From 8dcde9da840336a37e9c0d388afa92a7617a06c7 Mon Sep 17 00:00:00 2001 From: richard-dds Date: Tue, 20 Nov 2018 14:49:00 -0500 Subject: [PATCH] Check proper permission for Workspaces.revoke_access --- atst/domain/workspaces/workspaces.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/atst/domain/workspaces/workspaces.py b/atst/domain/workspaces/workspaces.py index 8fad3691..69bfd640 100644 --- a/atst/domain/workspaces/workspaces.py +++ b/atst/domain/workspaces/workspaces.py @@ -142,11 +142,10 @@ class Workspaces(object): @classmethod def revoke_access(cls, user, workspace_id, workspace_role_id): - # TODO: What permission to here? Do we need a new one? - # Authorization.check_workspace_permission( - # user, workspace, Permissions.REQUEST_NEW_CSP_ROLE, "revoke workspace access" - # ) workspace = WorkspacesQuery.get(workspace_id) + Authorization.check_workspace_permission( + user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, "revoke workspace access" + ) workspace_role = WorkspaceRoles.get_by_id(workspace_role_id) workspace_role.status = WorkspaceRoleStatus.DISABLED for environment in workspace.all_environments: