pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #570 from dod-ccpo/bug-start-to-from-pf-funding-page

Browse Source 
Allow CCPO to create TO on anyone's portfolio
This commit is contained in:
montana-mil 2019-01-23 16:37:20 -05:00 committed by GitHub
commit 88e4a99b03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
atst/domain/authz.py
View File

@ -6,7 +6,9 @@ from atst.domain.exceptions import UnauthorizedError
class Authorization(object): class Authorization(object):
@classmethod @classmethod
def has_portfolio_permission(cls, user, portfolio, permission): def has_portfolio_permission(cls, user, portfolio, permission):
return permission in PortfolioRoles.portfolio_role_permissions(portfolio, user) return permission in PortfolioRoles.portfolio_role_permissions(
portfolio, user
) or Authorization.is_ccpo(user)
@classmethod @classmethod
def has_atat_permission(cls, user, permission): def has_atat_permission(cls, user, permission):

5
tests/domain/test_portfolios.py
View File

@ -298,8 +298,11 @@ def test_get_for_update_information():
assert portfolio == admin_ws assert portfolio == admin_ws
ccpo = UserFactory.from_atat_role("ccpo") ccpo = UserFactory.from_atat_role("ccpo")
assert Portfolios.get_for_update_information(ccpo, portfolio.id)
developer = UserFactory.from_atat_role("developer")
with pytest.raises(UnauthorizedError): with pytest.raises(UnauthorizedError):
Portfolios.get_for_update_information(ccpo, portfolio.id) Portfolios.get_for_update_information(developer, portfolio.id)
def test_can_create_portfolios_with_matching_names(): def test_can_create_portfolios_with_matching_names():