diff --git a/atst/routes/portfolios/index.py b/atst/routes/portfolios/index.py index 2f985b76..dcdee315 100644 --- a/atst/routes/portfolios/index.py +++ b/atst/routes/portfolios/index.py @@ -233,6 +233,8 @@ def remove_member(portfolio_id, user_id): ) portfolio_role = PortfolioRoles.get(portfolio_id=portfolio_id, user_id=user_id) + # TODO: should this cascade and disable any application and environment + # roles they might have? PortfolioRoles.disable(portfolio_role=portfolio_role) flash("portfolio_member_removed", member_name=portfolio_role.user.full_name) diff --git a/atst/routes/portfolios/invitations.py b/atst/routes/portfolios/invitations.py index dd221bb3..a8870667 100644 --- a/atst/routes/portfolios/invitations.py +++ b/atst/routes/portfolios/invitations.py @@ -48,7 +48,14 @@ def accept_invitation(token): def revoke_invitation(portfolio_id, token): Invitations.revoke(token) - return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id)) + return redirect( + url_for( + "portfolios.portfolio_admin", + portfolio_id=portfolio_id, + _anchor="portfolio-members", + fragment="portfolio-members", + ) + ) @portfolios_bp.route( @@ -59,4 +66,11 @@ def resend_invitation(portfolio_id, token): invite = Invitations.resend(g.current_user, token) send_invite_email(g.current_user.full_name, invite.token, invite.email) flash("resend_portfolio_invitation", user_name=invite.user_name) - return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id)) + return redirect( + url_for( + "portfolios.portfolio_admin", + portfolio_id=portfolio_id, + fragment="portfolio-members", + _anchor="portfolio-members", + ) + ) diff --git a/atst/routes/portfolios/members.py b/atst/routes/portfolios/members.py index 76187dc7..8b6860dd 100644 --- a/atst/routes/portfolios/members.py +++ b/atst/routes/portfolios/members.py @@ -1,17 +1,10 @@ -import re - from flask import render_template, request as http_request, g, redirect, url_for from . import portfolios_bp from atst.domain.exceptions import AlreadyExistsError -from atst.domain.applications import Applications from atst.domain.portfolios import Portfolios -from atst.domain.portfolio_roles import PortfolioRoles, MEMBER_STATUS_CHOICES -from atst.domain.environments import Environments -from atst.domain.environment_roles import EnvironmentRoles from atst.services.invitation import Invitation as InvitationService import atst.forms.portfolio_member as member_forms -from atst.forms.data import ENVIRONMENT_ROLES, ENV_ROLE_MODAL_DESCRIPTION from atst.domain.authz.decorator import user_can_access_decorator as user_can from atst.models.permissions import Permissions @@ -33,43 +26,6 @@ def serialize_portfolio_role(portfolio_role): } -@portfolios_bp.route("/portfolios//members") -@user_can(Permissions.VIEW_PORTFOLIO_USERS, message="view portfolio members") -def portfolio_members(portfolio_id): - portfolio = Portfolios.get_for_update(portfolio_id) - members_list = [serialize_portfolio_role(k) for k in portfolio.members] - - return render_template( - "portfolios/members/index.html", - status_choices=MEMBER_STATUS_CHOICES, - members=members_list, - ) - - -@portfolios_bp.route("/portfolios//applications//members") -@user_can(Permissions.VIEW_APPLICATION_MEMBER, message="view application members") -def application_members(portfolio_id, application_id): - portfolio = Portfolios.get_for_update(portfolio_id) - application = Applications.get(application_id, portfolio_id=portfolio_id) - # TODO: this should show only members that have env roles in this application - members_list = [serialize_portfolio_role(k) for k in portfolio.members] - - return render_template( - "portfolios/applications/members.html", - application=application, - members=members_list, - ) - - -@portfolios_bp.route("/portfolios//members/new") -@user_can( - Permissions.CREATE_PORTFOLIO_USERS, message="view create new portfolio member form" -) -def new_member(portfolio_id): - form = member_forms.NewForm() - return render_template("portfolios/members/new.html", form=form) - - @portfolios_bp.route("/portfolios//members/new", methods=["POST"]) @user_can(Permissions.CREATE_PORTFOLIO_USERS, message="create new portfolio member") def create_member(portfolio_id): @@ -86,84 +42,19 @@ def create_member(portfolio_id): flash("new_portfolio_member", new_member=member, portfolio=portfolio) - return redirect( - url_for( - "portfolios.portfolio_admin", - portfolio_id=portfolio_id, - fragment="portfolio-members", - _anchor="portfolio-members", - ) - ) except AlreadyExistsError: return render_template( "error.html", message="There was an error processing your request." ) else: - return render_template("portfolios/members/new.html", form=form) + pass + # TODO: flash error message - -@portfolios_bp.route("/portfolios//members//member_edit") -@user_can(Permissions.VIEW_PORTFOLIO_USERS, message="view portfolio member") -def view_member(portfolio_id, member_id): - portfolio = Portfolios.get(g.current_user, portfolio_id) - member = PortfolioRoles.get(portfolio_id, member_id) - applications = Applications.get_all(portfolio) - form = member_forms.EditForm(portfolio_role="admin") - editable = g.current_user == member.user - can_revoke_access = Portfolios.can_revoke_access_for(portfolio, member) - - if member.has_dod_id_error: - flash("portfolio_member_dod_id_error") - - return render_template( - "portfolios/members/edit.html", - member=member, - applications=applications, - form=form, - choices=ENVIRONMENT_ROLES, - env_role_modal_description=ENV_ROLE_MODAL_DESCRIPTION, - EnvironmentRoles=EnvironmentRoles, - editable=editable, - can_revoke_access=can_revoke_access, - ) - - -# TODO: check if member_id is consistent with other routes here; -# user ID vs portfolio role ID -@portfolios_bp.route( - "/portfolios//members//member_edit", methods=["POST"] -) -@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="update portfolio member") -def update_member(portfolio_id, member_id): - member = PortfolioRoles.get(portfolio_id, member_id) - - ids_and_roles = [] - form_dict = http_request.form.to_dict() - for entry in form_dict: - if re.match("env_", entry): - env_id = entry[4:] - env_role = form_dict[entry] or None - ids_and_roles.append({"id": env_id, "role": env_role}) - - form = member_forms.EditForm(http_request.form) - if form.validate(): - member = Portfolios.update_member(member, form.data["permission_sets"]) - updated_roles = Environments.update_environment_roles(member, ids_and_roles) - if updated_roles: - flash("environment_access_changed") - - return redirect( - url_for("portfolios.portfolio_members", portfolio_id=portfolio_id) + return redirect( + url_for( + "portfolios.portfolio_admin", + portfolio_id=portfolio_id, + fragment="portfolio-members", + _anchor="portfolio-members", ) - else: - return render_template("portfolios/members/edit.html", form=form, member=member) - - -@portfolios_bp.route( - "/portfolios//members//revoke_access", methods=["POST"] -) -@user_can(Permissions.EDIT_PORTFOLIO_USERS, message="revoke portfolio access") -def revoke_access(portfolio_id, member_id): - revoked_role = Portfolios.revoke_access(portfolio_id, member_id) - flash("revoked_portfolio_access", member_name=revoked_role.user.full_name) - return redirect(url_for("portfolios.portfolio_members", portfolio_id=portfolio_id)) + ) diff --git a/templates/portfolios/members/edit.html b/templates/portfolios/members/edit.html deleted file mode 100644 index 6c31ae1c..00000000 --- a/templates/portfolios/members/edit.html +++ /dev/null @@ -1,216 +0,0 @@ -{% extends "base.html" %} - -{% from "components/icon.html" import Icon %} -{% from "components/modal.html" import Modal %} -{% from "components/selector.html" import Selector %} -{% from "components/options_input.html" import OptionsInput %} -{% from "components/confirmation_button.html" import ConfirmationButton %} - -{% block content %} - -{% include "fragments/flash.html" %} - -
- {{ form.csrf_token }} - -
-
Edit Portfolio Member
-
-
-
-

{{ member.user.full_name }}

- -
- - - - - - - - - - - - - - - -
{{ "portfolios.members.permissions.app_mgmt" | translate }}{{ "portfolios.members.permissions.funding" | translate }}{{ "portfolios.members.permissions.reporting" | translate }}{{ "portfolios.members.permissions.portfolio_mgmt" | translate }}
- {{ form.perms_app_mgmt() }} - - {{ form.perms_funding() }} - - {{ form.perms_reporting() }} - - {{ form.perms_portfolio_mgmt() }} -
-
- -
-
-
-
-
DOD ID:
-
{{ member.user.dod_id }}
-
-
-
Email:
-
{{ member.user.email }}
-
-
- {% if editable %} - edit account details - {% endif %} -
- {% if member.latest_invitation.is_revokable %} - {{ ConfirmationButton( - "Revoke Invitation", - url_for("portfolios.revoke_invitation", portfolio_id=portfolio.id, token=member.latest_invitation.token), - ) }} - {% endif %} - {% if member.can_resend_invitation %} - {{ ConfirmationButton ( - "Resend Invitation", - url_for("portfolios.resend_invitation", portfolio_id=portfolio.id, token=member.latest_invitation.token), - confirm_msg="Are you sure? This will send an email to invite the user to join this portfolio." - )}} - {% endif %} - {% if can_revoke_access %} - {{ ConfirmationButton ( - "Remove Portfolio Access", - url_for("portfolios.revoke_access", portfolio_id=portfolio.id, member_id=member.id), - confirm_msg="Are you sure? This will remove this user from the portfolio.", - )}} - {% endif %} -
-
-
- -
-
Manage Access
-
Grant access to an environment
-
- -
-
- - - -
-
- - {% for application in applications %} - {% set revoke_modal_name = (application.id|string) + 'RevokeModal' %} - -
- -
- - {% endfor %} - -
-
- -
- - - {{ Icon('x') }} - Cancel - -
- -
- -{% endblock %} diff --git a/templates/portfolios/members/index.html b/templates/portfolios/members/index.html deleted file mode 100644 index ea02c028..00000000 --- a/templates/portfolios/members/index.html +++ /dev/null @@ -1,112 +0,0 @@ -{% extends "portfolios/base.html" %} - -{% from "components/empty_state.html" import EmptyState %} -{% from "components/icon.html" import Icon %} - -{% set secondary_breadcrumb = 'Portfolio Team Management' %} - -{% block portfolio_content %} - -{% if not portfolio.members %} - - {% set user_can_invite = user_can(permissions.CREATE_PORTFOLIO_USERS) %} - - {{ EmptyState( - 'There are currently no members in this Portfolio.', - action_label='Invite a new Member' if user_can_invite else None, - action_href='/members/new' if user_can_invite else None, - sub_message=None if user_can_invite else 'Please contact your JEDI Cloud portfolio administrator to invite new members.', - icon='avatar' - ) }} - - -{% else %} - -{% include "fragments/flash.html" %} - - -
-
-
- - - -
- -
-
- - -
-
-
- -
- - - - - - - - - - - - - - - - - - - -
- !{ col.displayName } - - {{ Icon("caret_down") }} - - - {{ Icon("caret_up") }} - -
- - - - - No Environment Access -
- - Add A New Member - {{ Icon('plus', classes='icon--circle') }} - -
-
- {{ EmptyState( - 'No members found.', - action_label=None, - action_href=None, - sub_message='Please try a different search.', - icon=None - ) }} -
-
-
- - -{% endif %} - - -{% endblock %} - diff --git a/templates/portfolios/members/new.html b/templates/portfolios/members/new.html deleted file mode 100644 index 190a3716..00000000 --- a/templates/portfolios/members/new.html +++ /dev/null @@ -1,66 +0,0 @@ -{% extends "base.html" %} - -{% from "components/icon.html" import Icon %} -{% from "components/text_input.html" import TextInput %} -{% from "components/options_input.html" import OptionsInput %} -{% from "components/selector.html" import Selector %} - -{% block content %} - -
- {{ form.csrf_token }} - -
- -
-

New Member

-

Account Details

-
- -
- {{ TextInput(form.first_name) }} - {{ TextInput(form.last_name) }} - {{ TextInput(form.email,placeholder='jane@mail.mil', validation='email') }} - {{ TextInput(form.dod_id,placeholder='10-digit number on the back of the CAC', validation='dodId') }} - - - - - - - - - - - - - - - -
{{ "portfolios.members.permissions.app_mgmt" | translate }}{{ "portfolios.members.permissions.funding" | translate }}{{ "portfolios.members.permissions.reporting" | translate }}{{ "portfolios.members.permissions.portfolio_mgmt" | translate }}
- {{ form.perms_app_mgmt() }} - - {{ form.perms_funding() }} - - {{ form.perms_reporting() }} - - {{ form.perms_portfolio_mgmt() }} -
-
-
- -
- - - {{ Icon('x') }} - Cancel - -
- - -
- - - - -{% endblock %} diff --git a/tests/routes/portfolios/test_applications.py b/tests/routes/portfolios/test_applications.py index 9b3e84f5..3db72532 100644 --- a/tests/routes/portfolios/test_applications.py +++ b/tests/routes/portfolios/test_applications.py @@ -245,16 +245,6 @@ def test_user_can_only_access_apps_in_their_portfolio(client, user_session): assert response.status_code == 404 assert time_updated == other_application.time_updated - # user can't view application members - response = client.get( - url_for( - "portfolios.application_members", - portfolio_id=portfolio.id, - application_id=other_application.id, - ) - ) - assert response.status_code == 404 - def create_environment(user): portfolio = PortfolioFactory.create() diff --git a/tests/routes/portfolios/test_members.py b/tests/routes/portfolios/test_members.py index b4edbb23..300f6432 100644 --- a/tests/routes/portfolios/test_members.py +++ b/tests/routes/portfolios/test_members.py @@ -1,21 +1,8 @@ -import pytest from flask import url_for -from tests.factories import ( - UserFactory, - PortfolioFactory, - PortfolioRoleFactory, - InvitationFactory, -) -from atst.domain.portfolios import Portfolios -from atst.domain.portfolio_roles import PortfolioRoles -from atst.domain.applications import Applications -from atst.domain.environments import Environments -from atst.domain.environment_roles import EnvironmentRoles +from tests.factories import UserFactory, PortfolioFactory from atst.domain.permission_sets import PermissionSets from atst.queue import queue -from atst.models.portfolio_role import Status as PortfolioRoleStatus -from atst.models.invitation import Status as InvitationStatus _DEFAULT_PERMS_FORM_DATA = { "perms_app_mgmt": PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT, @@ -25,65 +12,19 @@ _DEFAULT_PERMS_FORM_DATA = { } -def create_portfolio_and_invite_user( - ws_role="developer", - ws_status=PortfolioRoleStatus.PENDING, - invite_status=InvitationStatus.PENDING, -): - owner = UserFactory.create() - portfolio = PortfolioFactory.create(owner=owner) - if ws_role != "owner": - user = UserFactory.create() - member = PortfolioRoleFactory.create( - user=user, portfolio=portfolio, status=ws_status - ) - InvitationFactory.create( - inviter=portfolio.owner, - user=user, - portfolio_role=member, - email=member.user.email, - status=invite_status, - ) - return (portfolio, member) - else: - return (portfolio, portfolio.members[0]) - - def test_user_with_permission_has_add_member_link(client, user_session): portfolio = PortfolioFactory.create() user_session(portfolio.owner) - response = client.get("/portfolios/{}/members".format(portfolio.id)) + response = client.get( + url_for("portfolios.portfolio_admin", portfolio_id=portfolio.id) + ) assert response.status_code == 200 assert ( - 'href="/portfolios/{}/members/new"'.format(portfolio.id).encode() + url_for("portfolios.create_member", portfolio_id=portfolio.id).encode() in response.data ) -def test_user_without_permission_has_no_add_member_link(client, user_session): - user = UserFactory.create() - portfolio = PortfolioFactory.create() - Portfolios._create_portfolio_role(user, portfolio) - user_session(user) - response = client.get("/portfolios/{}/members".format(portfolio.id)) - assert ( - 'href="/portfolios/{}/members/new"'.format(portfolio.id).encode() - not in response.data - ) - - -def test_permissions_for_view_member(client, user_session): - user = UserFactory.create() - portfolio = PortfolioFactory.create() - Portfolios._create_portfolio_role(user, portfolio) - member = PortfolioRoles.add(user, portfolio.id) - user_session(user) - response = client.get( - url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id) - ) - assert response.status_code == 404 - - def test_create_member(client, user_session): user = UserFactory.create() portfolio = PortfolioFactory.create() @@ -110,221 +51,3 @@ def test_create_member(client, user_session): assert len(queue.get_queue()) == queue_length + 1 portfolio_role = user.portfolio_roles[0] assert len(portfolio_role.permission_sets) == 5 - - -@pytest.mark.skip(reason="permission set display not implemented") -def test_view_member_shows_role(client, user_session): - user = UserFactory.create() - portfolio = PortfolioFactory.create() - Portfolios._create_portfolio_role(user, portfolio) - member = PortfolioRoles.add(user, portfolio.id) - user_session(portfolio.owner) - response = client.get( - url_for("portfolios.view_member", portfolio_id=portfolio.id, member_id=user.id) - ) - assert response.status_code == 200 - assert "initial-choice='developer'".encode() in response.data - - -def test_update_member_portfolio_role(client, user_session): - portfolio = PortfolioFactory.create() - user = UserFactory.create() - member = PortfolioRoles.add(user, portfolio.id) - user_session(portfolio.owner) - response = client.post( - url_for( - "portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id - ), - data={ - **_DEFAULT_PERMS_FORM_DATA, - "perms_funding": PermissionSets.EDIT_PORTFOLIO_FUNDING, - }, - follow_redirects=True, - ) - assert response.status_code == 200 - edit_funding = PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_FUNDING) - assert edit_funding in member.permission_sets - - -def test_update_member_portfolio_role_with_no_data(client, user_session): - portfolio = PortfolioFactory.create() - user = UserFactory.create() - member = PortfolioRoles.add(user, portfolio.id) - user_session(portfolio.owner) - original_perms_len = len(member.permission_sets) - response = client.post( - url_for( - "portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id - ), - data={}, - follow_redirects=True, - ) - assert response.status_code == 200 - assert len(member.permission_sets) == original_perms_len - - -def test_update_member_environment_role(client, user_session): - portfolio = PortfolioFactory.create() - user = UserFactory.create() - member = PortfolioRoles.add(user, portfolio.id) - application = Applications.create( - portfolio, - "Snazzy Application", - "A new application for me and my friends", - {"env1", "env2"}, - ) - env1_id = application.environments[0].id - env2_id = application.environments[1].id - for env in application.environments: - Environments.add_member(env, user, "developer") - user_session(portfolio.owner) - response = client.post( - url_for( - "portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id - ), - data={ - "env_" + str(env1_id): "security_auditor", - "env_" + str(env2_id): "devops", - **_DEFAULT_PERMS_FORM_DATA, - }, - follow_redirects=True, - ) - assert response.status_code == 200 - assert b"role updated successfully" not in response.data - assert b"access successfully changed" in response.data - assert EnvironmentRoles.get(user.id, env1_id).role == "security_auditor" - assert EnvironmentRoles.get(user.id, env2_id).role == "devops" - - -def test_update_member_environment_role_with_no_data(client, user_session): - portfolio = PortfolioFactory.create() - user = UserFactory.create() - member = PortfolioRoles.add(user, portfolio.id) - application = Applications.create( - portfolio, - "Snazzy Application", - "A new application for me and my friends", - {"env1"}, - ) - env1_id = application.environments[0].id - for env in application.environments: - Environments.add_member(env, user, "developer") - user_session(portfolio.owner) - response = client.post( - url_for( - "portfolios.update_member", portfolio_id=portfolio.id, member_id=user.id - ), - data={"env_" + str(env1_id): None, "env_" + str(env1_id): ""}, - follow_redirects=True, - ) - assert response.status_code == 200 - assert b"access successfully changed" not in response.data - assert EnvironmentRoles.get(user.id, env1_id).role == "developer" - - -def test_revoke_active_member_access(client, user_session): - portfolio = PortfolioFactory.create() - user = UserFactory.create() - member = PortfolioRoleFactory.create( - portfolio=portfolio, user=user, status=PortfolioRoleStatus.ACTIVE - ) - Applications.create( - portfolio, - "Snazzy Application", - "A new application for me and my friends", - {"env1"}, - ) - user_session(portfolio.owner) - response = client.post( - url_for( - "portfolios.revoke_access", portfolio_id=portfolio.id, member_id=member.id - ) - ) - assert response.status_code == 302 - assert PortfolioRoles.get_by_id(member.id).num_environment_roles == 0 - - -def test_does_not_show_any_buttons_if_owner(client, user_session): - portfolio = PortfolioFactory.create() - user_session(portfolio.owner) - response = client.get( - url_for( - "portfolios.view_member", - portfolio_id=portfolio.id, - member_id=portfolio.owner.id, - ) - ) - assert "Remove Portfolio Access" not in response.data.decode() - assert "Resend Invitation" not in response.data.decode() - assert "Revoke Invitation" not in response.data.decode() - - -def test_only_shows_revoke_access_button_if_active(client, user_session): - portfolio, member = create_portfolio_and_invite_user( - ws_status=PortfolioRoleStatus.ACTIVE, invite_status=InvitationStatus.ACCEPTED - ) - user_session(portfolio.owner) - response = client.get( - url_for( - "portfolios.view_member", - portfolio_id=portfolio.id, - member_id=member.user.id, - ) - ) - assert response.status_code == 200 - assert "Remove Portfolio Access" in response.data.decode() - assert "Revoke Invitation" not in response.data.decode() - assert "Resend Invitation" not in response.data.decode() - - -def test_only_shows_revoke_invite_button_if_pending(client, user_session): - portfolio, member = create_portfolio_and_invite_user( - ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.PENDING - ) - user_session(portfolio.owner) - # member = next((memb for memb in portfolio.members if memb != portfolio.owner), None) - response = client.get( - url_for( - "portfolios.view_member", - portfolio_id=portfolio.id, - member_id=member.user.id, - ) - ) - assert "Revoke Invitation" in response.data.decode() - assert "Remove Portfolio Access" not in response.data.decode() - assert "Resend Invitation" not in response.data.decode() - - -def test_only_shows_resend_button_if_expired(client, user_session): - portfolio, member = create_portfolio_and_invite_user( - ws_status=PortfolioRoleStatus.PENDING, - invite_status=InvitationStatus.REJECTED_EXPIRED, - ) - user_session(portfolio.owner) - response = client.get( - url_for( - "portfolios.view_member", - portfolio_id=portfolio.id, - member_id=member.user.id, - ) - ) - assert "Resend Invitation" in response.data.decode() - assert "Revoke Invitation" not in response.data.decode() - assert "Remove Portfolio Access" not in response.data.decode() - - -def test_only_shows_resend_button_if_revoked(client, user_session): - portfolio, member = create_portfolio_and_invite_user( - ws_status=PortfolioRoleStatus.PENDING, invite_status=InvitationStatus.REVOKED - ) - user_session(portfolio.owner) - response = client.get( - url_for( - "portfolios.view_member", - portfolio_id=portfolio.id, - member_id=member.user.id, - ) - ) - assert "Resend Invitation" in response.data.decode() - assert "Remove Portfolio Access" not in response.data.decode() - assert "Revoke Invitation" not in response.data.decode() diff --git a/tests/test_access.py b/tests/test_access.py index 9dcf042d..23346910 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -154,30 +154,6 @@ def test_portfolios_access_environment_access(get_url_assert_status): get_url_assert_status(ccpo, url, 404) -# portfolios.application_members -def test_portfolios_application_members_access(get_url_assert_status): - ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_APPLICATION_MANAGEMENT) - owner = user_with() - app_dev = user_with() - rando = user_with() - portfolio = PortfolioFactory.create( - owner=owner, - applications=[{"name": "Mos Eisley", "description": "Where Han shot first"}], - ) - app = portfolio.applications[0] - ApplicationRoleFactory.create(application=app, user=app_dev) - - url = url_for( - "portfolios.application_members", - portfolio_id=portfolio.id, - application_id=app.id, - ) - get_url_assert_status(ccpo, url, 200) - get_url_assert_status(owner, url, 200) - get_url_assert_status(app_dev, url, 200) - get_url_assert_status(rando, url, 404) - - # portfolios.create_application def test_portfolios_create_application_access(post_url_assert_status): ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT) @@ -199,8 +175,8 @@ def test_portfolios_create_member_access(post_url_assert_status): portfolio = PortfolioFactory.create(owner=owner) url = url_for("portfolios.create_member", portfolio_id=portfolio.id) - post_url_assert_status(ccpo, url, 200) - post_url_assert_status(owner, url, 200) + post_url_assert_status(ccpo, url, 302) + post_url_assert_status(owner, url, 302) post_url_assert_status(rando, url, 404) @@ -327,19 +303,6 @@ def test_portfolios_new_application_access(get_url_assert_status): get_url_assert_status(rando, url, 404) -# portfolios.new_member -def test_portfolios_new_member_access(get_url_assert_status): - ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN) - owner = user_with() - rando = user_with() - portfolio = PortfolioFactory.create(owner=owner) - - url = url_for("portfolios.new_member", portfolio_id=portfolio.id) - get_url_assert_status(ccpo, url, 200) - get_url_assert_status(owner, url, 200) - get_url_assert_status(rando, url, 404) - - # portfolios.portfolio_admin def test_portfolios_portfolio_admin_access(get_url_assert_status): ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_ADMIN) @@ -379,19 +342,6 @@ def test_portfolios_portfolio_funding_access(get_url_assert_status): get_url_assert_status(rando, url, 404) -# portfolios.portfolio_members -def test_portfolios_portfolio_members_access(get_url_assert_status): - ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_ADMIN) - owner = user_with() - rando = user_with() - portfolio = PortfolioFactory.create(owner=owner) - - url = url_for("portfolios.portfolio_members", portfolio_id=portfolio.id) - get_url_assert_status(ccpo, url, 200) - get_url_assert_status(owner, url, 200) - get_url_assert_status(rando, url, 404) - - # portfolios.portfolio_reports def test_portfolios_portfolio_reports_access(get_url_assert_status): ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_REPORTS) @@ -449,25 +399,6 @@ def test_portfolios_resend_invite_access(post_url_assert_status): post_url_assert_status(rando, url, 404) -# portfolios.revoke_access -def test_portfolios_revoke_access_access(post_url_assert_status): - ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN) - owner = user_with() - rando = user_with() - - portfolio = PortfolioFactory.create(owner=owner) - - for user, status in [(ccpo, 302), (owner, 302), (rando, 404)]: - prt_member = user_with() - prr = PortfolioRoleFactory.create( - user=prt_member, portfolio=portfolio, status=PortfolioRoleStatus.ACTIVE - ) - url = url_for( - "portfolios.revoke_access", portfolio_id=portfolio.id, member_id=prr.id - ) - post_url_assert_status(user, url, status) - - # portfolios.revoke_invitation def test_portfolios_revoke_invitation_access(post_url_assert_status): ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN) @@ -605,42 +536,6 @@ def test_portfolios_update_application_access(post_url_assert_status): post_url_assert_status(rando, url, 404) -# portfolios.update_member -def test_portfolios_update_member_access(post_url_assert_status): - ccpo = user_with(PermissionSets.EDIT_PORTFOLIO_ADMIN) - owner = user_with() - rando = user_with() - prt_member = user_with() - - portfolio = PortfolioFactory.create(owner=owner) - PortfolioRoleFactory.create(user=prt_member, portfolio=portfolio) - - url = url_for( - "portfolios.update_member", portfolio_id=portfolio.id, member_id=prt_member.id - ) - post_url_assert_status(owner, url, 200) - post_url_assert_status(ccpo, url, 200) - post_url_assert_status(rando, url, 404) - - -# portfolios.view_member -def test_portfolios_view_member_access(get_url_assert_status): - ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_ADMIN) - owner = user_with() - rando = user_with() - prt_member = user_with() - - portfolio = PortfolioFactory.create(owner=owner) - PortfolioRoleFactory.create(user=prt_member, portfolio=portfolio) - - url = url_for( - "portfolios.view_member", portfolio_id=portfolio.id, member_id=prt_member.id - ) - get_url_assert_status(owner, url, 200) - get_url_assert_status(ccpo, url, 200) - get_url_assert_status(rando, url, 404) - - # portfolios.view_task_order def test_portfolios_view_task_order_access(get_url_assert_status): ccpo = user_with(PermissionSets.VIEW_PORTFOLIO_FUNDING)