diff --git a/tests/routes/test_workspaces.py b/tests/routes/test_workspaces.py index beacb529..3b4b18c0 100644 --- a/tests/routes/test_workspaces.py +++ b/tests/routes/test_workspaces.py @@ -115,6 +115,53 @@ def test_view_edit_project(client, user_session): assert response.status_code == 200 +def test_user_with_permission_can_update_project(client, user_session): + owner = UserFactory.create() + workspace = WorkspaceFactory.create() + Workspaces._create_workspace_role(owner, workspace, "admin") + project = Projects.create( + owner, workspace, "Awesome Project", "It's really awesome!", {"dev", "prod"} + ) + user_session(owner) + response = client.post( + url_for( + "workspaces.update_project", + workspace_id=workspace.id, + project_id=project.id, + ), + data={"name": "Really Cool Project", "description": "A very cool project."}, + follow_redirects=True, + ) + + assert response.status_code == 200 + assert project.name == "Really Cool Project" + assert project.description == "A very cool project." + + +def test_user_without_permission_cannot_update_project(client, user_session): + dev = UserFactory.create() + owner = UserFactory.create() + workspace = WorkspaceFactory.create() + Workspaces._create_workspace_role(dev, workspace, "developer") + project = Projects.create( + owner, workspace, "Great Project", "Cool stuff happening here!", {"dev", "prod"} + ) + user_session(dev) + response = client.post( + url_for( + "workspaces.update_project", + workspace_id=workspace.id, + project_id=project.id, + ), + data={"name": "New Name", "description": "A new description."}, + follow_redirects=True, + ) + + assert response.status_code == 404 + assert project.name == "Great Project" + assert project.description == "Cool stuff happening here!" + + def test_create_member(client, user_session): owner = UserFactory.create() user = UserFactory.create()