Route for accepting an application invitation.

- Domain method for enabling an application role.
- Updated ApplicationRole model `history` property so that it serializes
  the `status` correctly

tests/domain/test_application_roles.py

@@ -1,6 +1,8 @@
 from atst.domain.application_roles import ApplicationRoles
 from atst.domain.permission_sets import PermissionSets
-from tests.factories import UserFactory, ApplicationFactory
+from atst.models import ApplicationRoleStatus
+
+from tests.factories import *
 
 
 def test_create_application_role():
@@ -18,3 +20,16 @@ def test_create_application_role():
     )
     assert application_role.application == application
     assert application_role.user == user
+
+
+def test_enabled_application_role():
+    application = ApplicationFactory.create()
+    user = UserFactory.create()
+    app_role = ApplicationRoleFactory.create(
+        application=application, user=user, status=ApplicationRoleStatus.DISABLED
+    )
+    assert app_role.status == ApplicationRoleStatus.DISABLED
+
+    ApplicationRoles.enable(app_role)
+
+    assert app_role.status == ApplicationRoleStatus.ACTIVE

tests/routes/applications/test_invitations.py

@@ -0,0 +1,23 @@
+from flask import url_for
+
+from tests.factories import *
+
+
+def test_accept_application_invitation(client, user_session):
+    user = UserFactory.create()
+    application = ApplicationFactory.create()
+    app_role = ApplicationRoleFactory.create(application=application, user=user)
+    invite = ApplicationInvitationFactory.create(
+        role=app_role, user=user, inviter=application.portfolio.owner
+    )
+
+    user_session(user)
+    response = client.get(url_for("applications.accept_invitation", token=invite.token))
+
+    assert response.status_code == 302
+    expected_location = url_for(
+        "portfolios.show_portfolio",
+        portfolio_id=application.portfolio_id,
+        _external=True,
+    )
+    assert response.location == expected_location

tests/test_access.py

@@ -35,6 +35,7 @@ _NO_ACCESS_CHECK_REQUIRED = _NO_LOGIN_REQUIRED + [
     "users.user",  # available to all users
     "users.update_user",  # available to all users
     "portfolios.accept_invitation",  # available to all users; access control is built into invitation logic
+    "applications.accept_invitation",  # available to all users; access control is built into invitation logic
     "atst.catch_all",  # available to all users
     "portfolios.portfolios",  # the portfolios list is scoped to the user separately
 ]