def test_has_permission_set():
perm_sets = PermissionSets.get_many(
[PermissionSets.VIEW_PORTFOLIO_FUNDING, PermissionSets.VIEW_PORTFOLIO_REPORTS]
)
port_role = PortfolioRoleFactory.create(permission_sets=perm_sets)
assert port_role.has_permission_set(PermissionSets.VIEW_PORTFOLIO_REPORTS)
def test_applications_delete_access(post_url_assert_status, monkeypatch):
ccpo = UserFactory.create_ccpo()
owner = user_with()
app_admin = user_with()
rando = user_with()
portfolio = PortfolioFactory.create(
owner=owner, applications=[{"name": "mos eisley"}]
)
application = portfolio.applications[0]
ApplicationRoleFactory.create(
user=app_admin,
application=application,
permission_sets=PermissionSets.get_many(
[
PermissionSets.VIEW_APPLICATION,
PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
PermissionSets.EDIT_APPLICATION_TEAM,
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
]
),
)
monkeypatch.setattr("atst.domain.applications.Applications.delete", lambda *a: True)
url = url_for("applications.delete", application_id=application.id)
post_url_assert_status(app_admin, url, 404)
post_url_assert_status(rando, url, 404)
post_url_assert_status(owner, url, 302)
post_url_assert_status(ccpo, url, 302)
def test_does_not_have_permission_set():
perm_sets = PermissionSets.get_many([
PermissionSets.VIEW_PORTFOLIO_FUNDING,
PermissionSets.VIEW_PORTFOLIO_REPORTS
])
port_role = PortfolioRoleFactory.create(permission_sets=perm_sets)
assert not port_role.has_permission_set(
PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)
def test_get_many():
perms_sets = PermissionSets.get_many([
PermissionSets.VIEW_PORTFOLIO_FUNDING,
PermissionSets.EDIT_PORTFOLIO_FUNDING
])
assert len(perms_sets) == 2
assert first_or_none(
lambda p: p.name == PermissionSets.VIEW_PORTFOLIO_FUNDING, perms_sets)
assert first_or_none(
lambda p: p.name == PermissionSets.EDIT_PORTFOLIO_FUNDING, perms_sets)
def create(cls, user, portfolio_attrs):
portfolio = PortfoliosQuery.create(**portfolio_attrs)
perms_sets = PermissionSets.get_many(
PortfolioRoles.PORTFOLIO_PERMISSION_SETS)
Portfolios._create_portfolio_role(
user,
portfolio,
status=PortfolioRoleStatus.ACTIVE,
permission_sets=perms_sets,
)
PortfoliosQuery.add_and_commit(portfolio)
return portfolio
def test_portfolio_admin_screen_when_not_ppoc(client, user_session):
portfolio = PortfolioFactory.create()
user = UserFactory.create()
permission_sets = PermissionSets.get_many(
[PermissionSets.EDIT_PORTFOLIO_ADMIN, PermissionSets.VIEW_PORTFOLIO_ADMIN]
)
PortfolioRoleFactory.create(
portfolio=portfolio, user=user, permission_sets=permission_sets
)
user_session(user)
response = client.get(url_for("portfolios.admin", portfolio_id=portfolio.id))
assert response.status_code == 200
assert portfolio.name in response.data.decode()
assert translate("fragments.ppoc.update_btn").encode("utf8") not in response.data
def test_create_application_role():
application = ApplicationFactory.create()
user = UserFactory.create()
application_role = ApplicationRoles.create(
application=application,
user=user,
permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM],
)
assert application_role.permission_sets == PermissionSets.get_many([
PermissionSets.EDIT_APPLICATION_TEAM, PermissionSets.VIEW_APPLICATION
])
assert application_role.application == application
assert application_role.user == user
def test_update_member_permissions(client, user_session):
portfolio = PortfolioFactory.create()
rando = UserFactory.create()
rando_pf_role = PortfolioRoleFactory.create(
user=rando,
portfolio=portfolio,
permission_sets=[
PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_ADMIN)
],
)
user = UserFactory.create()
PortfolioRoleFactory.create(
user=user,
portfolio=portfolio,
permission_sets=PermissionSets.get_many([
PermissionSets.EDIT_PORTFOLIO_ADMIN,
PermissionSets.VIEW_PORTFOLIO_ADMIN
]),
)
user_session(user)
form_data = {
"members_permissions-0-member_id": rando_pf_role.id,
"members_permissions-0-perms_app_mgmt":
"edit_portfolio_application_management",
"members_permissions-0-perms_funding": "view_portfolio_funding",
"members_permissions-0-perms_reporting": "view_portfolio_reports",
"members_permissions-0-perms_portfolio_mgmt": "view_portfolio_admin",
}
response = client.post(
url_for("portfolios.edit_members", portfolio_id=portfolio.id),
data=form_data,
follow_redirects=True,
)
assert response.status_code == 200
assert rando_pf_role.has_permission_set(
PermissionSets.EDIT_PORTFOLIO_APPLICATION_MANAGEMENT)
def test_user_can_view(set_g):
owner = UserFactory.create()
app_user = UserFactory.create()
rando = UserFactory.create()
portfolio = PortfolioFactory.create(owner=owner)
application = ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(
user=app_user,
application=application,
permission_sets=PermissionSets.get_many([PermissionSets.VIEW_APPLICATION]),
)
set_g("portfolio", portfolio)
set_g("application", application)
set_g("current_user", owner)
assert user_can_view(Permissions.VIEW_APPLICATION)
set_g("current_user", app_user)
assert user_can_view(Permissions.VIEW_APPLICATION)
set_g("current_user", rando)
assert not user_can_view(Permissions.VIEW_APPLICATION)
def user_with(*perm_sets_names):
return UserFactory.create(permission_sets=PermissionSets.get_many(perm_sets_names))
def test_get_many_nonexistent():
with pytest.raises(NotFoundError):
PermissionSets.get_many(["nonexistent", "not real"])
def get_all_portfolio_permission_sets():
return PermissionSets.get_many(PortfolioRoles.PORTFOLIO_PERMISSION_SETS)