diff --git a/.alembic/versions/2026-05-29_drop_user_groups_org_column.py b/.alembic/versions/2026-05-29_drop_user_groups_org_column.py deleted file mode 100644 index b5c71c9..0000000 --- a/.alembic/versions/2026-05-29_drop_user_groups_org_column.py +++ /dev/null @@ -1,34 +0,0 @@ -"""Drop user_groups org column - -Revision ID: d9dc6986fe38 -Revises: 8132c4b88665 -Create Date: 2026-05-29 16:10:00.320982 - -""" -from typing import Sequence, Union - -from alembic import op -import sqlalchemy as sa - - -# revision identifiers, used by Alembic. -revision: str = 'd9dc6986fe38' -down_revision: Union[str, Sequence[str], None] = '8132c4b88665' -branch_labels: Union[str, Sequence[str], None] = None -depends_on: Union[str, Sequence[str], None] = None - - -def upgrade() -> None: - """Upgrade schema.""" - # ### commands auto generated by Alembic - please adjust! ### - op.drop_constraint(op.f('user_groups_org_id_fkey'), 'user_groups', type_='foreignkey') - op.drop_column('user_groups', 'org_id') - # ### end Alembic commands ### - - -def downgrade() -> None: - """Downgrade schema.""" - # ### commands auto generated by Alembic - please adjust! ### - op.add_column('user_groups', sa.Column('org_id', sa.INTEGER(), autoincrement=False, nullable=False)) - op.create_foreign_key(op.f('user_groups_org_id_fkey'), 'user_groups', 'organisation', ['org_id'], ['id'], ondelete='CASCADE') - # ### end Alembic commands ### diff --git a/src/iam/models.py b/src/iam/models.py index f542b70..6ae2289 100644 --- a/src/iam/models.py +++ b/src/iam/models.py @@ -78,5 +78,6 @@ class GroupPermissions(Base): class UserGroups(Base): __tablename__ = "user_groups" + org_id = Column(Integer, ForeignKey("organisation.id", ondelete="CASCADE"), primary_key=True) user_id = Column(Integer, ForeignKey("user.id", ondelete="CASCADE"), primary_key=True) group_id = Column(Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True) diff --git a/src/iam/router.py b/src/iam/router.py index 316c5fa..1cf904c 100644 --- a/src/iam/router.py +++ b/src/iam/router.py @@ -19,7 +19,6 @@ from fastapi import APIRouter, status from sqlalchemy.exc import IntegrityError from psycopg import errors -from service.exceptions import ServiceNotFoundException from src.exceptions import ConflictException from src.database import db_dependency from src.schemas import ResourceName @@ -123,7 +122,7 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_ return response -@router.put("/group/user", response_model=IAMPutGroupUserResponse) +@router.put("/group/user") async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest): if group_model.org_id != org_model.id: raise UnauthorizedException() @@ -165,27 +164,24 @@ async def remove_group_user(db: db_dependency, group_model: group_model_body_dep @router.get("/permissions", response_model=IAMGetPermissionsResponse) -async def get_permissions(db: db_dependency, org_model: org_model_root_claim_query_dependency): +async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency): permission_models = db.query(Perm).all() return {"permissions": permission_models} -@router.post("/permission", response_model=IAMPostPermissionResponse) -async def create_new_permission(db: db_dependency, su: super_admin_dependency, request_model: IAMPostPermissionRequest): - service_model = db.get(Service, request_model.service_id) - if service_model is None: - raise ServiceNotFoundException(service_id=request_model.service_id) - perm_model = Perm(**request_model.__dict__) +@router.post("/permission") +async def create_new_permission(db: db_dependency, su: super_admin_dependency, request_mode: IAMPostPermissionRequest): + perm_model = Perm(**request_mode.__dict__) try: db.add(perm_model) except IntegrityError as e: if isinstance(e.orig, errors.UniqueViolation): raise ConflictException(message="Permission already exists") db.flush() - response = {"service_name": perm_model.service_name, "resource": perm_model.resource, "action": perm_model.action} + response = IAMPostPermissionResponse(permission=PermissionSchema(**perm_model.__dict__)) db.commit() - return {"permission": response} + return response @router.delete("/permission", status_code=status.HTTP_204_NO_CONTENT) @@ -194,18 +190,18 @@ async def delete_permission(db: db_dependency, su: super_admin_dependency, perm_ db.commit() -@router.post("/permissions/search", response_model=IAMGetPermissionsSearchResponse) -async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMGetPermissionsSearchRequest): +@router.get("/permissions/search", response_model=IAMGetPermissionsSearchResponse) +async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency, search: IAMGetPermissionsSearchRequest): permission_query = db.query(Perm) - if request_model.service_id is not None: - permission_query = permission_query.filter(Perm.service_id == request_model.service_id) + if search.service_id is not None: + permission_query = permission_query.filter(Perm.service_id == search.service_id) - if request_model.resource is not None: - permission_query = permission_query.filter(Perm.resource == request_model.resource) + if search.resource is not None: + permission_query = permission_query.filter(Perm.resource == search.resource) - if request_model.action is not None: - permission_query = permission_query.filter(Perm.action == request_model. action) + if search.action is not None: + permission_query = permission_query.filter(Perm.action == search. action) permission_models = permission_query.all() diff --git a/src/iam/schemas.py b/src/iam/schemas.py index fa6adfc..ff6cbfc 100644 --- a/src/iam/schemas.py +++ b/src/iam/schemas.py @@ -6,11 +6,10 @@ Models follow the nomenclature of: - Mixins: "Mixin" - Models: "" ie "IAMGetGroupPermissionsResponse" """ -from typing import Optional, Annotated +from typing import Optional from pydantic import EmailStr, ConfigDict, Field -from src.service.schemas import ServiceIDMixin from src.organisation.schemas import OrgIDMixin from src.schemas import CustomBaseModel from user.schemas import UserIDMixin @@ -18,7 +17,7 @@ from user.schemas import UserIDMixin class UserSchema(CustomBaseModel): model_config = ConfigDict(from_attributes=True, extra="ignore") - + id: int first_name: str last_name: str @@ -84,7 +83,8 @@ class IAMDeleteGroupUserResponse(CustomBaseModel): class IAMGetPermissionsResponse(CustomBaseModel): permissions: list[PermissionSchema] -class IAMPostPermissionRequest(ServiceIDMixin): +class IAMPostPermissionRequest(CustomBaseModel): + service_id: int resource: str action: str @@ -94,8 +94,8 @@ class IAMPostPermissionResponse(CustomBaseModel): class IAMDeletePermissionRequest(PermIDMixin): pass -class IAMGetPermissionsSearchRequest(OrgIDMixin): - service_id: Annotated[int | None, Field(gt=0)] = None +class IAMGetPermissionsSearchRequest(CustomBaseModel): + service_id: Optional[int] = None resource: Optional[str] = None action: Optional[str] = None diff --git a/src/service/schemas.py b/src/service/schemas.py index 50e7c35..2d89400 100644 --- a/src/service/schemas.py +++ b/src/service/schemas.py @@ -6,12 +6,12 @@ Models follow the nomenclature of: - Mixins: "Mixin" - Models: "" ie "ServiceGetServiceResponse" """ -from pydantic import ConfigDict, Field +from pydantic import ConfigDict from src.schemas import CustomBaseModel class ServiceIDMixin(CustomBaseModel): - service_id: int = Field(gt=0) + service_id: int class ServiceSchema(CustomBaseModel): model_config = ConfigDict(from_attributes=True, extra="ignore") diff --git a/test/conftest.py b/test/conftest.py index e3ea2fc..e29e131 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -54,7 +54,7 @@ def _seed(db): status="approved", intake_questionnaire={"question_two": "answer two"})) db.add(Service(name="Test Service", api_key="123456789")) db.add(Permission(service_id=1, resource="test_resource", action="read")) - db.add(Group(name="Test Group", org_id=1)) + db.add(Group(name="Test Group")) db.flush() group_model = db.get(Group, 1) perm_model = db.get(Permission, 1) diff --git a/test/test_iam.py b/test/test_iam.py deleted file mode 100644 index 578eade..0000000 --- a/test/test_iam.py +++ /dev/null @@ -1,414 +0,0 @@ -""" -Act on resource tests only check for pass/fail on input validation. Logic is not tested. -""" -import pytest -from httpx import AsyncClient - -from src.user.models import User -from .conftest import client, db_session - -from src.iam.models import Group - - -@pytest.mark.anyio -async def test_post_act_on_resource_endpoint_success(client: AsyncClient): - body = { - "service": "Test Service", - "organisation": "Test Org", - "resource": "test_resource" - } - headers = { - "Authorization": "Bearer not_checked_when_auth_is_disabled", - "X-API-Key": "123456789" - } - resp = await client.post("/iam/can_act_on_resource?action=read", json=body, headers=headers) - data = resp.json() - - assert resp.status_code == 200 - assert data == True - - -@pytest.mark.anyio -@pytest.mark.parametrize( - "service, org, resource, action, expected_status", - [ - (None, "Test Org", "test_resource", "read", 422), - (42, "Test Org", "test_resource", "read", 422), - ("Test Service", None, "test_resource", "read", 422), - ("Test Service", 42, "test_resource", "read", 422), - ("Test Service", "Test Org", None, "read", 422), - ("Test Service", "Test Org", 42, "read", 422), - ], -) -@pytest.mark.anyio -async def test_post_act_on_resource_endpoint_failure(client: AsyncClient, service, org, resource, action, - expected_status: int): - body = { - "service": service, - "organisation": org, - "resource": resource - } - headers = { - "Authorization": "Bearer not_checked_when_auth_is_disabled", - "X-API-Key": "123456789" - } - resp = await client.post(f"/iam/can_act_on_resource?action={action}", json=body, headers=headers) - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_get_group_permissions_success(client: AsyncClient): - resp = await client.get("/iam/group/permissions?org_id=1&group_id=1") - data = resp.json() - - assert resp.status_code == 200 - assert "permissions" in data - assert type(data["permissions"]) == list - assert data["permissions"][0]["service_name"] == "Test Service" - assert data["permissions"][0]["resource"] == "test_resource" - assert data["permissions"][0]["action"] == "read" - - -@pytest.mark.parametrize( - "query, expected_status", - [ - ("org_id=2&group_id=1", 404), # Non-exists org, valid group - ("org_id=banana&group_id=1", 422), # Invalid org, valid group - ("org_id=&group_id=1", 422), # Blank org, valid group - ("org_id=-1&group_id=1", 422), # Negative org, valid group - ("group_id=1", 422), # Only group - ("", 422), # Blank query - ("org_id=&group_id=", 422), # Both blank - ("org_id=1&group_id=2", 404), # Valid org, non-exists group - ("org_id=1&group_id=banana", 422), # Valid org, invalid group - ("org_id=1&group_id=", 422), # Valid org, blank group - ("org_id=1&group_id=-1", 422), # Valid org, negative group - ("org_id=1", 422), # Only org - ], -) -@pytest.mark.anyio -async def test_get_group_permissions_failure(client: AsyncClient, query: str, expected_status: int): - resp = await client.get(f"/iam/group/permissions?{query}") - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_get_group_users_success(client: AsyncClient): - resp = await client.get("/iam/group/users?org_id=1&group_id=1") - data = resp.json() - - assert resp.status_code == 200 - assert "users" in data - assert type(data["users"]) == list - assert data["users"][0]["id"] == 1 - assert data["users"][0]["first_name"] == "Admin" - assert data["users"][0]["last_name"] == "Test" - assert data["users"][0]["email"] == "admin@test.com" - - -@pytest.mark.parametrize( - "query, expected_status", - [ - ("org_id=2&group_id=1", 404), # Non-exists org, valid group - ("org_id=banana&group_id=1", 422), # Invalid org, valid group - ("org_id=&group_id=1", 422), # Blank org, valid group - ("org_id=-1&group_id=1", 422), # Negative org, valid group - ("group_id=1", 422), # Only group - ("", 422), # Blank query - ("org_id=&group_id=", 422), # Both blank - ("org_id=1&group_id=2", 404), # Valid org, non-exists group - ("org_id=1&group_id=banana", 422), # Valid org, invalid group - ("org_id=1&group_id=", 422), # Valid org, blank group - ("org_id=1&group_id=-1", 422), # Valid org, negative group - ("org_id=1", 422), # Only org - ], -) -@pytest.mark.anyio -async def test_get_group_users_failure(client: AsyncClient, query: str, expected_status: int): - resp = await client.get(f"/iam/group/users?{query}") - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_post_group_success(client: AsyncClient): - resp = await client.post("/iam/group", json={"name": "New Group", "organisation_id": 1}) - data = resp.json() - - assert resp.status_code == 200 - assert "group" in data - assert type(data["group"]) == dict - assert data["group"]["name"] == "New Group" - assert data["group"]["id"] == 2 - - -@pytest.mark.parametrize( - "body, expected_status", - [ - ({"organisation_id": 2, "name": "new group"}, 404), # Non-existent organisation, valid name - ({"organisation_id": "banana", "name": "new group"}, 422), # Invalid organisation ID, valid name - ({"organisation_id": "", "name": "new group"}, 422), # Blank organisation ID, valid name - ({"organisation_id": -1, "name": "new group"}, 422), # Negative organisation ID, valid name - ({"name": 1}, 422), # Only name - ({}, 422), # Blank body - ({"organisation_id": "", "name": ""}, 422), # Both blank - ({"organisation_id": 1, "name": 42}, 422), # Valid organisation, invalid name - ({"organisation_id": 1, "name": ""}, 422), # Valid organisation, blank name - ({"organisation_id": 1, "name": "hi"}, 422), # Valid organisation, small name - ({"organisation_id": 1}, 422), # Only organisation ID - ], -) -@pytest.mark.anyio -async def test_post_group_failure(client: AsyncClient, body: dict[str, str], expected_status: int): - resp = await client.post("/iam/group", json=body) - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_put_group_perm_success(client: AsyncClient, db_session): - db_session.add(Group(name="Test Group Two", org_id=1)) - db_session.flush() - resp = await client.put("/iam/group/permission", json={"permission_id": 1, "group_id": 2, "organisation_id": 1}) - data = resp.json() - - assert resp.status_code == 200 - assert "group" in data - assert type(data["group"]) == dict - assert data["group"]["name"] == "Test Group Two" - assert data["group"]["id"] == 2 - - assert "permissions" in data - assert type(data["permissions"]) == list - assert data["permissions"][0]["service_name"] == "Test Service" - assert data["permissions"][0]["resource"] == "test_resource" - assert data["permissions"][0]["action"] == "read" - - -@pytest.mark.parametrize( - "body, expected_status", - [ - ({"organisation_id": 42, "group_id": 1, "permission_id": 1}, 404), # Non-existent organisation - ({"organisation_id": "banana", "group_id": 1, "permission_id": 1}, 422), # Invalid organisation ID - ({"organisation_id": "", "group_id": 1, "permission_id": 1}, 422), # Blank organisation ID - ({"organisation_id": -1, "group_id": 1, "permission_id": 1}, 422), # Negative organisation ID - - ({"organisation_id": 1, "group_id": 42, "permission_id": 1}, 404), # Non-existent group - ({"organisation_id": 1, "group_id": "banana", "permission_id": 1}, 422), # Invalid group ID - ({"organisation_id": 1, "group_id": "", "permission_id": 1}, 422), # Blank group ID - ({"organisation_id": 1, "group_id": -1, "permission_id": 1}, 422), # Negative group ID - - ({"organisation_id": 1, "group_id": 1, "permission_id": 42}, 404), # Non-existent permission - ({"organisation_id": 1, "group_id": 1, "permission_id": "banana"}, 422), # Invalid permission ID - ({"organisation_id": 1, "group_id": 1, "permission_id": ""}, 422), # Blank permission ID - ({"organisation_id": 1, "group_id": 1, "permission_id": -1}, 422), # Negative permission ID - - ({}, 422), # Blank body - ({"permission_id": 1}, 422), # Only permission - ({"organisation_id": 1}, 422), # Only organisation - ({"group_id": 1}, 422), # Only group - - ({"organisation_id": 1, "permission_id": 1}, 422), # Missing group - ({"group_id": 1, "permission_id": 1}, 422), # Missing organisation - ({"organisation_id": 1, "group_id": 1}, 422), # Missing permission - - ], -) -@pytest.mark.anyio -async def test_put_group_perm_failure(client: AsyncClient, body: dict[str, str], expected_status: int): - resp = await client.put("/iam/group/permission", json=body) - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_put_group_user_success(client: AsyncClient, db_session): - db_session.add(User(email="user@test.org", first_name="User", last_name="Test", oidc_id="abcd-efgh-ijkl-1234")) - db_session.flush() - - resp = await client.put("/iam/group/user", json={"user_id": 2, "group_id": 1, "organisation_id": 1}) - data = resp.json() - - assert resp.status_code == 200 - assert "group" in data - assert type(data["group"]) == dict - assert data["group"]["name"] == "Test Group" - assert data["group"]["id"] == 1 - - assert "users" in data - assert type(data["users"]) == list - assert data["users"][1]["id"] == 2 - assert data["users"][1]["first_name"] == "User" - assert data["users"][1]["last_name"] == "Test" - assert data["users"][1]["email"] == "user@test.org" - - -@pytest.mark.parametrize( - "body, expected_status", - [ - ({"organisation_id": 42, "group_id": 1, "user_id": 1}, 404), # Non-existent organisation - ({"organisation_id": "banana", "group_id": 1, "user_id": 1}, 422), # Invalid organisation ID - ({"organisation_id": "", "group_id": 1, "user_id": 1}, 422), # Blank organisation ID - ({"organisation_id": -1, "group_id": 1, "user_id": 1}, 422), # Negative organisation ID - - ({"organisation_id": 1, "group_id": 42, "user_id": 1}, 404), # Non-existent group - ({"organisation_id": 1, "group_id": "banana", "user_id": 1}, 422), # Invalid group ID - ({"organisation_id": 1, "group_id": "", "user_id": 1}, 422), # Blank group ID - ({"organisation_id": 1, "group_id": -1, "user_id": 1}, 422), # Negative group ID - - ({"organisation_id": 1, "group_id": 1, "user_id": 42}, 404), # Non-existent user - ({"organisation_id": 1, "group_id": 1, "user_id": "banana"}, 422), # Invalid user ID - ({"organisation_id": 1, "group_id": 1, "user_id": ""}, 422), # Blank user ID - ({"organisation_id": 1, "group_id": 1, "user_id": -1}, 422), # Negative user ID - - ({}, 422), # Blank body - ({"user_id": 1}, 422), # Only user - ({"organisation_id": 1}, 422), # Only organisation - ({"group_id": 1}, 422), # Only group - - ({"organisation_id": 1, "user_id": 1}, 422), # Missing group - ({"group_id": 1, "user_id": 1}, 422), # Missing organisation - ({"organisation_id": 1, "group_id": 1}, 422), # Missing user - - ], -) -@pytest.mark.anyio -async def test_put_group_user_failure(client: AsyncClient, body: dict[str, str], expected_status: int): - resp = await client.put("/iam/group/user", json=body) - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_get_permissions_success(client: AsyncClient): - resp = await client.get("/iam/permissions?org_id=1") - data = resp.json() - - assert resp.status_code == 200 - assert "permissions" in data - assert type(data["permissions"]) == list - assert data["permissions"][0]["service_name"] == "Test Service" - assert data["permissions"][0]["resource"] == "test_resource" - assert data["permissions"][0]["action"] == "read" - - -@pytest.mark.parametrize( - "query, expected_status", - [ - ("org_id=42", 404), # Non-exists org - ("org_id=banana", 422), # Invalid org - ("org_id=", 422), # Blank org - ("org_id=-1", 422), # Negative org - ("", 422), # Blank query - ], -) -@pytest.mark.anyio -async def test_get_permissions_failure(client: AsyncClient, query: str, expected_status: int): - resp = await client.get(f"/iam/permissions?{query}") - - assert resp.status_code == expected_status - - -@pytest.mark.anyio -async def test_post_perm_success(client: AsyncClient, db_session): - resp = await client.post("/iam/permission", json={"service_id": 1, "resource": "test_resource", "action": "create"}) - data = resp.json() - - assert resp.status_code == 200 - assert "permission" in data - assert data["permission"]["service_name"] == "Test Service" - assert data["permission"]["resource"] == "test_resource" - assert data["permission"]["action"] == "create" - - -@pytest.mark.parametrize( - "body, expected_status", - [ - # service_id tests - ({"service_id": 42, "resource": "test_resource", "action": "read"}, 404), # Non-existent service - ({"service_id": "banana", "resource": "test_resource", "action": "read"}, 422), # Invalid service ID - ({"service_id": "", "resource": "test_resource", "action": "read"}, 422), # Blank service ID - ({"service_id": -1, "resource": "test_resource", "action": "read"}, 422), # Negative service ID - - # resource tests - ({"service_id": 1, "resource": 42, "action": "read"}, 422), # Invalid resource type - - # action tests - ({"service_id": 1, "resource": "test_resource", "action": 42}, 422), # Invalid action type - - # missing/partial body tests - ({}, 422), # Blank body - ({"resource": "test_resource"}, 422), # Only resource - ({"action": "read"}, 422), # Only action - ({"service_id": 1}, 422), # Only service - - ({"service_id": 1, "action": "read"}, 422), # Missing resource - ({"service_id": 1, "resource": "test_resource"}, 422), # Missing action - ({"resource": "test_resource", "action": "read"}, 422), # Missing service - - ], -) -@pytest.mark.anyio -async def test_post_perm_failure(client: AsyncClient, body: dict[str, str], expected_status: int): - resp = await client.post("/iam/permission", json=body) - - assert resp.status_code == expected_status - - -@pytest.mark.parametrize( - "body", - [ - {"organisation_id": 1, "service_id": 1, "resource": "test_resource", "action": "read"}, - - {"organisation_id": 1, "service_id": 1}, - {"organisation_id": 1, "resource": "test_resource"}, - {"organisation_id": 1, "action": "read"}, - {"organisation_id": 1, "service_id": 1, "action": "read"}, - {"organisation_id": 1, "service_id": 1, "resource": "test_resource"}, - {"organisation_id": 1, "resource": "test_resource", "action": "read"}, - ], -) -@pytest.mark.anyio -async def test_post_perm_search_success(client: AsyncClient, db_session, body): - resp = await client.post("/iam/permissions/search", json=body) - data = resp.json() - - assert resp.status_code == 200 - assert "permissions" in data - assert type(data["permissions"]) == list - assert data["permissions"][0]["service_name"] == "Test Service" - assert data["permissions"][0]["resource"] == "test_resource" - assert data["permissions"][0]["action"] == "read" - - -@pytest.mark.parametrize( - "body, expected_status", - [ - # organisation_id tests - ({"organisation_id": 42, "service_id": 1, "resource": "test_resource", "action": "read"}, 404), # Non-existent organisation - ({"organisation_id": "banana", "service_id": 1, "resource": "test_resource", "action": "read"}, 422), # Invalid organisation ID - ({"organisation_id": "", "service_id": 1, "resource": "test_resource", "action": "read"}, 422), # Blank organisation ID - ({"organisation_id": -1, "service_id": 1, "resource": "test_resource", "action": "read"}, 422), # Negative organisation ID - - # service_id tests - ({"organisation_id": 1, "service_id": "banana", "resource": "test_resource", "action": "read"}, 422), # Invalid service ID - ({"organisation_id": 1, "service_id": "", "resource": "test_resource", "action": "read"}, 422), # Blank service ID - ({"organisation_id": 1, "service_id": -1, "resource": "test_resource", "action": "read"}, 422), # Negative service ID - - # resource tests - ({"organisation_id": 1, "service_id": 1, "resource": 42, "action": "read"}, 422), # Invalid resource type - - # action tests - ({"organisation_id": 1, "service_id": 1, "resource": "test_resource", "action": 42}, 422), # Invalid action type - - # missing/partial body tests - ({}, 422), # Blank body - ], -) -@pytest.mark.anyio -async def test_post_perm_search_failure(client: AsyncClient, body: dict[str, str], expected_status: int): - resp = await client.post("/iam/permissions/search", json=body) - - assert resp.status_code == expected_status