103 lines
2.8 KiB
Python
103 lines
2.8 KiB
Python
"""
|
|
This module ensures super admin only endpoints do return a correctly formatted 401 when user is not a super admin
|
|
DELETE endpoints are not tested
|
|
"""
|
|
|
|
import pytest
|
|
from httpx import AsyncClient
|
|
|
|
from src.organisation.models import OrgUsers
|
|
from src.user.models import User
|
|
|
|
|
|
pytestmark = [
|
|
pytest.mark.auth,
|
|
pytest.mark.super_admin,
|
|
]
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_user_auth_su(no_su_client: AsyncClient):
|
|
resp = await no_su_client.get("/user?user_id=1")
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert resp.json()["detail"] == "Must be super admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_patch_org_status_auth_su(no_su_client: AsyncClient):
|
|
resp = await no_su_client.patch(
|
|
"/org/status", json={"organisation_id": 1, "status": "submitted"}
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert resp.json()["detail"] == "Must be super admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_patch_org_root_user_auth_su(no_su_client: AsyncClient, db_session):
|
|
db_session.add(
|
|
User(
|
|
email="user@test.org",
|
|
first_name="User",
|
|
last_name="Test",
|
|
oidc_id="abcd-efgh-ijkl-1234",
|
|
)
|
|
)
|
|
db_session.flush()
|
|
db_session.add(OrgUsers(org_id=1, user_id=2))
|
|
db_session.flush()
|
|
|
|
resp = await no_su_client.patch(
|
|
"/org/root_user", json={"organisation_id": 1, "user_id": 2}
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert resp.json()["detail"] == "Must be super admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_patch_service_key_auth_su(no_su_client: AsyncClient):
|
|
resp = await no_su_client.patch("/service/key", json={"service_id": 1})
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert resp.json()["detail"] == "Must be super admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_post_service_auth_su(no_su_client: AsyncClient):
|
|
resp = await no_su_client.post("/service", json={"name": "New Test Service"})
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert resp.json()["detail"] == "Must be super admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_post_perm_auth_su(no_su_client: AsyncClient, db_session):
|
|
resp = await no_su_client.post(
|
|
"/iam/permission",
|
|
json={"service_id": 1, "resource": "test_resource", "action": "create"},
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert resp.json()["detail"] == "Must be super admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_post_org_user_auth_su(no_su_client: AsyncClient, db_session):
|
|
db_session.add(
|
|
User(
|
|
email="user@test.org",
|
|
first_name="User",
|
|
last_name="Test",
|
|
oidc_id="abcd-efgh-ijkl-1234",
|
|
)
|
|
)
|
|
db_session.flush()
|
|
|
|
resp = await no_su_client.post(
|
|
"/org/user", json={"organisation_id": 1, "user_id": 2}
|
|
)
|
|
assert resp.status_code != 422
|
|
assert resp.status_code == 403
|
|
assert "Must be super admin" in resp.json()["detail"]
|