Remove portfolio permissions when role is disabled

2019-04-01 10:44:53 -04:00 · 2019-04-01 10:44:53 -04:00 · dee14b98be
commit dee14b98be
parent 358b00a6e2
3 changed files with 14 additions and 2 deletions
--- a/atst/domain/authz/init.py
+++ b/atst/domain/authz/init.py
@ -1,6 +1,8 @@
 from atst.utils import first_or_none
 from atst.models.permissions import Permissions
 from atst.domain.exceptions import UnauthorizedError
+from atst.domain.portfolio_roles import PortfolioRoles
+from atst.models.portfolio_role import Status as PortfolioRoleStatus


 class Authorization(object):
@ -9,7 +11,7 @@ class Authorization(object):
        port_role = first_or_none(
            lambda pr: pr.portfolio == portfolio, user.portfolio_roles
        )
-        if port_role:
+        if port_role and port_role.status is not PortfolioRoleStatus.DISABLED:
            return permission in port_role.permissions
        else:
            return False
--- a/tests/domain/test_authz.py
+++ b/tests/domain/test_authz.py
@ -11,6 +11,7 @@ from atst.domain.authz.decorator import user_can_access_decorator
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.exceptions import UnauthorizedError
 from atst.models.permissions import Permissions
+from atst.domain.portfolio_roles import PortfolioRoles

 from tests.utils import FakeLogger

@ -101,6 +102,14 @@ def test_user_can_access():
            view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
        )

+    # check when portfolio_role is disabled
+    view_admin_pr = PortfolioRoles.get(portfolio_id=portfolio.id, user_id=view_admin.id)
+    PortfolioRoles.disable(portfolio_role=view_admin_pr)
+    with pytest.raises(UnauthorizedError):
+        user_can_access(
+            view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
+        )
+

@pytest.fixture
 def set_current_user(request_ctx):
--- a/tests/routes/portfolios/test_portfolios_index.py
+++ b/tests/routes/portfolios/test_portfolios_index.py
@ -2,7 +2,8 @@ from flask import url_for

 from atst.domain.permission_sets import PermissionSets
 from atst.models.permissions import Permissions
-from atst.domain.portfolio_roles import PortfolioRoles, Status as PortfolioRoleStatus
+from atst.domain.portfolio_roles import PortfolioRoles
+from atst.models.portfolio_role import Status as PortfolioRoleStatus

 from tests.factories import (
    random_future_date,