make test correct

lincbrain · Jan 4, 2024 · e799d44 · e799d44
1 parent 768952c
commit e799d44
Showing 1 changed file with 43 additions and 32 deletions.
diff --git a/dandiapi/api/tests/test_permission.py b/dandiapi/api/tests/test_permission.py
@@ -3,60 +3,66 @@
 
 
 @pytest.mark.parametrize(
-    ('method', 'url_format'),
+    ('method', 'url_format', 'owner_required'),
     [
         # Dandisets
-        ('get', '/api/dandisets/'),  # FAILING
-        ('post', '/api/dandisets/'),
-        ('get', '/api/dandisets/{dandiset.identifier}/'),  # FAILING
-        ('delete', '/api/dandisets/{dandiset.identifier}/'),
-        ('post', '/api/dandisets/{dandiset.identifier}/unembargo/'),
-        ('get', '/api/dandisets/{dandiset.identifier}/users/'),  # FAILING
-        ('put', '/api/dandisets/{dandiset.identifier}/users/'),
+        ('get', '/api/dandisets/', False),
+        ('post', '/api/dandisets/', False),
+        ('get', '/api/dandisets/{dandiset.identifier}/', False),
+        ('delete', '/api/dandisets/{dandiset.identifier}/', True),
+        ('post', '/api/dandisets/{dandiset.identifier}/unembargo/', True),
+        ('get', '/api/dandisets/{dandiset.identifier}/users/', False),
+        ('put', '/api/dandisets/{dandiset.identifier}/users/', False),
         # Versions
-        ('get', '/api/dandisets/{dandiset.identifier}/versions/'),
-        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/'),
-        ('put', '/api/dandisets/{dandiset.identifier}/versions/draft/'),
-        ('delete', '/api/dandisets/{dandiset.identifier}/versions/draft/'),
-        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/info/'),
-        ('post', '/api/dandisets/{dandiset.identifier}/versions/draft/publish/'),
+        ('get', '/api/dandisets/{dandiset.identifier}/versions/', False),
+        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/', False),
+        ('put', '/api/dandisets/{dandiset.identifier}/versions/draft/', True),
+        ('delete', '/api/dandisets/{dandiset.identifier}/versions/draft/', True),
+        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/info/', False),
+        ('post', '/api/dandisets/{dandiset.identifier}/versions/draft/publish/', True),
         # Assets
-        ('get', '/api/assets/{asset.asset_id}/'),
-        ('get', '/api/assets/{asset.asset_id}/download/'),
-        ('get', '/api/assets/{asset.asset_id}/info/'),
-        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/assets/'),
-        ('post', '/api/dandisets/{dandiset.identifier}/versions/draft/assets/'),
-        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/assets/paths/'),
+        ('get', '/api/assets/{asset.asset_id}/', False),
+        ('get', '/api/assets/{asset.asset_id}/download/', False),
+        ('get', '/api/assets/{asset.asset_id}/info/', False),
+        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/assets/', False),
+        ('post', '/api/dandisets/{dandiset.identifier}/versions/draft/assets/', True),
+        ('get', '/api/dandisets/{dandiset.identifier}/versions/draft/assets/paths/', False),
         (
             'get',
             '/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset.asset_id}/',
+            False,
         ),
         (
             'put',
             '/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset.asset_id}/',
+            True,
         ),
         (
             'delete',
             '/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset.asset_id}/',
+            True,
         ),
         (
             'get',
             '/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset.asset_id}/download/',
+            False,
         ),
         (
             'get',
             '/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset.asset_id}/info/',
+            False,
         ),
         (
             'get',
             '/api/dandisets/{dandiset.identifier}/versions/draft/assets/{asset.asset_id}/validation/',  # noqa: E501
+            False,
         ),
         # Zarrs
-        ('get', '/api/zarr/'),
-        ('post', '/api/zarr/'),
-        ('get', '/api/zarr/{zarr.zarr_id}/'),
-        ('delete', '/api/zarr/{zarr.zarr_id}/files/'),
-        ('post', '/api/zarr/{zarr.zarr_id}/files/'),
+        ('get', '/api/zarr/', False),
+        ('post', '/api/zarr/', True),
+        ('get', '/api/zarr/{zarr.zarr_id}/', False),
+        ('delete', '/api/zarr/{zarr.zarr_id}/files/', True),
+        ('post', '/api/zarr/{zarr.zarr_id}/files/', True),
     ],
 )
 @pytest.mark.django_db()
@@ -69,6 +75,7 @@ def test_approved_or_readonly(
     zarr_archive_factory,
     method,
     url_format,
+    owner_required,
 ):
     dandiset = dandiset_factory()
     version = draft_version_factory(dandiset=dandiset)
@@ -82,8 +89,17 @@ def test_approved_or_readonly(
     # The client is not authenticated, so all response codes should be 401
     assert response.status_code == 401
 
+    # Owner not required, so further requests will succeed
+    if not owner_required:
+        return
+
     api_client.force_authenticate(user=user)
 
+    # Safe method, read only is okay
+    if method.upper() in SAFE_METHODS:
+        assert response.status_code < 400
+        return
+
     # Zarr create is a special case, as permission can only be
     # denied after reading the request body
     if url == '/api/zarr/' and method == 'post':
@@ -92,13 +108,8 @@ def test_approved_or_readonly(
             data={'name': 'test', 'dandiset': dandiset.identifier},
             format='json',
         )
-        assert response.status_code == 403
     else:
         response = getattr(api_client, method)(url)
 
-        if method.upper() in SAFE_METHODS:
-            assert response.status_code < 400
-            return
-
-        # Would occur due to ReadOnlyModelViewSet
-        assert response.status_code >= 400
+    # The client is now authenticated but not an owner, so all response codes should be 403
+    assert response.status_code == 403