Remove portfolio permissions when role is disabled

2019-04-01 10:44:53 -04:00
parent 358b00a6e2
commit dee14b98be
3 changed files with 14 additions and 2 deletions
--- a/atst/domain/authz/init.py
+++ b/atst/domain/authz/init.py
@@ -1,6 +1,8 @@
 from atst.utils import first_or_none
 from atst.models.permissions import Permissions
 from atst.domain.exceptions import UnauthorizedError
+from atst.domain.portfolio_roles import PortfolioRoles
+from atst.models.portfolio_role import Status as PortfolioRoleStatus


 class Authorization(object):
@@ -9,7 +11,7 @@ class Authorization(object):
        port_role = first_or_none(
            lambda pr: pr.portfolio == portfolio, user.portfolio_roles
        )
-        if port_role:
+        if port_role and port_role.status is not PortfolioRoleStatus.DISABLED:
            return permission in port_role.permissions
        else:
            return False