Merge pull request #132 from dinesh-aot/COMP-200

Changes to role restrictions in the backend
bcgov · Nov 8, 2024 · 07dfd2c · 07dfd2c
2 parents 7c6f87a + e7b2d47
commit 07dfd2c
Show file tree

Hide file tree

Showing 5 changed files with 0 additions and 37 deletions.
diff --git a/compliance-api/src/compliance_api/resources/agency.py b/compliance-api/src/compliance_api/resources/agency.py
@@ -46,7 +46,6 @@ class Agencies(Resource):
     @API.response(code=200, description="Success", model=[agency_list_model])
     @ApiHelper.swagger_decorators(API, endpoint_description="Fetch all agencies")
     @auth.require
-    @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN])
     def get():
         """Fetch all agencies."""
         agencies = AgencyService.get_all()
@@ -78,7 +77,6 @@ class Agency(Resource):
     @ApiHelper.swagger_decorators(API, endpoint_description="Fetch an agency by id")
     @API.response(code=200, model=agency_list_model, description="Success")
     @API.response(404, "Not Found")
-    @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN])
     def get(agency_id):
         """Fetch an agency by id."""
         agency = AgencyService.get_by_id(agency_id)

diff --git a/compliance-api/src/compliance_api/resources/staff_user.py b/compliance-api/src/compliance_api/resources/staff_user.py
@@ -52,7 +52,6 @@ class StaffUsers(Resource):
     @API.response(code=200, description="Success", model=[user_list_model])
     @ApiHelper.swagger_decorators(API, endpoint_description="Fetch all users")
     @auth.require
-    @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN])
     def get():
         """Fetch all users."""
         users = StaffUserService.get_all_staff_users()
@@ -85,7 +84,6 @@ class StaffUser(Resource):
     @ApiHelper.swagger_decorators(API, endpoint_description="Fetch a user by id")
     @API.response(code=200, model=user_list_model, description="Success")
     @API.response(404, "Not Found")
-    @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN])
     def get(user_id):
         """Fetch a user by id."""
         user = StaffUserService.get_user_by_id(user_id)

diff --git a/compliance-api/src/compliance_api/resources/topic.py b/compliance-api/src/compliance_api/resources/topic.py
@@ -46,7 +46,6 @@ class Topics(Resource):
     @API.response(code=200, description="Success", model=[topic_list_model])
     @ApiHelper.swagger_decorators(API, endpoint_description="Fetch all topics")
     @auth.require
-    @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN])
     def get():
         """Fetch all topics."""
         topics = TopicService.get_all()
@@ -78,7 +77,6 @@ class Topic(Resource):
     @ApiHelper.swagger_decorators(API, endpoint_description="Fetch an topic by id")
     @API.response(code=200, model=topic_list_model, description="Success")
     @API.response(404, "Not Found")
-    @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN])
     def get(topic_id):
         """Fetch an topic by id."""
         topic = TopicService.get_by_id(topic_id)

diff --git a/compliance-api/tests/integration/api/test_staff_user.py b/compliance-api/tests/integration/api/test_staff_user.py
@@ -183,14 +183,6 @@ def test_get_users(mock_auth_service, mocker, client, auth_header_super_user):
     assert result.status_code == HTTPStatus.OK
 
 
-def test_get_users_with_non_super_user(mock_auth_service, mocker, client, auth_header):
-    """Create an existing user."""
-    url = urljoin(API_BASE_URL, "staff-users")
-
-    result = client.get(url, headers=auth_header)
-    assert result.status_code == HTTPStatus.FORBIDDEN
-
-
 def test_get_user_by_id(mock_auth_service, client, auth_header_super_user):
     """Get user by id."""
     staff_data = StaffScenario.default_data.value
@@ -204,15 +196,6 @@ def test_get_user_by_id(mock_auth_service, client, auth_header_super_user):
     assert result.json["id"] == created_user.id
 
 
-def test_get_user_by_id_with_non_super_user(mock_auth_service, client, auth_header):
-    """Get user by id."""
-    url = urljoin(API_BASE_URL, "staff-users/1")
-
-    result = client.get(url, headers=auth_header)
-
-    assert result.status_code == HTTPStatus.FORBIDDEN
-
-
 def test_get_user_by_id_not_found(mock_auth_service, client, auth_header_super_user):
     """Get user by id not found."""
     url = urljoin(API_BASE_URL, "staff-users/9999")

diff --git a/compliance-api/tests/integration/api/test_topic.py b/compliance-api/tests/integration/api/test_topic.py
@@ -23,13 +23,6 @@ def test_get_topics(app, client, auth_header_super_user):
     assert result.status_code == HTTPStatus.OK
 
 
-def test_get_topics_with_non_super_user(app, client, auth_header):
-    """Get topics."""
-    url = urljoin(API_BASE_URL, "topics")
-    result = client.get(url, headers=auth_header)
-    assert result.status_code == HTTPStatus.FORBIDDEN
-
-
 def test_get_specific_topic(app, client, auth_header_super_user):
     """Get topic by id."""
     # Create a topic
@@ -41,13 +34,6 @@ def test_get_specific_topic(app, client, auth_header_super_user):
     assert result.json["name"] == created_topic.name
 
 
-def test_get_specific_topic_with_non_super_user(app, client, auth_header):
-    """Get topic by id."""
-    url = urljoin(API_BASE_URL, "topics/1")
-    result = client.get(url, headers=auth_header)
-    assert result.status_code == HTTPStatus.FORBIDDEN
-
-
 def test_create_topic(client, auth_header_super_user):
     """Create topic."""
     url = urljoin(API_BASE_URL, "topics")