Merge pull request #802 from dod-ccpo/accept-application-invite

Accept application invite
2019-05-06 14:30:54 -04:00
parent 44978248d4 fa2f7f29f3
commit b0600a34db
13 changed files with 177 additions and 50 deletions
--- a/tests/domain/test_application_roles.py
+++ b/tests/domain/test_application_roles.py
@@ -1,6 +1,8 @@
 from atst.domain.application_roles import ApplicationRoles
 from atst.domain.permission_sets import PermissionSets
-from tests.factories import UserFactory, ApplicationFactory
+from atst.models import ApplicationRoleStatus
+
+from tests.factories import *


 def test_create_application_role():
@@ -18,3 +20,16 @@ def test_create_application_role():
    )
    assert application_role.application == application
    assert application_role.user == user
+
+
+def test_enabled_application_role():
+    application = ApplicationFactory.create()
+    user = UserFactory.create()
+    app_role = ApplicationRoleFactory.create(
+        application=application, user=user, status=ApplicationRoleStatus.DISABLED
+    )
+    assert app_role.status == ApplicationRoleStatus.DISABLED
+
+    ApplicationRoles.enable(app_role)
+
+    assert app_role.status == ApplicationRoleStatus.ACTIVE
--- a/tests/domain/test_applications.py
+++ b/tests/domain/test_applications.py
@@ -1,7 +1,7 @@
 import pytest
 from uuid import uuid4

-from atst.models import CSPRole
+from atst.models import CSPRole, ApplicationRoleStatus
 from atst.domain.applications import Applications
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.exceptions import NotFoundError
@@ -128,3 +128,30 @@ def test_create_member():
    env_roles = member_role.user.environment_roles
    assert len(env_roles) == 1
    assert env_roles[0].environment == env1
+
+
+def test_for_user():
+    user = UserFactory.create()
+    portfolio = PortfolioFactory.create()
+    for _x in range(4):
+        ApplicationFactory.create(portfolio=portfolio)
+
+    ApplicationRoleFactory.create(
+        application=portfolio.applications[0],
+        user=user,
+        status=ApplicationRoleStatus.ACTIVE,
+    )
+    ApplicationRoleFactory.create(
+        application=portfolio.applications[1],
+        user=user,
+        status=ApplicationRoleStatus.ACTIVE,
+    )
+    ApplicationRoleFactory.create(
+        application=portfolio.applications[2],
+        user=user,
+        status=ApplicationRoleStatus.PENDING,
+    )
+
+    assert len(portfolio.applications) == 4
+    user_applications = Applications.for_user(user, portfolio)
+    assert len(user_applications) == 2
--- a/tests/routes/applications/test_index.py
+++ b/tests/routes/applications/test_index.py
@@ -1,13 +1,6 @@
 from flask import url_for, get_flashed_messages

-from tests.factories import (
-    UserFactory,
-    PortfolioFactory,
-    PortfolioRoleFactory,
-    EnvironmentRoleFactory,
-    EnvironmentFactory,
-    ApplicationFactory,
-)
+from tests.factories import *

 from atst.domain.applications import Applications
 from atst.domain.portfolios import Portfolios
@@ -68,3 +61,31 @@ def test_user_without_permission_has_no_add_application_link(client, user_sessio
        url_for("applications.create", portfolio_id=portfolio.id)
        not in response.data.decode()
    )
+
+
+def test_portfolio_applications_user_with_application_roles(client, user_session):
+    user = UserFactory.create()
+    portfolio = PortfolioFactory.create()
+
+    app1 = ApplicationFactory.create(portfolio=portfolio, name="X-Wing")
+    app2 = ApplicationFactory.create(portfolio=portfolio, name="TIE Fighter")
+    app3 = ApplicationFactory.create(portfolio=portfolio, name="Millenium Falcon")
+
+    ApplicationRoleFactory.create(
+        application=app1, user=user, status=ApplicationRoleStatus.ACTIVE
+    )
+    ApplicationRoleFactory.create(
+        application=app2, user=user, status=ApplicationRoleStatus.ACTIVE
+    )
+
+    user_session(user)
+    response = client.get(
+        url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
+    )
+    assert response.status_code == 200
+
+    body = response.data.decode()
+
+    assert app1.name in body
+    assert app2.name in body
+    assert app3.name not in body
--- a/tests/routes/applications/test_invitations.py
+++ b/tests/routes/applications/test_invitations.py
@@ -0,0 +1,41 @@
+from flask import url_for
+
+from tests.factories import *
+
+
+def test_accept_application_invitation(client, user_session):
+    user = UserFactory.create()
+    application = ApplicationFactory.create()
+    app_role = ApplicationRoleFactory.create(application=application, user=user)
+    invite = ApplicationInvitationFactory.create(
+        role=app_role, user=user, inviter=application.portfolio.owner
+    )
+
+    user_session(user)
+    response = client.get(url_for("applications.accept_invitation", token=invite.token))
+
+    assert response.status_code == 302
+    expected_location = url_for(
+        "applications.portfolio_applications",
+        portfolio_id=application.portfolio_id,
+        _external=True,
+    )
+    assert response.location == expected_location
+
+
+def test_accept_application_invitation_end_to_end(client, user_session):
+    user = UserFactory.create()
+    application = ApplicationFactory.create(name="Millenium Falcon")
+    app_role = ApplicationRoleFactory.create(application=application, user=user)
+    invite = ApplicationInvitationFactory.create(
+        role=app_role, user=user, inviter=application.portfolio.owner
+    )
+
+    user_session(user)
+    response = client.get(
+        url_for("applications.accept_invitation", token=invite.token),
+        follow_redirects=True,
+    )
+
+    assert response.status_code == 200
+    assert application.name in response.data.decode()
--- a/tests/test_access.py
+++ b/tests/test_access.py
@@ -8,8 +8,7 @@ import atst
 from atst.app import make_app, make_config
 from atst.domain.auth import UNPROTECTED_ROUTES as _NO_LOGIN_REQUIRED
 from atst.domain.permission_sets import PermissionSets
-from atst.models.environment_role import CSPRole
-from atst.models.portfolio_role import Status as PortfolioRoleStatus
+from atst.models import CSPRole, PortfolioRoleStatus, ApplicationRoleStatus

 from tests.factories import (
    AttachmentFactory,
@@ -35,6 +34,7 @@ _NO_ACCESS_CHECK_REQUIRED = _NO_LOGIN_REQUIRED + [
    "users.user",  # available to all users
    "users.update_user",  # available to all users
    "portfolios.accept_invitation",  # available to all users; access control is built into invitation logic
+    "applications.accept_invitation",  # available to all users; access control is built into invitation logic
    "atst.catch_all",  # available to all users
    "portfolios.portfolios",  # the portfolios list is scoped to the user separately
 ]
@@ -360,12 +360,18 @@ def test_portfolios_admin_access(get_url_assert_status):
 def test_applications_portfolio_applications_access(get_url_assert_status):
    ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT)
    owner = user_with()
+    app_user = user_with()
    rando = user_with()
    portfolio = PortfolioFactory.create(owner=owner)
+    application = ApplicationFactory.create(portfolio=portfolio)
+    ApplicationRoleFactory.create(
+        application=application, user=app_user, status=ApplicationRoleStatus.ACTIVE
+    )

    url = url_for("applications.portfolio_applications", portfolio_id=portfolio.id)
    get_url_assert_status(ccpo, url, 200)
    get_url_assert_status(owner, url, 200)
+    get_url_assert_status(app_user, url, 200)
    get_url_assert_status(rando, url, 404)