Move test checking route access into test_access and rename test checking if route is working

2019-04-24 17:09:32 -04:00 · 2019-04-24 17:09:32 -04:00 · 7f4a18a49b
commit 7f4a18a49b
parent 72cc12f195
2 changed files with 38 additions and 41 deletions
--- a/tests/routes/applications/test_settings.py
+++ b/tests/routes/applications/test_settings.py
@ -166,7 +166,7 @@ def test_user_without_permission_cannot_update_application(client, user_session)
    assert application.description == "Cool stuff happening here!"


-def test_user_with_permission_can_update_team_env_roles(client, user_session):
+def test_update_team_env_roles(client, user_session):
    environment = EnvironmentFactory.create()
    application = environment.application
    env_role_1 = EnvironmentRoleFactory.create(
@ -209,46 +209,6 @@ def test_user_with_permission_can_update_team_env_roles(client, user_session):
    assert EnvironmentRoles.get(app_role.user.id, environment.id)


-def test_user_without_permission_cannot_update_team_env_roles(client, user_session):
-    environment = EnvironmentFactory.create()
-    application = environment.application
-    app_role_without_perms = ApplicationRoleFactory.create(application=application)
-    env_role_1 = EnvironmentRoleFactory.create(
-        environment=environment, role=CSPRole.BASIC_ACCESS.value
-    )
-    env_role_2 = EnvironmentRoleFactory.create(
-        environment=environment, role=CSPRole.BASIC_ACCESS.value
-    )
-    app_role = ApplicationRoleFactory.create(application=application)
-    form_data = {
-        "env_id": environment.id,
-        "team_roles-0-user_id": env_role_1.user.id,
-        "team_roles-0-name": env_role_1.user.full_name,
-        "team_roles-0-role": CSPRole.NETWORK_ADMIN.value,
-        "team_roles-1-user_id": env_role_2.user.id,
-        "team_roles-1-name": env_role_2.user.full_name,
-        "team_roles-1-role": "",
-        "team_roles-2-user_id": app_role.user.id,
-        "team_roles-2-name": app_role.user.full_name,
-        "team_roles-2-role": CSPRole.TECHNICAL_READ.value,
-    }
-
-    user_session(app_role_without_perms.user)
-    response = client.post(
-        url_for("applications.update_env_roles", environment_id=environment.id),
-        data=form_data,
-        follow_redirects=True,
-    )
-
-    assert response.status_code == 404
-    assert env_role_1.role == CSPRole.BASIC_ACCESS.value
-    assert (
-        EnvironmentRoles.get(env_role_2.user.id, environment.id).role
-        == CSPRole.BASIC_ACCESS.value
-    )
-    assert not EnvironmentRoles.get(app_role.user.id, environment.id)
-
-
 def test_user_can_only_access_apps_in_their_portfolio(client, user_session):
    portfolio = PortfolioFactory.create()
    other_portfolio = PortfolioFactory.create(
--- a/tests/test_access.py
+++ b/tests/test_access.py
@ -8,12 +8,14 @@ import atst
 from atst.app import make_app, make_config
 from atst.domain.auth import UNPROTECTED_ROUTES as _NO_LOGIN_REQUIRED
 from atst.domain.permission_sets import PermissionSets
+from atst.models.environment_role import CSPRole
 from atst.models.portfolio_role import Status as PortfolioRoleStatus

 from tests.factories import (
    AttachmentFactory,
    ApplicationFactory,
    ApplicationRoleFactory,
+    EnvironmentFactory,
    InvitationFactory,
    PortfolioFactory,
    PortfolioRoleFactory,
@ -168,6 +170,41 @@ def test_applications_create_access(post_url_assert_status):
    post_url_assert_status(rando, url, 404)


+# applications.update_env_roles
+def test_applications_update_team_env_roles(post_url_assert_status):
+    ccpo = UserFactory.create_ccpo()
+    owner = user_with()
+    app_admin = user_with()
+    rando = user_with()
+    app_member = UserFactory.create()
+
+    portfolio = PortfolioFactory.create(
+        owner=owner, applications=[{"name": "mos eisley"}]
+    )
+    application = portfolio.applications[0]
+    environment = EnvironmentFactory.create(application=application)
+
+    ApplicationRoleFactory.create(
+        user=app_admin,
+        application=application,
+        permission_sets=PermissionSets.get_many(
+            [
+                PermissionSets.VIEW_APPLICATION,
+                PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
+                PermissionSets.EDIT_APPLICATION_TEAM,
+                PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
+            ]
+        ),
+    )
+    ApplicationRoleFactory.create(user=app_member)
+
+    url = url_for("applications.update_env_roles", environment_id=environment.id)
+    post_url_assert_status(ccpo, url, 302)
+    post_url_assert_status(owner, url, 302)
+    post_url_assert_status(app_admin, url, 302)
+    post_url_assert_status(rando, url, 404)
+
+
 # portfolios.create_member
 def test_portfolios_create_member_access(post_url_assert_status):
    ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN)