def test_disable_portfolio_role():
portfolio_role = PortfolioRoleFactory.create(
status=PortfolioRoleStatus.ACTIVE)
assert portfolio_role.status == PortfolioRoleStatus.ACTIVE
PortfolioRoles.disable(portfolio_role=portfolio_role)
assert portfolio_role.status == PortfolioRoleStatus.DISABLED
def remove_member(portfolio_id, portfolio_role_id):
portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id)
if g.current_user.id == portfolio_role.user_id:
raise UnauthorizedError(g.current_user,
"you cant remove yourself from the portfolio")
portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id)
if portfolio_role.user_id == portfolio.owner.id:
raise UnauthorizedError(
g.current_user,
"you can't delete the portfolios PPoC from the portfolio")
if (portfolio_role.latest_invitation
and portfolio_role.status == PortfolioRoleStatus.PENDING):
PortfolioInvitations.revoke(portfolio_role.latest_invitation.token)
else:
PortfolioRoles.disable(portfolio_role=portfolio_role)
flash("portfolio_member_removed", member_name=portfolio_role.full_name)
return redirect(
url_for(
"portfolios.admin",
portfolio_id=portfolio_id,
_anchor="portfolio-members",
fragment="portfolio-members",
))
def remove_member(portfolio_id, portfolio_role_id):
portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id)
if g.current_user.id == portfolio_role.user_id:
raise UnauthorizedError(
g.current_user, "you cant remove yourself from the portfolio"
)
portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id)
if portfolio_role.user_id == portfolio.owner.id:
raise UnauthorizedError(
g.current_user, "you can't delete the portfolios PPoC from the portfolio"
)
# TODO: should this cascade and disable any application and environment
# roles they might have?
PortfolioRoles.disable(portfolio_role=portfolio_role)
flash("portfolio_member_removed", member_name=portfolio_role.full_name)
return redirect(
url_for(
"portfolios.admin",
portfolio_id=portfolio_id,
_anchor="portfolio-members",
fragment="portfolio-members",
)
)
def delete(cls, portfolio):
if len(portfolio.applications) != 0:
raise PortfolioDeletionApplicationsExistError()
for portfolio_role in portfolio.roles:
PortfolioRoles.disable(portfolio_role=portfolio_role, commit=False)
portfolio.deleted = True
db.session.add(portfolio)
db.session.commit()
return portfolio
def test_user_can_access():
ccpo = UserFactory.create_ccpo()
edit_admin = UserFactory.create()
view_admin = UserFactory.create()
portfolio = PortfolioFactory.create(owner=edit_admin)
# factory gives view perms by default
view_admin_pr = PortfolioRoleFactory.create(user=view_admin,
portfolio=portfolio)
# check a site-wide permission
assert user_can_access(ccpo, Permissions.VIEW_AUDIT_LOG)
with pytest.raises(UnauthorizedError):
user_can_access(edit_admin, Permissions.VIEW_AUDIT_LOG)
with pytest.raises(UnauthorizedError):
user_can_access(view_admin, Permissions.VIEW_AUDIT_LOG)
# check a portfolio view permission
assert user_can_access(ccpo,
Permissions.VIEW_PORTFOLIO,
portfolio=portfolio)
assert user_can_access(edit_admin,
Permissions.VIEW_PORTFOLIO,
portfolio=portfolio)
assert user_can_access(view_admin,
Permissions.VIEW_PORTFOLIO,
portfolio=portfolio)
# check a portfolio edit permission
assert user_can_access(ccpo,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
assert user_can_access(edit_admin,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
with pytest.raises(UnauthorizedError):
user_can_access(view_admin,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)
# check when portfolio_role is disabled
PortfolioRoles.disable(portfolio_role=view_admin_pr)
with pytest.raises(UnauthorizedError):
user_can_access(view_admin,
Permissions.EDIT_PORTFOLIO_NAME,
portfolio=portfolio)