Delete tests and route associated with old portfolio member perms form
This commit is contained in:
leigh-mil
parent
c9d0c64c1f
commit
975d3d243b
@ -94,34 +94,6 @@ def admin(portfolio_id):
|
|||||||
return render_admin_page(portfolio)
|
return render_admin_page(portfolio)
|
||||||
|
|
||||||
|
|
||||||
@portfolios_bp.route("/portfolios/<portfolio_id>/admin", methods=["POST"])
|
|
||||||
@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="view portfolio admin page")
|
|
||||||
def edit_members(portfolio_id):
|
|
||||||
portfolio = Portfolios.get_for_update(portfolio_id)
|
|
||||||
member_perms_form = member_forms.MembersPermissionsForm(http_request.form)
|
|
||||||
|
|
||||||
if member_perms_form.validate():
|
|
||||||
for subform in member_perms_form.members_permissions:
|
|
||||||
member_id = subform.member_id.data
|
|
||||||
member = PortfolioRoles.get_by_id(member_id)
|
|
||||||
if member is not portfolio.owner_role:
|
|
||||||
new_perm_set = subform.data["permission_sets"]
|
|
||||||
PortfolioRoles.update(member, new_perm_set)
|
|
||||||
|
|
||||||
flash("update_portfolio_members", portfolio=portfolio)
|
|
||||||
|
|
||||||
return redirect(
|
|
||||||
url_for(
|
|
||||||
"portfolios.admin",
|
|
||||||
portfolio_id=portfolio_id,
|
|
||||||
fragment="portfolio-members",
|
|
||||||
_anchor="portfolio-members",
|
|
||||||
)
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
return render_admin_page(portfolio)
|
|
||||||
|
|
||||||
|
|
||||||
@portfolios_bp.route("/portfolios/<portfolio_id>/update_ppoc", methods=["POST"])
|
@portfolios_bp.route("/portfolios/<portfolio_id>/update_ppoc", methods=["POST"])
|
||||||
@user_can(Permissions.EDIT_PORTFOLIO_POC, message="update portfolio ppoc")
|
@user_can(Permissions.EDIT_PORTFOLIO_POC, message="update portfolio ppoc")
|
||||||
def update_ppoc(portfolio_id):
|
def update_ppoc(portfolio_id):
|
||||||
|
|||||||
@ -34,138 +34,6 @@ def test_member_table_access(client, user_session):
|
|||||||
assert "<select" not in view_resp.data.decode()
|
assert "<select" not in view_resp.data.decode()
|
||||||
|
|
||||||
|
|
||||||
def test_update_member_permissions(client, user_session):
|
|
||||||
portfolio = PortfolioFactory.create()
|
|
||||||
rando = UserFactory.create()
|
|
||||||
rando_pf_role = PortfolioRoleFactory.create(
|
|
||||||
user=rando,
|
|
||||||
portfolio=portfolio,
|
|
||||||
permission_sets=[PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_ADMIN)],
|
|
||||||
)
|
|
||||||
|
|
||||||
user = UserFactory.create()
|
|
||||||
PortfolioRoleFactory.create(
|
|
||||||
user=user,
|
|
||||||
portfolio=portfolio,
|
|
||||||
permission_sets=PermissionSets.get_many(
|
|
||||||
[PermissionSets.EDIT_PORTFOLIO_ADMIN, PermissionSets.VIEW_PORTFOLIO_ADMIN]
|
|
||||||
),
|
|
||||||
)
|
|
||||||
user_session(user)
|
|
||||||
|
|
||||||
form_data = {
|
|
||||||
"members_permissions-0-member_id": rando_pf_role.id,
|
|
||||||
"members_permissions-0-perms_app_mgmt": "edit_portfolio_application_management",
|
|
||||||
"members_permissions-0-perms_funding": "view_portfolio_funding",
|
|
||||||
"members_permissions-0-perms_reporting": "view_portfolio_reports",
|
|
||||||
"members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
|
|
||||||
}
|
|
||||||
|
|
||||||
response = client.post(
|
|
||||||
url_for("portfolios.edit_members", portfolio_id=portfolio.id),
|
|
||||||
data=form_data,
|
|
||||||
follow_redirects=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
assert response.status_code == 200
|
|
||||||
assert rando_pf_role.has_permission_set(
|
|
||||||
PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def test_no_update_member_permissions_without_edit_access(client, user_session):
|
|
||||||
portfolio = PortfolioFactory.create()
|
|
||||||
rando = UserFactory.create()
|
|
||||||
rando_pf_role = PortfolioRoleFactory.create(
|
|
||||||
user=rando,
|
|
||||||
portfolio=portfolio,
|
|
||||||
permission_sets=[PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_ADMIN)],
|
|
||||||
)
|
|
||||||
|
|
||||||
user = UserFactory.create()
|
|
||||||
PortfolioRoleFactory.create(
|
|
||||||
user=user,
|
|
||||||
portfolio=portfolio,
|
|
||||||
permission_sets=[PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_ADMIN)],
|
|
||||||
)
|
|
||||||
user_session(user)
|
|
||||||
|
|
||||||
form_data = {
|
|
||||||
"members_permissions-0-member_id": rando_pf_role.id,
|
|
||||||
"members_permissions-0-perms_app_mgmt": "edit_portfolio_application_management",
|
|
||||||
"members_permissions-0-perms_funding": "view_portfolio_funding",
|
|
||||||
"members_permissions-0-perms_reporting": "view_portfolio_reports",
|
|
||||||
"members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
|
|
||||||
}
|
|
||||||
|
|
||||||
response = client.post(
|
|
||||||
url_for("portfolios.edit_members", portfolio_id=portfolio.id),
|
|
||||||
data=form_data,
|
|
||||||
follow_redirects=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
assert response.status_code == 404
|
|
||||||
assert not rando_pf_role.has_permission_set(
|
|
||||||
PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def test_rerender_admin_page_if_member_perms_form_does_not_validate(
|
|
||||||
client, user_session, monkeypatch
|
|
||||||
):
|
|
||||||
portfolio = PortfolioFactory.create()
|
|
||||||
user = UserFactory.create()
|
|
||||||
role = PortfolioRoleFactory.create(
|
|
||||||
user=user,
|
|
||||||
portfolio=portfolio,
|
|
||||||
permission_sets=[PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_ADMIN)],
|
|
||||||
)
|
|
||||||
user_session(user)
|
|
||||||
form_data = {
|
|
||||||
"members_permissions-0-member_id": role.id,
|
|
||||||
"members_permissions-0-perms_app_mgmt": "bad input",
|
|
||||||
"members_permissions-0-perms_funding": "view_portfolio_funding",
|
|
||||||
"members_permissions-0-perms_reporting": "view_portfolio_reports",
|
|
||||||
"members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
|
|
||||||
}
|
|
||||||
|
|
||||||
mock_route = MagicMock(return_value=("", 200, {}))
|
|
||||||
monkeypatch.setattr("atst.routes.portfolios.admin.render_admin_page", mock_route)
|
|
||||||
client.post(
|
|
||||||
url_for("portfolios.edit_members", portfolio_id=portfolio.id), data=form_data
|
|
||||||
)
|
|
||||||
mock_route.assert_called()
|
|
||||||
|
|
||||||
|
|
||||||
def test_cannot_update_portfolio_ppoc_perms(client, user_session):
|
|
||||||
portfolio = PortfolioFactory.create()
|
|
||||||
ppoc = portfolio.owner
|
|
||||||
ppoc_pf_role = PortfolioRoles.get(portfolio_id=portfolio.id, user_id=ppoc.id)
|
|
||||||
user = UserFactory.create()
|
|
||||||
PortfolioRoleFactory.create(portfolio=portfolio, user=user)
|
|
||||||
|
|
||||||
user_session(user)
|
|
||||||
|
|
||||||
assert ppoc_pf_role.has_permission_set(PermissionSets.PORTFOLIO_POC)
|
|
||||||
|
|
||||||
member_perms_data = {
|
|
||||||
"members_permissions-0-member_id": ppoc_pf_role.id,
|
|
||||||
"members_permissions-0-perms_app_mgmt": "view_portfolio_application_management",
|
|
||||||
"members_permissions-0-perms_funding": "view_portfolio_funding",
|
|
||||||
"members_permissions-0-perms_reporting": "view_portfolio_reports",
|
|
||||||
"members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
|
|
||||||
}
|
|
||||||
|
|
||||||
response = client.post(
|
|
||||||
url_for("portfolios.edit_members", portfolio_id=portfolio.id),
|
|
||||||
data=member_perms_data,
|
|
||||||
follow_redirects=True,
|
|
||||||
)
|
|
||||||
|
|
||||||
assert response.status_code == 404
|
|
||||||
assert ppoc_pf_role.has_permission_set(PermissionSets.PORTFOLIO_POC)
|
|
||||||
|
|
||||||
|
|
||||||
def test_update_portfolio_name_and_description(client, user_session):
|
def test_update_portfolio_name_and_description(client, user_session):
|
||||||
portfolio = PortfolioFactory.create()
|
portfolio = PortfolioFactory.create()
|
||||||
user_session(portfolio.owner)
|
user_session(portfolio.owner)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user