feat: more accurate status codes
403 Forbidden replacing many 401 Unauthorized usages.
This commit is contained in:
parent
b3ae655009
commit
c2e035dede
11 changed files with 81 additions and 74 deletions
|
|
@ -46,7 +46,7 @@ def add_second_org(db_session):
|
|||
async def test_get_org_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/org?org_id=2")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ async def test_patch_org_questionnaire_auth_root(no_su_client: AsyncClient):
|
|||
},
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -73,7 +73,7 @@ async def test_patch_org_questionnaire_auth_root(no_su_client: AsyncClient):
|
|||
async def test_get_org_users_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/org/users?org_id=2")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -81,7 +81,7 @@ async def test_get_org_users_auth_root(no_su_client: AsyncClient):
|
|||
async def test_get_org_groups_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/org/groups?org_id=2")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -89,7 +89,7 @@ async def test_get_org_groups_auth_root(no_su_client: AsyncClient):
|
|||
async def test_get_org_contact_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/org/contact?org_id=2&contact_type=billing")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -104,7 +104,7 @@ async def test_patch_org_contact_auth_root(no_su_client: AsyncClient):
|
|||
},
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -112,7 +112,7 @@ async def test_patch_org_contact_auth_root(no_su_client: AsyncClient):
|
|||
async def test_get_service_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/service/?org_id=2")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -120,7 +120,7 @@ async def test_get_service_auth_root(no_su_client: AsyncClient):
|
|||
async def test_get_iam_group_permissions_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/iam/group/permissions?org_id=2&group_id=1")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -128,7 +128,7 @@ async def test_get_iam_group_permissions_auth_root(no_su_client: AsyncClient):
|
|||
async def test_get_iam_group_users_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/iam/group/users?org_id=2&group_id=1")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -138,7 +138,7 @@ async def test_post_iam_group_auth_root(no_su_client: AsyncClient):
|
|||
"/iam/group", json={"name": "New Group", "organisation_id": 2}
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -153,7 +153,7 @@ async def test_put_iam_group_permission_auth_root(
|
|||
json={"permission_id": 1, "group_id": 2, "organisation_id": 2},
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -173,7 +173,7 @@ async def test_put_iam_group_user_auth_root(no_su_client: AsyncClient, db_sessio
|
|||
"/iam/group/user", json={"user_id": 2, "group_id": 1, "organisation_id": 2}
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -181,7 +181,7 @@ async def test_put_iam_group_user_auth_root(no_su_client: AsyncClient, db_sessio
|
|||
async def test_get_iam_permissions_auth_root(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/iam/permissions?org_id=2")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
||||
|
||||
|
|
@ -191,5 +191,5 @@ async def test_post_iam_permissions_search_auth_root(no_su_client: AsyncClient):
|
|||
"/iam/permissions/search", json={"organisation_id": 2, "action": "read"}
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be the org's root user" in resp.json()["detail"]
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ pytestmark = [
|
|||
async def test_get_user_auth_su(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.get("/user/?user_id=1")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Must be super admin"
|
||||
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ async def test_patch_org_status_auth_su(no_su_client: AsyncClient):
|
|||
"/org/status", json={"organisation_id": 1, "status": "submitted"}
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Must be super admin"
|
||||
|
||||
|
||||
|
|
@ -52,7 +52,7 @@ async def test_patch_org_root_user_auth_su(no_su_client: AsyncClient, db_session
|
|||
"/org/root_user", json={"organisation_id": 1, "user_id": 2}
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Must be super admin"
|
||||
|
||||
|
||||
|
|
@ -60,7 +60,7 @@ async def test_patch_org_root_user_auth_su(no_su_client: AsyncClient, db_session
|
|||
async def test_patch_service_key_auth_su(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.patch("/service/key", json={"service_id": 1})
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Must be super admin"
|
||||
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ async def test_patch_service_key_auth_su(no_su_client: AsyncClient):
|
|||
async def test_post_service_auth_su(no_su_client: AsyncClient):
|
||||
resp = await no_su_client.post("/service/", json={"name": "New Test Service"})
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Must be super admin"
|
||||
|
||||
|
||||
|
|
@ -79,7 +79,7 @@ async def test_post_perm_auth_su(no_su_client: AsyncClient, db_session):
|
|||
json={"service_id": 1, "resource": "test_resource", "action": "create"},
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Must be super admin"
|
||||
|
||||
|
||||
|
|
@ -99,5 +99,5 @@ async def test_post_org_user_auth_su(no_su_client: AsyncClient, db_session):
|
|||
"/org/user", json={"organisation_id": 1, "user_id": 2}
|
||||
)
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert "Must be super admin" in resp.json()["detail"]
|
||||
|
|
|
|||
|
|
@ -205,7 +205,7 @@ async def test_get_group_permissions_mismatch(
|
|||
db_session.flush()
|
||||
resp = await default_client.get(f"/iam/group/permissions?{query}")
|
||||
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Group does not belong to this organization"
|
||||
|
||||
|
||||
|
|
@ -271,7 +271,7 @@ async def test_get_group_users_mismatch(
|
|||
db_session.flush()
|
||||
resp = await default_client.get(f"/iam/group/users?{query}")
|
||||
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Group does not belong to this organization"
|
||||
|
||||
|
||||
|
|
@ -453,7 +453,7 @@ async def test_put_group_perm_mismatch(
|
|||
db_session.flush()
|
||||
resp = await default_client.put("/iam/group/permission", json=body)
|
||||
|
||||
assert resp.status_code == 401
|
||||
assert resp.status_code == 403
|
||||
assert resp.json()["detail"] == "Group does not belong to this organization"
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue