Fix tests

yeti-platform · Jan 7, 2025 · 801f027 · 801f027
1 parent f14d9e1
commit 801f027
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/core/schemas/rbac.py b/core/schemas/rbac.py
@@ -57,7 +57,8 @@ async def wrapper(*args, httpreq: Request, **kwargs):
                 extended_id = extended_id.group(1)
             if not httpreq.state.user.has_permissions(extended_id, permission):
                 raise HTTPException(
-                    status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden"
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail=f"Forbidden: missing privileges {permission} on target",
                 )
             return func(*args, httpreq=httpreq, **kwargs)
 
@@ -81,7 +82,8 @@ async def wrapper(*args, httpreq: Request, **kwargs):
                 extended_id = f"{prefix}/{id}"
                 if not httpreq.state.user.has_permissions(extended_id, permission):
                     raise HTTPException(
-                        status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden"
+                        status_code=status.HTTP_403_FORBIDDEN,
+                        detail=f"Forbidden: missing privileges {permission} on target {extended_id}",
                     )
 
             return func(*args, httpreq=httpreq, **kwargs)
@@ -101,7 +103,8 @@ async def wrapper(*args, httpreq: Request, **kwargs):
                 return func(*args, httpreq=httpreq, **kwargs)
 
             raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden"
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=f"Forbidden: missing global permission {permission}",
             )
 
         return wrapper

diff --git a/tests/apiv2/groups.py b/tests/apiv2/groups.py
@@ -53,8 +53,20 @@ def test_create_group(self):
             json={"name": "testGroup"},
             headers={"Authorization": f"Bearer {self.user1_token}"},
         )
-        self.assertEqual(response.status_code, 200)
         data = response.json()
+        self.assertEqual(response.status_code, 403, data)
+        self.assertEqual(data["detail"], "Forbidden: missing global permission 2")
+
+        self.user1.global_role = graph.Role.WRITER
+        self.user1.save()
+
+        response = client.post(
+            "/api/v2/groups",
+            json={"name": "testGroup"},
+            headers={"Authorization": f"Bearer {self.user1_token}"},
+        )
+        data = response.json()
+        self.assertEqual(response.status_code, 200, data)
         self.assertEqual(data["name"], "testGroup")
 
     def test_delete_group(self):

diff --git a/tests/apiv2/users.py b/tests/apiv2/users.py
@@ -101,7 +101,7 @@ def test_toggle_user_unprivileged(self):
         )
 
         data = response.json()
-        self.assertEqual(response.status_code, 401, data)
+        self.assertEqual(response.status_code, 403, data)
         self.assertIsNotNone(data)
         self.assertEqual(data["detail"], "user tomchop is not an admin")
 
@@ -189,7 +189,7 @@ def test_delete_user_unprivileged(self):
             headers={"Authorization": f"Bearer {self.user_token}"},
         )
         data = response.json()
-        self.assertEqual(response.status_code, 401)
+        self.assertEqual(response.status_code, 403, data)
         self.assertIsNotNone(data)
         self.assertEqual(data["detail"], "user tomchop is not an admin")