add tests for protected routes

xas-standards-api/src/xas_standards_api/crud.py

@@ -91,7 +91,7 @@ def get_standard(session, id) -> XASStandard:
 
     if standard:
         if standard.review_status != ReviewStatus.approved:
-            raise HTTPException(status_code=401, detail="Standard not available")
+            raise HTTPException(status_code=403, detail="Standard not available")
         return standard
     else:
         raise HTTPException(status_code=404, detail=f"No standard with id={id}")

xas-standards-api/tests/test_admin_router.py

@@ -45,7 +45,7 @@ def get_admin_user():
 
         # check cant get data from open endpoint
         response = client.get("/api/data/2")
-        assert response.status_code == 401
+        assert response.status_code == 403
 
         # now try admin user
         app.dependency_overrides.clear()

xas-standards-api/tests/test_open_router.py

@@ -63,7 +63,7 @@ def get_session_override():
 
         # check cant get unreviewed data from open endpoint
         response = client.get("/api/data/2")
-        assert response.status_code == 401
+        assert response.status_code == 403
 
         # check cant get id that doesnt exist
         response = client.get("/api/data/3")
@@ -73,7 +73,7 @@ def get_session_override():
         assert response.status_code == 200
 
         response = client.get("/api/standards/2")
-        assert response.status_code == 401
+        assert response.status_code == 403
 
         response = client.get("/api/standards/3")
         assert response.status_code == 404

xas-standards-api/tests/test_protected_router.py

@@ -1,3 +1,5 @@
+import datetime
+
 from fastapi.testclient import TestClient
 from sqlmodel import Session, SQLModel, create_engine
 from sqlmodel.pool import StaticPool
@@ -6,9 +8,10 @@
 from xas_standards_api.app import app
 from xas_standards_api.auth import get_current_user
 from xas_standards_api.database import get_session
+from xas_standards_api.models.models import XASStandard
 
 
-def test_read_person():
+def test_protected_router():
     engine = create_engine(
         "sqlite://",
         connect_args={"check_same_thread": False},
@@ -54,5 +57,58 @@ def get_admin_user():
         assert r["user"] == "admin"
         assert r["admin"]
 
-        # TODO check post of standard
-        # TODO check patch of standard
+        unique_sample_name = f"Test sample {datetime.datetime.now()}"
+
+        formdata = {
+            "element_id": 1,
+            "edge_id": 1,
+            "beamline_id": 1,
+            "sample_name": unique_sample_name,
+            "sample_prep": "test",
+            "doi": "doi",
+            "citation": "citation",
+            "comments": "comments",
+            "date": str(datetime.datetime.min),
+            "licence": "cc_by",
+            "sample_comp": "H",
+        }
+
+        with open("test.xdi") as fh:
+            xditext = fh.read()
+
+        response = client.post(
+            "/api/standards", data=formdata, files={"xdi_file": xditext}
+        )
+
+        assert response.status_code == 200
+
+        rjson = response.json()
+
+        xass = XASStandard.model_validate(rjson)
+
+        assert xass.sample_name == unique_sample_name
+
+        print(xass.id)
+
+        # not reviewed, should fail
+        response = client.get(f"/api/standards/{xass.id}")
+        assert response.status_code == 403
+
+        # get and review
+        app.dependency_overrides.clear()
+        app.dependency_overrides[get_session] = get_session_override
+        app.dependency_overrides[get_current_user] = get_admin_user
+
+        review_json = {
+            "reviewer_comments": "reviewer",
+            "review_status": "approved",
+            "standard_id": 3,
+        }
+
+        response = client.patch("/api/standards", json=review_json)
+        assert response.status_code == 200
+
+        response = client.get(f"/api/standards/{xass.id}")
+        assert response.status_code == 200
+
+        # TODO WRITE DATA TO TMPDIR!!!!!!!!!