diff --git a/tests/routes/applications/test_settings.py b/tests/routes/applications/test_settings.py index 354022cf..2b9ec47e 100644 --- a/tests/routes/applications/test_settings.py +++ b/tests/routes/applications/test_settings.py @@ -166,7 +166,7 @@ def test_user_without_permission_cannot_update_application(client, user_session) assert application.description == "Cool stuff happening here!" -def test_user_with_permission_can_update_team_env_roles(client, user_session): +def test_update_team_env_roles(client, user_session): environment = EnvironmentFactory.create() application = environment.application env_role_1 = EnvironmentRoleFactory.create( @@ -209,46 +209,6 @@ def test_user_with_permission_can_update_team_env_roles(client, user_session): assert EnvironmentRoles.get(app_role.user.id, environment.id) -def test_user_without_permission_cannot_update_team_env_roles(client, user_session): - environment = EnvironmentFactory.create() - application = environment.application - app_role_without_perms = ApplicationRoleFactory.create(application=application) - env_role_1 = EnvironmentRoleFactory.create( - environment=environment, role=CSPRole.BASIC_ACCESS.value - ) - env_role_2 = EnvironmentRoleFactory.create( - environment=environment, role=CSPRole.BASIC_ACCESS.value - ) - app_role = ApplicationRoleFactory.create(application=application) - form_data = { - "env_id": environment.id, - "team_roles-0-user_id": env_role_1.user.id, - "team_roles-0-name": env_role_1.user.full_name, - "team_roles-0-role": CSPRole.NETWORK_ADMIN.value, - "team_roles-1-user_id": env_role_2.user.id, - "team_roles-1-name": env_role_2.user.full_name, - "team_roles-1-role": "", - "team_roles-2-user_id": app_role.user.id, - "team_roles-2-name": app_role.user.full_name, - "team_roles-2-role": CSPRole.TECHNICAL_READ.value, - } - - user_session(app_role_without_perms.user) - response = client.post( - url_for("applications.update_env_roles", environment_id=environment.id), - data=form_data, - follow_redirects=True, - ) - - assert response.status_code == 404 - assert env_role_1.role == CSPRole.BASIC_ACCESS.value - assert ( - EnvironmentRoles.get(env_role_2.user.id, environment.id).role - == CSPRole.BASIC_ACCESS.value - ) - assert not EnvironmentRoles.get(app_role.user.id, environment.id) - - def test_user_can_only_access_apps_in_their_portfolio(client, user_session): portfolio = PortfolioFactory.create() other_portfolio = PortfolioFactory.create( diff --git a/tests/test_access.py b/tests/test_access.py index 660a7c84..9839902c 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -8,12 +8,14 @@ import atst from atst.app import make_app, make_config from atst.domain.auth import UNPROTECTED_ROUTES as _NO_LOGIN_REQUIRED from atst.domain.permission_sets import PermissionSets +from atst.models.environment_role import CSPRole from atst.models.portfolio_role import Status as PortfolioRoleStatus from tests.factories import ( AttachmentFactory, ApplicationFactory, ApplicationRoleFactory, + EnvironmentFactory, InvitationFactory, PortfolioFactory, PortfolioRoleFactory, @@ -168,6 +170,41 @@ def test_applications_create_access(post_url_assert_status): post_url_assert_status(rando, url, 404) +# applications.update_env_roles +def test_applications_update_team_env_roles(post_url_assert_status): + ccpo = UserFactory.create_ccpo() + owner = user_with() + app_admin = user_with() + rando = user_with() + app_member = UserFactory.create() + + portfolio = PortfolioFactory.create( + owner=owner, applications=[{"name": "mos eisley"}] + ) + application = portfolio.applications[0] + environment = EnvironmentFactory.create(application=application) + + ApplicationRoleFactory.create( + user=app_admin, + application=application, + permission_sets=PermissionSets.get_many( + [ + PermissionSets.VIEW_APPLICATION, + PermissionSets.EDIT_APPLICATION_ENVIRONMENTS, + PermissionSets.EDIT_APPLICATION_TEAM, + PermissionSets.DELETE_APPLICATION_ENVIRONMENTS, + ] + ), + ) + ApplicationRoleFactory.create(user=app_member) + + url = url_for("applications.update_env_roles", environment_id=environment.id) + post_url_assert_status(ccpo, url, 302) + post_url_assert_status(owner, url, 302) + post_url_assert_status(app_admin, url, 302) + post_url_assert_status(rando, url, 404) + + # portfolios.create_member def test_portfolios_create_member_access(post_url_assert_status): ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)