153 lines
4.6 KiB
Python
153 lines
4.6 KiB
Python
"""
|
|
This module ensures root user only endpoints do return a correctly formatted 401 when user is not the root user for the org
|
|
DELETE endpoints are not tested
|
|
"""
|
|
|
|
import pytest
|
|
from httpx import AsyncClient
|
|
|
|
pytestmark = [
|
|
pytest.mark.auth,
|
|
pytest.mark.root_user,
|
|
]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_org_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/org?org_id=2")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_patch_org_questionnaire_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.patch(
|
|
"/org/questionnaire",
|
|
json={
|
|
"organisation_id": 2,
|
|
"intake_questionnaire": {
|
|
"question_one": "new answer one",
|
|
"question_two": None,
|
|
"question_three": None,
|
|
},
|
|
"partial": True,
|
|
},
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_org_users_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/org/users?org_id=2")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_org_groups_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/org/groups?org_id=2")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_org_contact_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/org/contact?org_id=2&contact_type=billing")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_patch_org_contact_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.patch(
|
|
"/org/contact",
|
|
json={
|
|
"organisation_id": 2,
|
|
"contact_type": "billing",
|
|
"email": "user@example.com",
|
|
},
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_service_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/service?org_id=2")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_iam_group_permissions_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/iam/group/permissions?org_id=2&group_id=1")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_iam_group_users_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/iam/group/users?org_id=2&group_id=1")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_post_iam_group_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.post(
|
|
"/iam/group", json={"name": "New Group", "organisation_id": 2}
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_put_iam_group_permission_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.put(
|
|
"/iam/group/permission",
|
|
json={"permission_id": 1, "group_id": 2, "organisation_id": 2},
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_put_iam_group_user_auth_root(
|
|
no_su_client: AsyncClient,
|
|
):
|
|
resp = await no_su_client.put(
|
|
"/iam/group/user", json={"user_id": 2, "group_id": 1, "organisation_id": 2}
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_iam_permissions_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/iam/permissions?org_id=2")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_post_iam_permissions_search_auth_root(no_su_client: AsyncClient):
|
|
resp = await no_su_client.post(
|
|
"/iam/permissions/search", json={"organisation_id": 2, "action": "read"}
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be the org's root user" in resp.json()["detail"]
|