import pytest from endpoints.api import api from endpoints.api.team import OrganizationTeamSyncing from endpoints.api.test.shared import client_with_identity, conduct_api_call from endpoints.api.superuser import SuperUserRepositoryBuildLogs, SuperUserRepositoryBuildResource from endpoints.api.superuser import SuperUserRepositoryBuildStatus from test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file TEAM_PARAMS = {'orgname': 'buynlarge', 'teamname': 'owners'} BUILD_PARAMS = {'build_uuid': 'test-1234'} @pytest.mark.parametrize('resource,method,params,body,identity,expected', [ (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, None, 403), (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'freshuser', 403), (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'reader', 403), (OrganizationTeamSyncing, 'POST', TEAM_PARAMS, {}, 'devtable', 400), (OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, None, 403), (OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, 'freshuser', 403), (OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, 'reader', 403), (OrganizationTeamSyncing, 'DELETE', TEAM_PARAMS, {}, 'devtable', 200), (SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, None, 401), (SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, 'freshuser', 403), (SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, 'reader', 403), (SuperUserRepositoryBuildLogs, 'GET', BUILD_PARAMS, None, 'devtable', 400), (SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, None, 401), (SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, 'freshuser', 403), (SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, 'reader', 403), (SuperUserRepositoryBuildStatus, 'GET', BUILD_PARAMS, None, 'devtable', 400), (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, None, 401), (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'freshuser', 403), (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'reader', 403), (SuperUserRepositoryBuildResource, 'GET', BUILD_PARAMS, None, 'devtable', 404), ]) def test_api_security(resource, method, params, body, identity, expected, client): with client_with_identity(identity, client) as cl: conduct_api_call(cl, resource, method, params, body, expected)