codeforboston#284 - Updated the Create endpoint to require a CONTRIBU…

…TOR role and updates the unit tests to use a contributor user.
mnuzzose · Jul 24, 2023 · ceee76e · ceee76e
1 parent b17261a
commit ceee76e
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 4 deletions.
diff --git a/backend/routes/incidents.py b/backend/routes/incidents.py
@@ -31,7 +31,7 @@ def get_incidents(incident_id: int):
 @bp.route("/create", methods=["POST"])
 @jwt_required()
 # TODO: Require CONTRIBUTOR role
-@min_role_required(UserRole.PUBLIC)
+@min_role_required(UserRole.CONTRIBUTOR)
 @validate(json=CreateIncidentSchema)
 def create_incident():
  """Create a single incident.

diff --git a/backend/tests/conftest.py b/backend/tests/conftest.py
@@ -8,6 +8,7 @@
 
 example_email = "[email protected]"
 admin_email = "[email protected]"
+contributor_email = "[email protected]"
 example_password = "my_password"
 
 
@@ -63,7 +64,6 @@ def example_user(db_session):
  db_session.commit()
  return user
 
-
 @pytest.fixture
 def admin_user(db_session):
  user = User(
@@ -78,6 +78,19 @@ def admin_user(db_session):
 
  return user
 
+@pytest.fixture
+def contributor_user(db_session):
+ user = User(
+ email=contributor_email,
+ password=user_manager.hash_password(example_password),
+ role=UserRole.CONTRIBUTOR,
+ first_name="contributor",
+ last_name="last",
+ )
+ db_session.add(user)
+ db_session.commit()
+
+ return user
 
 @pytest.fixture
 def access_token(client, example_user):
@@ -91,6 +104,17 @@ def access_token(client, example_user):
  assert res.status_code == 200
  return res.json["access_token"]
 
+@pytest.fixture
+def contributor_access_token(client, contributor_user):
+ res = client.post(
+ "api/v1/auth/login",
+ json={
+ "email": contributor_email,
+ "password": example_password,
+ },
+ )
+ assert res.status_code == 200
+ return res.json["access_token"]
 
 @pytest.fixture
 def cli_runner(app):

diff --git a/backend/tests/test_incidents.py b/backend/tests/test_incidents.py
@@ -51,7 +51,7 @@
 
 
 @pytest.fixture
-def example_incidents(db_session, client, access_token):
+def example_incidents(db_session, client, contributor_access_token):
  for id, mock in mock_sources.items():
  db_session.add(Source(id=id, **mock))
  db_session.commit()
@@ -61,7 +61,7 @@ def example_incidents(db_session, client, access_token):
  res = client.post(
  "/api/v1/incidents/create",
  json=mock,
- headers={"Authorization": "Bearer {0}".format(access_token)},
+ headers={"Authorization": "Bearer {0}".format(contributor_access_token)},
  )
  assert res.status_code == 200
  created[name] = res.json