Merge pull request #804 from dod-ccpo/unassigned-ppoc

Unassigned ppoc

atst/routes/portfolios/admin.py

@@ -177,6 +177,12 @@ def remove_member(portfolio_id, user_id):
             g.current_user, "you cant remove yourself from the portfolio"
         )
 
+    portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id)
+    if user_id == str(portfolio.owner.id):
+        raise UnauthorizedError(
+            g.current_user, "you can't delete the portfolios PPoC from the portfolio"
+        )
+
     portfolio_role = PortfolioRoles.get(portfolio_id=portfolio_id, user_id=user_id)
     # TODO: should this cascade and disable any application and environment
     # roles they might have?

tests/routes/portfolios/test_admin.py

@@ -357,3 +357,31 @@ def test_remove_portfolio_member_self(client, user_session):
         PortfolioRoles.get(portfolio_id=portfolio.id, user_id=portfolio.owner.id).status
         == PortfolioRoleStatus.ACTIVE
     )
+
+
+def test_remove_portfolio_member_ppoc(client, user_session):
+    portfolio = PortfolioFactory.create()
+
+    user = UserFactory.create()
+    PortfolioRoleFactory.create(
+        portfolio=portfolio,
+        user=user,
+        permission_sets=[PermissionSets.get(PermissionSets.EDIT_PORTFOLIO_ADMIN)],
+    )
+
+    user_session(user)
+
+    response = client.post(
+        url_for(
+            "portfolios.remove_member",
+            portfolio_id=portfolio.id,
+            user_id=portfolio.owner.id,
+        ),
+        follow_redirects=False,
+    )
+
+    assert response.status_code == 404
+    assert (
+        PortfolioRoles.get(portfolio_id=portfolio.id, user_id=portfolio.owner.id).status
+        == PortfolioRoleStatus.ACTIVE
+    )