def test_has_portfolio_role_history(session): owner = UserFactory.create() user = UserFactory.create() portfolio = PortfolioFactory.create(owner=owner) # in order to get the history, we don't want the PortfolioRoleFactory # to commit after create() # PortfolioRoleFactory._meta.sqlalchemy_session_persistence = "flush" portfolio_role = PortfolioRoleFactory.create( portfolio=portfolio, user=user, permission_sets=[] ) PortfolioRoles.update( portfolio_role, PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS ) changed_event = ( session.query(AuditEvent) .filter( AuditEvent.resource_id == portfolio_role.id, AuditEvent.action == "update" ) .one() ) old_state, new_state = changed_event.changed_state["permission_sets"] assert old_state == [] assert set(new_state) == PortfolioRoles.DEFAULT_PORTFOLIO_PERMISSION_SETS
def edit_members(portfolio_id): portfolio = Portfolios.get_for_update(portfolio_id) member_perms_form = member_forms.MembersPermissionsForm(http_request.form) if member_perms_form.validate(): for subform in member_perms_form.members_permissions: member_id = subform.member_id.data member = PortfolioRoles.get_by_id(member_id) if member is not portfolio.owner_role: new_perm_set = subform.data["permission_sets"] PortfolioRoles.update(member, new_perm_set) flash("update_portfolio_members", portfolio=portfolio) return redirect( url_for( "portfolios.admin", portfolio_id=portfolio_id, fragment="portfolio-members", _anchor="portfolio-members", ) ) else: return render_admin_page(portfolio)
def update_member(cls, member, permission_sets): return PortfolioRoles.update(member, permission_sets)