Update workspace role in the DB, add tests

atst/domain/workspace_users.py

@@ -30,6 +30,21 @@ class WorkspaceUsers(object):
 
         return WorkspaceUser(user, workspace_role)
 
+    @classmethod
+    def _get_workspace_role(cls, user, workspace_id):
+        try:
+            existing_workspace_role = (
+                db.session.query(WorkspaceRole)
+                .filter(
+                    WorkspaceRole.user == user,
+                    WorkspaceRole.workspace_id == workspace_id,
+                )
+                .one()
+            )
+            return existing_workspace_role
+        except NoResultFound:
+            raise NotFoundError("workspace role")
+
     @classmethod
     def add(cls, user, workspace_id, role_name):
         role = Roles.get(role_name)
@@ -57,6 +72,16 @@ class WorkspaceUsers(object):
 
         return WorkspaceUser(user, new_workspace_role)
 
+    @classmethod
+    def update_role(cls, member, workspace_id, role_name):
+        new_role = Roles.get(role_name)
+        workspace_role = WorkspaceUsers._get_workspace_role(member.user, workspace_id)
+        workspace_role.role = new_role
+
+        db.session.add(workspace_role)
+        db.session.commit()
+        return WorkspaceUser(member.user, workspace_role)
+
     @classmethod
     def add_many(cls, workspace_id, workspace_user_dicts):
         workspace_users = []

atst/domain/workspaces.py

@@ -81,6 +81,15 @@ class Workspaces(object):
         )
         return workspace_user
 
+    @classmethod
+    def update_member(cls, user, workspace, member, role_name):
+        if not Authorization.has_workspace_permission(
+            user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE
+        ):
+            raise UnauthorizedError(user, "update workspace member")
+
+        return WorkspaceUsers.update_role(member, workspace.id, role_name)
+
     @classmethod
     def _create_workspace_role(cls, user, workspace, role_name):
         role = Roles.get(role_name)

atst/routes/workspaces.py

@@ -149,6 +149,9 @@ def update_member(workspace_id, member_id):
     form = UpdateMemberForm(http_request.form)
 
     if form.validate():
+        Workspaces.update_member(
+            g.current_user, workspace, member, form.data["workspace_role"]
+        )
         return redirect(
             url_for("workspaces.workspace_members", workspace_id=workspace.id)
         )

tests/domain/test_workspaces.py

@@ -119,3 +119,38 @@ def test_need_permission_to_create_workspace_user():
 
     with pytest.raises(UnauthorizedError):
         Workspaces.create_member(random_user, workspace, user_data)
+
+
+def test_can_update_workspace_user_role():
+    owner = UserFactory.create()
+    workspace = Workspaces.create(RequestFactory.create(creator=owner))
+    user_data = {
+        "first_name": "New",
+        "last_name": "User",
+        "email": "new.user@mail.com",
+        "workspace_role": "developer",
+        "dod_id": "1234567890",
+    }
+    member = Workspaces.create_member(owner, workspace, user_data)
+    role_name = "developer"
+
+    updated_member = Workspaces.update_member(owner, workspace, member, role_name)
+    assert updated_member.workspace == workspace
+
+
+def test_need_permission_to_update_workspace_user_role():
+    owner = UserFactory.create()
+    workspace = Workspaces.create(RequestFactory.create(creator=owner))
+    random_user = UserFactory.create()
+    user_data = {
+        "first_name": "New",
+        "last_name": "User",
+        "email": "new.user@mail.com",
+        "workspace_role": "developer",
+        "dod_id": "1234567890",
+    }
+    member = Workspaces.create_member(owner, workspace, user_data)
+    role_name = "developer"
+
+    with pytest.raises(UnauthorizedError):
+        Workspaces.update_member(random_user, workspace, member, role_name)