Update route function to revoke CCPO superuser status

2019-08-08 14:09:10 -04:00 · 2019-08-08 14:09:10 -04:00 · e35399d8f5
commit e35399d8f5
parent 54239a520e
4 changed files with 29 additions and 3 deletions
--- a/atst/routes/ccpo.py
+++ b/atst/routes/ccpo.py
@ -62,6 +62,6 @@ def confirm_new_user():
@user_can(Permissions.DELETE_CCPO_USER, message="remove ccpo user")
 def remove_access(user_id):
    user = Users.get(user_id)
-    # update user to remove perms
-    # flash alert to confirm removing ccpo perms
+    Users.revoke_ccpo_perms(user)
+    flash("ccpo_user_removed", user_name=user.full_name)
    return redirect(url_for("ccpo.users"))
--- a/atst/utils/flash.py
+++ b/atst/utils/flash.py
@ -40,6 +40,11 @@ MESSAGES = {
        "message_template": translate("ccpo.form.user_not_found_text"),
        "category": "info",
    },
+    "ccpo_user_removed": {
+        "title_template": translate("flash.success"),
+        "message_template": "You have successfully removed {{ user_name }}'s CCPO permissions.",
+        "category": "success",
+    },
    "environment_added": {
        "title_template": translate("flash.success"),
        "message_template": """
--- a/tests/routes/test_ccpo.py
+++ b/tests/routes/test_ccpo.py
@ -1,5 +1,6 @@
 from flask import url_for

+from atst.domain.users import Users
 from atst.utils.localization import translate

 from tests.factories import UserFactory
@ -45,10 +46,19 @@ def test_confirm_new_user(user_session, client):
    )
    assert new_user.dod_id in response.data.decode()

-    # give person with out ATAT account CCPO permissions
+    # give person without ATAT account CCPO permissions
    response = client.post(
        url_for("ccpo.confirm_new_user"),
        data={"dod_id": random_dod_id},
        follow_redirects=True,
    )
    assert random_dod_id not in response.data.decode()
+
+
+def test_remove_access(user_session, client):
+    ccpo = UserFactory.create_ccpo()
+    user = UserFactory.create_ccpo()
+    user_session(ccpo)
+
+    response = client.post(url_for("ccpo.remove_access", user_id=user.id))
+    assert user not in Users.get_ccpo_users()
--- a/tests/test_access.py
+++ b/tests/test_access.py
@ -161,6 +161,17 @@ def test_ccpo_confirm_new_user_access(post_url_assert_status):
    post_url_assert_status(rando, url, 404, data={"dod_id": user.dod_id})


+# ccpo.remove_access
+def test_ccpo_remove_access(post_url_assert_status):
+    ccpo = user_with(PermissionSets.MANAGE_CCPO_USERS)
+    rando = user_with()
+    user = UserFactory.create_ccpo()
+
+    url = url_for("ccpo.remove_access", user_id=user.id)
+    post_url_assert_status(rando, url, 404)
+    post_url_assert_status(ccpo, url, 302)
+
+
 # applications.access_environment
 def test_applications_access_environment_access(get_url_assert_status):
    dev = UserFactory.create()