restrict workspace information updates to owner and admins

This commit is contained in:
dandds
2018-09-17 13:30:25 -04:00
parent c3f89ba149
commit bba2a2b283
4 changed files with 63 additions and 3 deletions

View File

@@ -234,3 +234,19 @@ def test_for_user_returns_all_workspaces_for_ccpo(workspace, workspace_owner):
sams_workspaces = Workspaces.for_user(sam)
assert len(sams_workspaces) == 2
def test_get_for_update_information():
workspace_owner = UserFactory.create()
workspace = Workspaces.create(RequestFactory.create(creator=workspace_owner))
owner_ws = Workspaces.get_for_update_information(workspace_owner, workspace.id)
assert workspace == owner_ws
admin = UserFactory.create()
Workspaces.add_member(workspace, admin, "admin")
admin_ws = Workspaces.get_for_update_information(admin, workspace.id)
assert workspace == admin_ws
ccpo = UserFactory.from_atat_role("ccpo")
with pytest.raises(UnauthorizedError):
Workspaces.get_for_update_information(ccpo, workspace.id)