def test_has_portfolio_role_history(session):
owner = UserFactory.create()
user = UserFactory.create()
portfolio = PortfolioFactory.create(owner=owner)
# in order to get the history, we don't want the PortfolioRoleFactory
# to commit after create()
# PortfolioRoleFactory._meta.sqlalchemy_session_persistence = "flush"
portfolio_role = PortfolioRoleFactory.create(
portfolio=portfolio, user=user, permission_sets=[]
)
PortfolioRoles.update(
portfolio_role, PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
)
changed_event = (
session.query(AuditEvent)
.filter(
AuditEvent.resource_id == portfolio_role.id, AuditEvent.action == "update"
)
.one()
)
old_state, new_state = changed_event.changed_state["permission_sets"]
assert old_state == []
assert set(new_state) == PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
def edit_members(portfolio_id):
portfolio = Portfolios.get_for_update(portfolio_id)
member_perms_form = member_forms.MembersPermissionsForm(http_request.form)
if member_perms_form.validate():
for subform in member_perms_form.members_permissions:
member_id = subform.member_id.data
member = PortfolioRoles.get_by_id(member_id)
if member is not portfolio.owner_role:
new_perm_set = subform.data["permission_sets"]
PortfolioRoles.update(member, new_perm_set)
flash("update_portfolio_members", portfolio=portfolio)
return redirect(
url_for(
"portfolios.admin",
portfolio_id=portfolio_id,
fragment="portfolio-members",
_anchor="portfolio-members",
)
)
else:
return render_admin_page(portfolio)
def update_member(cls, member, permission_sets):
return PortfolioRoles.update(member, permission_sets)