Ensure workspace access can be revoked

tests/domain/test_workspaces.py

@@ -2,7 +2,7 @@ import pytest
 from uuid import uuid4
 
 from atst.domain.exceptions import NotFoundError, UnauthorizedError
-from atst.domain.workspaces import Workspaces
+from atst.domain.workspaces import Workspaces, WorkspaceError
 from atst.domain.workspace_roles import WorkspaceRoles
 from atst.domain.projects import Projects
 from atst.domain.environments import Environments
@@ -304,13 +304,30 @@ def test_can_create_workspaces_with_matching_names():
     Workspaces.create(RequestFactory.create(), name=workspace_name)
 
 
-def test_can_remove_workspace_access():
+def test_can_revoke_workspace_access():
     workspace = WorkspaceFactory.create()
     workspace_role = WorkspaceRoleFactory.create(workspace=workspace)
     Workspaces.revoke_access(workspace.owner, workspace.id, workspace_role.id)
     assert Workspaces.for_user(workspace_role.user) == []
 
 
+def test_can_revoke_access():
+    workspace = WorkspaceFactory.create()
+    owner_role = workspace.roles[0]
+    workspace_role = WorkspaceRoleFactory.create(workspace=workspace)
+
+    assert Workspaces.can_revoke_access(workspace, workspace_role)
+    assert not Workspaces.can_revoke_access(workspace, owner_role)
+
+
+def test_cant_revoke_owner_workspace_access():
+    workspace = WorkspaceFactory.create()
+    owner_workspace_role = workspace.roles[0]
+
+    with pytest.raises(WorkspaceError):
+        Workspaces.revoke_access(workspace.owner, workspace.id, owner_workspace_role.id)
+
+
 def test_disabled_members_dont_show_up(session):
     workspace = WorkspaceFactory.create()
     WorkspaceRoleFactory.create(workspace=workspace, status=WorkspaceRoleStatus.ACTIVE)