pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove portfolio permissions when role is disabled

Browse Source
This commit is contained in:
George Drummond 2019-04-01 10:44:53 -04:00
parent 358b00a6e2
commit dee14b98be
No known key found for this signature in database
GPG Key ID: 296DD6077123BF17
3 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
atst/domain/authz/__init__.py
View File

@ -1,6 +1,8 @@
from atst.utils import first_or_none from atst.utils import first_or_none
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
from atst.domain.exceptions import UnauthorizedError from atst.domain.exceptions import UnauthorizedError
from atst.domain.portfolio_roles import PortfolioRoles
from atst.models.portfolio_role import Status as PortfolioRoleStatus
class Authorization(object): class Authorization(object):
@ -9,7 +11,7 @@ class Authorization(object):
port_role = first_or_none( port_role = first_or_none(
lambda pr: pr.portfolio == portfolio, user.portfolio_roles lambda pr: pr.portfolio == portfolio, user.portfolio_roles
) )
if port_role: if port_role and port_role.status is not PortfolioRoleStatus.DISABLED:
return permission in port_role.permissions return permission in port_role.permissions
else: else:
return False return False

9
tests/domain/test_authz.py
View File

@ -11,6 +11,7 @@ from atst.domain.authz.decorator import user_can_access_decorator
from atst.domain.permission_sets import PermissionSets from atst.domain.permission_sets import PermissionSets
from atst.domain.exceptions import UnauthorizedError from atst.domain.exceptions import UnauthorizedError
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
from atst.domain.portfolio_roles import PortfolioRoles
from tests.utils import FakeLogger from tests.utils import FakeLogger
@ -101,6 +102,14 @@ def test_user_can_access():
view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
) )
# check when portfolio_role is disabled
view_admin_pr = PortfolioRoles.get(portfolio_id=portfolio.id, user_id=view_admin.id)
PortfolioRoles.disable(portfolio_role=view_admin_pr)
with pytest.raises(UnauthorizedError):
user_can_access(
view_admin, Permissions.EDIT_PORTFOLIO_NAME, portfolio=portfolio
)
@pytest.fixture @pytest.fixture
def set_current_user(request_ctx): def set_current_user(request_ctx):

3
tests/routes/portfolios/test_portfolios_index.py
View File

@ -2,7 +2,8 @@ from flask import url_for
from atst.domain.permission_sets import PermissionSets from atst.domain.permission_sets import PermissionSets
from atst.models.permissions import Permissions from atst.models.permissions import Permissions
from atst.domain.portfolio_roles import PortfolioRoles, Status as PortfolioRoleStatus from atst.domain.portfolio_roles import PortfolioRoles
from atst.models.portfolio_role import Status as PortfolioRoleStatus
from tests.factories import ( from tests.factories import (
random_future_date, random_future_date,