )