Remove portfolio permissions when role is disabled

tests/domain/test_authz.py

@@ -11,6 +11,7 @@ from atst.domain.authz.decorator import user_can_access_decorator
 from atst.domain.permission_sets import PermissionSets
 from atst.domain.exceptions import UnauthorizedError
 from atst.models.permissions import Permissions
+from atst.domain.portfolio_roles import PortfolioRoles
 
 from tests.utils import FakeLogger
 
@@ -101,6 +102,14 @@ def test_user_can_access():
             view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
         )
 
+    # check when portfolio_role is disabled
+    view_admin_pr = PortfolioRoles.get(portfolio_id=portfolio.id, user_id=view_admin.id)
+    PortfolioRoles.disable(portfolio_role=view_admin_pr)
+    with pytest.raises(UnauthorizedError):
+        user_can_access(
+            view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
+        )
+
 
 @pytest.fixture
 def set_current_user(request_ctx):

tests/routes/portfolios/test_portfolios_index.py

@@ -2,7 +2,8 @@ from flask import url_for
 
 from atst.domain.permission_sets import PermissionSets
 from atst.models.permissions import Permissions
-from atst.domain.portfolio_roles import PortfolioRoles, Status as PortfolioRoleStatus
+from atst.domain.portfolio_roles import PortfolioRoles
+from atst.models.portfolio_role import Status as PortfolioRoleStatus
 
 from tests.factories import (
     random_future_date,