tests: simplified auth tests

test/test_auth_general.py

@@ -16,3 +16,34 @@ async def test_get_org_auth_root_su(default_client: AsyncClient):
     assert resp.status_code != 422
     assert resp.status_code == 200
     assert resp.json()["organisations"][0]["name"] == "Org Two"
+
+
+# Standardised tests verify if each endpoint has been assigned the correct auth level.
+# Sample tests here verify that each auth level works.
+
+
+@pytest.mark.anyio
+async def test_get_org_auth_root(no_su_client: AsyncClient):
+    # Sample test. Checks if a non-root user gets blocked on a root endpoint.
+    resp = await no_su_client.get("/org?org_id=2")
+    assert resp.status_code != 422
+    assert resp.status_code == 403
+    assert "Must be the org's root user" in resp.json()["detail"]
+
+
+@pytest.mark.anyio
+async def test_get_user_auth_su(no_su_client: AsyncClient):
+    # Sample test. Checks if a non-su user gets blocked on a su endpoint.
+    resp = await no_su_client.get("/user?user_id=1")
+    assert resp.status_code != 422
+    assert resp.status_code == 403
+    assert resp.json()["detail"] == "Must be super admin"
+
+
+@pytest.mark.anyio
+async def test_get_self_db_auth_user(no_user_client: AsyncClient):
+    # Sample test. Checks if a non-user gets blocked on a user endpoint.
+    resp = await no_user_client.get("/user/self/db")
+    assert resp.status_code != 422
+    assert resp.status_code == 401
+    assert resp.json()["detail"] == "Not authenticated"