New domain method for adding workspace user

atst/domain/workspace_users.py

@@ -33,6 +33,8 @@ class WorkspaceUsers(object):
     @classmethod
     def add(cls, user, workspace_id, role_name):
         role = Roles.get(role_name)
+
+        new_workspace_role = None
         try:
             existing_workspace_role = (
                 db.session.query(WorkspaceRole)
@@ -53,6 +55,8 @@ class WorkspaceUsers(object):
         db.session.add(user)
         db.session.commit()
 
+        return WorkspaceUser(user, new_workspace_role)
+
     @classmethod
     def add_many(cls, workspace_id, workspace_user_dicts):
         workspace_users = []

atst/domain/workspaces.py

@@ -7,6 +7,8 @@ from atst.domain.exceptions import NotFoundError, UnauthorizedError
 from atst.domain.roles import Roles
 from atst.domain.authz import Authorization
 from atst.models.permissions import Permissions
+from atst.domain.users import Users
+from atst.domain.workspace_users import WorkspaceUsers
 
 
 class Workspaces(object):
@@ -61,6 +63,24 @@ class Workspaces(object):
         )
         return workspaces
 
+    @classmethod
+    def create_member(cls, user, workspace, data):
+        if not Authorization.has_workspace_permission(
+            user, workspace, Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE
+        ):
+            raise UnauthorizedError(user, "create workspace member")
+
+        new_user = Users.get_or_create_by_dod_id(
+            data["dod_id"],
+            first_name=data["first_name"],
+            last_name=data["last_name"],
+            email=data["email"],
+        )
+        workspace_user = WorkspaceUsers.add(
+            new_user, workspace.id, data["workspace_role"]
+        )
+        return workspace_user
+
     @classmethod
     def _create_workspace_role(cls, user, workspace, role_name):
         role = Roles.get(role_name)

atst/models/workspace_user.py

@@ -10,5 +10,9 @@ class WorkspaceUser(object):
         )
         return set(workspace_permissions).union(atat_permissions)
 
+    @property
+    def workspace(self):
+        return self.workspace_role.workspace
+
     def workspace_id(self):
         return self.workspace_role.workspace_id

tests/domain/test_workspaces.py

@@ -87,3 +87,35 @@ def test_get_for_update_blocks_developer():
 
     with pytest.raises(UnauthorizedError):
         Workspaces.get_for_update(developer, workspace.id)
+
+
+def test_can_create_workspace_user():
+    owner = UserFactory.create()
+    workspace = Workspaces.create(RequestFactory.create(creator=owner))
+
+    user_data = {
+        "first_name": "New",
+        "last_name": "User",
+        "email": "new.user@mail.com",
+        "workspace_role": "developer",
+        "dod_id": "1234567890"
+    }
+
+    new_member = Workspaces.create_member(owner, workspace, user_data)
+    assert new_member.workspace == workspace
+
+
+def test_need_permission_to_create_workspace_user():
+    workspace = Workspaces.create(request=RequestFactory.create())
+    random_user = UserFactory.create()
+
+    user_data = {
+        "first_name": "New",
+        "last_name": "User",
+        "email": "new.user@mail.com",
+        "workspace_role": "developer",
+        "dod_id": "1234567890"
+    }
+
+    with pytest.raises(UnauthorizedError):
+        Workspaces.create_member(random_user, workspace, user_data)