cloud-api/test/test_auth_general.py

""" """

import pytest
from httpx import AsyncClient


pytestmark = [
    pytest.mark.auth,
]


@pytest.mark.anyio
async def test_get_org_auth_root_su(default_client: AsyncClient):
    # If a super admin can access a resource when not the root user
    resp = await default_client.get("/org?org_id=2")
    assert resp.status_code != 422
    assert resp.status_code == 200
    assert resp.json()["organisations"][0]["name"] == "Org Two"


# Standardised tests verify if each endpoint has been assigned the correct auth level.
# Sample tests here verify that each auth level works.


@pytest.mark.anyio
async def test_get_org_auth_root(no_su_client: AsyncClient):
    # Sample test. Checks if a non-root user gets blocked on a root endpoint.
    resp = await no_su_client.get("/org?org_id=2")
    assert resp.status_code != 422
    assert resp.status_code == 403
    assert "Must be the org's root user" in resp.json()["detail"]


@pytest.mark.anyio
async def test_get_user_auth_su(no_su_client: AsyncClient):
    # Sample test. Checks if a non-su user gets blocked on a su endpoint.
    resp = await no_su_client.get("/user?user_id=1")
    assert resp.status_code != 422
    assert resp.status_code == 403
    assert resp.json()["detail"] == "Must be super admin"


@pytest.mark.anyio
async def test_get_self_db_auth_user(no_user_client: AsyncClient):
    # Sample test. Checks if a non-user gets blocked on a user endpoint.
    resp = await no_user_client.get("/user/self/db")
    assert resp.status_code != 422
    assert resp.status_code == 401
    assert resp.json()["detail"] == "Not authenticated"
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`""" """`

tests: improved coverage 2026-06-05 09:10:55 +01:00			`import pytest`
			`from httpx import AsyncClient`


tests: pytest module markers 2026-06-09 13:58:08 +01:00			`pytestmark = [`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`pytest.mark.auth,`
tests: pytest module markers 2026-06-09 13:58:08 +01:00			`]`


tests: improved coverage 2026-06-05 09:10:55 +01:00			`@pytest.mark.anyio`
tests: remove db modifications from individual tests All db seeding now down in conftest 2026-06-12 11:29:42 +01:00			`async def test_get_org_auth_root_su(default_client: AsyncClient):`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`# If a super admin can access a resource when not the root user`
			`resp = await default_client.get("/org?org_id=2")`
			`assert resp.status_code != 422`
			`assert resp.status_code == 200`
			`assert resp.json()["organisations"][0]["name"] == "Org Two"`
tests: simplified auth tests 2026-06-24 16:02:48 +01:00

			`# Standardised tests verify if each endpoint has been assigned the correct auth level.`
			`# Sample tests here verify that each auth level works.`


			`@pytest.mark.anyio`
			`async def test_get_org_auth_root(no_su_client: AsyncClient):`
			`# Sample test. Checks if a non-root user gets blocked on a root endpoint.`
			`resp = await no_su_client.get("/org?org_id=2")`
			`assert resp.status_code != 422`
			`assert resp.status_code == 403`
			`assert "Must be the org's root user" in resp.json()["detail"]`


			`@pytest.mark.anyio`
			`async def test_get_user_auth_su(no_su_client: AsyncClient):`
			`# Sample test. Checks if a non-su user gets blocked on a su endpoint.`
			`resp = await no_su_client.get("/user?user_id=1")`
			`assert resp.status_code != 422`
			`assert resp.status_code == 403`
			`assert resp.json()["detail"] == "Must be super admin"`


			`@pytest.mark.anyio`
			`async def test_get_self_db_auth_user(no_user_client: AsyncClient):`
			`# Sample test. Checks if a non-user gets blocked on a user endpoint.`
			`resp = await no_user_client.get("/user/self/db")`
			`assert resp.status_code != 422`
			`assert resp.status_code == 401`
			`assert resp.json()["detail"] == "Not authenticated"`