push authorization check for request approval into the requests domain

atst/routes/requests/approval.py

@@ -11,7 +11,6 @@ from flask import current_app as app
 from . import requests_bp
 from atst.domain.requests import Requests
 from atst.domain.exceptions import NotFoundError
-from atst.domain.authz import Authorization
 from atst.forms.ccpo_review import CCPOReviewForm
 
 
@@ -46,16 +45,14 @@ def render_approval(request, form=None):
 
 @requests_bp.route("/requests/approval/<string:request_id>", methods=["GET"])
 def approval(request_id):
-    request = Requests.get(g.current_user, request_id)
-    Authorization.check_can_approve_request(g.current_user)
+    request = Requests.get_for_approval(g.current_user, request_id)
 
     return render_approval(request)
 
 
 @requests_bp.route("/requests/submit_approval/<string:request_id>", methods=["POST"])
 def submit_approval(request_id):
-    request = Requests.get(g.current_user, request_id)
-    Authorization.check_can_approve_request(g.current_user)
+    request = Requests.get_for_approval(g.current_user, request_id)
 
     form = CCPOReviewForm(http_request.form)
     if form.validate():