From 801f027248465d1f5b9fa22f156fb1e623024a04 Mon Sep 17 00:00:00 2001 From: Thomas Chopitea Date: Tue, 7 Jan 2025 17:04:34 +0000 Subject: [PATCH] Fix tests --- core/schemas/rbac.py | 9 ++++++--- tests/apiv2/groups.py | 14 +++++++++++++- tests/apiv2/users.py | 4 ++-- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/core/schemas/rbac.py b/core/schemas/rbac.py index 999d3ac85..7b4abd9e4 100644 --- a/core/schemas/rbac.py +++ b/core/schemas/rbac.py @@ -57,7 +57,8 @@ async def wrapper(*args, httpreq: Request, **kwargs): extended_id = extended_id.group(1) if not httpreq.state.user.has_permissions(extended_id, permission): raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden" + status_code=status.HTTP_403_FORBIDDEN, + detail=f"Forbidden: missing privileges {permission} on target", ) return func(*args, httpreq=httpreq, **kwargs) @@ -81,7 +82,8 @@ async def wrapper(*args, httpreq: Request, **kwargs): extended_id = f"{prefix}/{id}" if not httpreq.state.user.has_permissions(extended_id, permission): raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden" + status_code=status.HTTP_403_FORBIDDEN, + detail=f"Forbidden: missing privileges {permission} on target {extended_id}", ) return func(*args, httpreq=httpreq, **kwargs) @@ -101,7 +103,8 @@ async def wrapper(*args, httpreq: Request, **kwargs): return func(*args, httpreq=httpreq, **kwargs) raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden" + status_code=status.HTTP_403_FORBIDDEN, + detail=f"Forbidden: missing global permission {permission}", ) return wrapper diff --git a/tests/apiv2/groups.py b/tests/apiv2/groups.py index cd85a4c07..c8400237e 100644 --- a/tests/apiv2/groups.py +++ b/tests/apiv2/groups.py @@ -53,8 +53,20 @@ def test_create_group(self): json={"name": "testGroup"}, headers={"Authorization": f"Bearer {self.user1_token}"}, ) - self.assertEqual(response.status_code, 200) data = response.json() + self.assertEqual(response.status_code, 403, data) + self.assertEqual(data["detail"], "Forbidden: missing global permission 2") + + self.user1.global_role = graph.Role.WRITER + self.user1.save() + + response = client.post( + "/api/v2/groups", + json={"name": "testGroup"}, + headers={"Authorization": f"Bearer {self.user1_token}"}, + ) + data = response.json() + self.assertEqual(response.status_code, 200, data) self.assertEqual(data["name"], "testGroup") def test_delete_group(self): diff --git a/tests/apiv2/users.py b/tests/apiv2/users.py index 1f27a4ce1..6bb5afdbd 100644 --- a/tests/apiv2/users.py +++ b/tests/apiv2/users.py @@ -101,7 +101,7 @@ def test_toggle_user_unprivileged(self): ) data = response.json() - self.assertEqual(response.status_code, 401, data) + self.assertEqual(response.status_code, 403, data) self.assertIsNotNone(data) self.assertEqual(data["detail"], "user tomchop is not an admin") @@ -189,7 +189,7 @@ def test_delete_user_unprivileged(self): headers={"Authorization": f"Bearer {self.user_token}"}, ) data = response.json() - self.assertEqual(response.status_code, 401) + self.assertEqual(response.status_code, 403, data) self.assertIsNotNone(data) self.assertEqual(data["detail"], "user tomchop is not an admin")