diff --git a/atst/domain/workspace_users.py b/atst/domain/workspace_users.py index 6fb761c3..d37ec736 100644 --- a/atst/domain/workspace_users.py +++ b/atst/domain/workspace_users.py @@ -30,6 +30,21 @@ class WorkspaceUsers(object): return WorkspaceUser(user, workspace_role) + @classmethod + def _get_workspace_role(cls, user, workspace_id): + try: + existing_workspace_role = ( + db.session.query(WorkspaceRole) + .filter( + WorkspaceRole.user == user, + WorkspaceRole.workspace_id == workspace_id, + ) + .one() + ) + return existing_workspace_role + except NoResultFound: + raise NotFoundError("workspace role") + @classmethod def add(cls, user, workspace_id, role_name): role = Roles.get(role_name) @@ -57,6 +72,16 @@ class WorkspaceUsers(object): return WorkspaceUser(user, new_workspace_role) + @classmethod + def update_role(cls, member, workspace_id, role_name): + new_role = Roles.get(role_name) + workspace_role = WorkspaceUsers._get_workspace_role(member.user, workspace_id) + workspace_role.role = new_role + + db.session.add(workspace_role) + db.session.commit() + return WorkspaceUser(member.user, workspace_role) + @classmethod def add_many(cls, workspace_id, workspace_user_dicts): workspace_users = [] diff --git a/atst/domain/workspaces.py b/atst/domain/workspaces.py index 6570a831..75a6225b 100644 --- a/atst/domain/workspaces.py +++ b/atst/domain/workspaces.py @@ -81,6 +81,15 @@ class Workspaces(object): ) return workspace_user + @classmethod + def update_member(cls, user, workspace, member, role_name): + if not Authorization.has_workspace_permission( + user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE + ): + raise UnauthorizedError(user, "update workspace member") + + return WorkspaceUsers.update_role(member, workspace.id, role_name) + @classmethod def _create_workspace_role(cls, user, workspace, role_name): role = Roles.get(role_name) diff --git a/atst/routes/workspaces.py b/atst/routes/workspaces.py index 7506aa45..06b32008 100644 --- a/atst/routes/workspaces.py +++ b/atst/routes/workspaces.py @@ -149,6 +149,9 @@ def update_member(workspace_id, member_id): form = UpdateMemberForm(http_request.form) if form.validate(): + Workspaces.update_member( + g.current_user, workspace, member, form.data["workspace_role"] + ) return redirect( url_for("workspaces.workspace_members", workspace_id=workspace.id) ) diff --git a/tests/domain/test_workspaces.py b/tests/domain/test_workspaces.py index f3cca7f9..dc48ee48 100644 --- a/tests/domain/test_workspaces.py +++ b/tests/domain/test_workspaces.py @@ -119,3 +119,38 @@ def test_need_permission_to_create_workspace_user(): with pytest.raises(UnauthorizedError): Workspaces.create_member(random_user, workspace, user_data) + + +def test_can_update_workspace_user_role(): + owner = UserFactory.create() + workspace = Workspaces.create(RequestFactory.create(creator=owner)) + user_data = { + "first_name": "New", + "last_name": "User", + "email": "new.user@mail.com", + "workspace_role": "developer", + "dod_id": "1234567890", + } + member = Workspaces.create_member(owner, workspace, user_data) + role_name = "developer" + + updated_member = Workspaces.update_member(owner, workspace, member, role_name) + assert updated_member.workspace == workspace + + +def test_need_permission_to_update_workspace_user_role(): + owner = UserFactory.create() + workspace = Workspaces.create(RequestFactory.create(creator=owner)) + random_user = UserFactory.create() + user_data = { + "first_name": "New", + "last_name": "User", + "email": "new.user@mail.com", + "workspace_role": "developer", + "dod_id": "1234567890", + } + member = Workspaces.create_member(owner, workspace, user_data) + role_name = "developer" + + with pytest.raises(UnauthorizedError): + Workspaces.update_member(random_user, workspace, member, role_name)