From 5ed13da2e62fb54a3af251d955867096b4c971bb Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Fri, 21 Oct 2016 17:37:49 -0400
Subject: [PATCH] Add missing security test for delete org

---
 endpoints/api/organization.py |  3 ++-
 test/test_api_security.py     | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/endpoints/api/organization.py b/endpoints/api/organization.py
index 710f84a60..999ecf8e1 100644
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@@ -212,8 +212,9 @@ class Organization(ApiResource):
         raise NotFound()
 
       model.user.delete_user(org, all_queues)
+      return 'Deleted', 204
 
-    return 'Deleted', 204
+    raise Unauthorized()
 
 
 @resource('/v1/organization/<orgname>/private')
diff --git a/test/test_api_security.py b/test/test_api_security.py
index bd6adc4bb..93240b36e 100644
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@@ -3568,6 +3568,18 @@ class TestOrganizationBuynlarge(ApiTestCase):
   def test_put_devtable(self):
     self._run_test('PUT', 200, 'devtable', {})
 
+  def test_delete_anonymous(self):
+    self._run_test('DELETE', 401, None, {})
+
+  def test_delete_freshuser(self):
+    self._run_test('DELETE', 403, 'freshuser', {})
+
+  def test_delete_reader(self):
+    self._run_test('DELETE', 403, 'reader', {})
+
+  def test_delete_devtable(self):
+    self._run_test('DELETE', 204, 'devtable', {})
+
 
 class TestRepositoryPublicPublicrepo(ApiTestCase):
   def setUp(self):