From b9529d5c4e32129662dbf52da2ef193b0ed0f537 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Tue, 6 Nov 2018 16:35:25 -0500
Subject: [PATCH] endpoint for revoking invitations

---
 atst/routes/workspaces.py       | 18 +++++++++++++++++-
 tests/routes/test_workspaces.py | 19 +++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/atst/routes/workspaces.py b/atst/routes/workspaces.py
index b62c6274..0a6c0beb 100644
--- a/atst/routes/workspaces.py
+++ b/atst/routes/workspaces.py
@@ -357,10 +357,26 @@ def update_member(workspace_id, member_id):
         )
 
 
-@bp.route("/workspaces/invitation/<token>", methods=["GET"])
+@bp.route("/workspaces/invitations/<token>", methods=["GET"])
 def accept_invitation(token):
     invite = Invitations.accept(g.current_user, token)
 
     return redirect(
         url_for("workspaces.show_workspace", workspace_id=invite.workspace.id)
     )
+
+
+@bp.route("/workspaces/<workspace_id>/invitations/<token>/revoke", methods=["POST"])
+def revoke_invitation(workspace_id, token):
+    workspace = Workspaces.get(g.current_user, workspace_id)
+    Authorization.check_workspace_permission(
+        g.current_user,
+        workspace,
+        Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
+        "revoke member invitation",
+    )
+    invite = Invitations.revoke(token)
+
+    return redirect(
+        url_for("workspaces.show_workspace", workspace_id=workspace.id)
+    )
diff --git a/tests/routes/test_workspaces.py b/tests/routes/test_workspaces.py
index f2c67528..b3b3dd22 100644
--- a/tests/routes/test_workspaces.py
+++ b/tests/routes/test_workspaces.py
@@ -420,3 +420,22 @@ def test_user_accepts_expired_invite(client, user_session):
     response = client.get(url_for("workspaces.accept_invitation", token=invite.token))
 
     assert response.status_code == 404
+
+
+def test_revoke_invitation(client, user_session):
+    workspace = WorkspaceFactory.create()
+    user = UserFactory.create()
+    ws_role = WorkspaceRoleFactory.create(
+        user=user, workspace=workspace, status=WorkspaceRoleStatus.PENDING
+    )
+    invite = InvitationFactory.create(
+        user_id=user.id,
+        workspace_role_id=ws_role.id,
+        status=InvitationStatus.REJECTED_EXPIRED,
+        expiration_time=datetime.datetime.now() - datetime.timedelta(seconds=1),
+    )
+    user_session(workspace.owner)
+    response = client.post(url_for("workspaces.revoke_invitation", workspace_id=workspace.id, token=invite.token))
+
+    assert response.status_code == 302
+    assert invite.is_revoked