sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

tests: super admin auth tests

Browse source
This commit is contained in:
Chris Milne 2026-06-03 14:36:15 +01:00
parent 1b54918bb4
commit 3460cd76a5
Notes: Chris Milne 2026-06-03 13:38:41 +00:00 
Issue: #18
3 changed files with 91 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

62
test/test_auth_su.py Normal file
View file

@ -0,0 +1,62 @@
"""
This module ensures super admin only endpoints do return a correctly formatted 401 when user is not a super admin
DELETE endpoints are not tested
"""
import pytest
from httpx import AsyncClient
from src.organisation.models import OrgUsers
from src.user.models import User
@pytest.mark.anyio
async def test_get_user_auth_su(no_su_client: AsyncClient):
resp = await no_su_client.get("/user/?user_id=1")
assert resp.status_code != 422
assert resp.status_code == 401
assert resp.json()["detail"] == "Must be super admin"
@pytest.mark.anyio
async def test_patch_org_status_auth_su(no_su_client: AsyncClient):
resp = await no_su_client.patch("/org/status", json={"organisation_id": 1, "status": "submitted"})
assert resp.status_code != 422
assert resp.status_code == 401
assert resp.json()["detail"] == "Must be super admin"
@pytest.mark.anyio
async def test_patch_org_root_user_auth_su(no_su_client: AsyncClient, db_session):
db_session.add(User(email="user@test.org", first_name="User", last_name="Test", oidc_id="abcd-efgh-ijkl-1234"))
db_session.flush()
db_session.add(OrgUsers(org_id=1, user_id=2))
db_session.flush()
resp = await no_su_client.patch("/org/root_user", json={"organisation_id": 1, "user_id": 2})
assert resp.status_code != 422
assert resp.status_code == 401
assert resp.json()["detail"] == "Must be super admin"
@pytest.mark.anyio
async def test_patch_service_key_auth_su(no_su_client: AsyncClient):
resp = await no_su_client.patch("/service/key", json={"service_id": 1})
assert resp.status_code != 422
assert resp.status_code == 401
assert resp.json()["detail"] == "Must be super admin"
@pytest.mark.anyio
async def test_post_service_auth_su(no_su_client: AsyncClient):
resp = await no_su_client.post("/service/", json={"name": "New Test Service"})
assert resp.status_code != 422
assert resp.status_code == 401
assert resp.json()["detail"] == "Must be super admin"
@pytest.mark.anyio
async def test_post_perm_success(no_su_client: AsyncClient, db_session):
resp = await no_su_client.post("/iam/permission", json={"service_id": 1, "resource": "test_resource", "action": "create"})
assert resp.status_code != 422
assert resp.status_code == 401
assert resp.json()["detail"] == "Must be super admin"