Skip to content

test_auth#

test_file_permissions#

Source code in tests/unit/apps/files/api/files/test_auth.py 
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
def test_file_permissions(
    requests_client,
    live_server,
    ida_service_user,
    end_users,
    update_request_client_auth_token,
    ida_file_json,
):
    user1, user2, user3 = end_users
    endpoint = reverse("file-list")
    url = f"{live_server.url}{endpoint}"
    update_request_client_auth_token(requests_client, ida_service_user.token)

    res1 = requests_client.post(url, json=ida_file_json)
    assert res1.status_code == 201

    res2 = requests_client.get(url)
    assert res2.status_code == 200
    assert res2.json()["count"] == 1

    update_request_client_auth_token(requests_client, user1.token)
    res3 = requests_client.post(url, json=ida_file_json)
    assert res3.status_code == 403

    # files are not public unless in a dataset
    res4 = requests_client.get(url)
    assert res4.status_code == 200
    assert res4.json()["count"] == 0