diff --git a/compliance-api/src/compliance_api/resources/agency.py b/compliance-api/src/compliance_api/resources/agency.py index 62a9cc32..2342a1f9 100644 --- a/compliance-api/src/compliance_api/resources/agency.py +++ b/compliance-api/src/compliance_api/resources/agency.py @@ -46,7 +46,6 @@ class Agencies(Resource): @API.response(code=200, description="Success", model=[agency_list_model]) @ApiHelper.swagger_decorators(API, endpoint_description="Fetch all agencies") @auth.require - @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN]) def get(): """Fetch all agencies.""" agencies = AgencyService.get_all() @@ -78,7 +77,6 @@ class Agency(Resource): @ApiHelper.swagger_decorators(API, endpoint_description="Fetch an agency by id") @API.response(code=200, model=agency_list_model, description="Success") @API.response(404, "Not Found") - @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN]) def get(agency_id): """Fetch an agency by id.""" agency = AgencyService.get_by_id(agency_id) diff --git a/compliance-api/src/compliance_api/resources/staff_user.py b/compliance-api/src/compliance_api/resources/staff_user.py index 149aacff..701966f1 100644 --- a/compliance-api/src/compliance_api/resources/staff_user.py +++ b/compliance-api/src/compliance_api/resources/staff_user.py @@ -52,7 +52,6 @@ class StaffUsers(Resource): @API.response(code=200, description="Success", model=[user_list_model]) @ApiHelper.swagger_decorators(API, endpoint_description="Fetch all users") @auth.require - @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN]) def get(): """Fetch all users.""" users = StaffUserService.get_all_staff_users() @@ -85,7 +84,6 @@ class StaffUser(Resource): @ApiHelper.swagger_decorators(API, endpoint_description="Fetch a user by id") @API.response(code=200, model=user_list_model, description="Success") @API.response(404, "Not Found") - @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN]) def get(user_id): """Fetch a user by id.""" user = StaffUserService.get_user_by_id(user_id) diff --git a/compliance-api/src/compliance_api/resources/topic.py b/compliance-api/src/compliance_api/resources/topic.py index 68966461..bea262e3 100644 --- a/compliance-api/src/compliance_api/resources/topic.py +++ b/compliance-api/src/compliance_api/resources/topic.py @@ -46,7 +46,6 @@ class Topics(Resource): @API.response(code=200, description="Success", model=[topic_list_model]) @ApiHelper.swagger_decorators(API, endpoint_description="Fetch all topics") @auth.require - @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN]) def get(): """Fetch all topics.""" topics = TopicService.get_all() @@ -78,7 +77,6 @@ class Topic(Resource): @ApiHelper.swagger_decorators(API, endpoint_description="Fetch an topic by id") @API.response(code=200, model=topic_list_model, description="Success") @API.response(404, "Not Found") - @auth.has_one_of_roles([PermissionEnum.SUPERUSER, PermissionEnum.ADMIN]) def get(topic_id): """Fetch an topic by id.""" topic = TopicService.get_by_id(topic_id) diff --git a/compliance-api/tests/integration/api/test_staff_user.py b/compliance-api/tests/integration/api/test_staff_user.py index 252d04c7..d39eaa42 100644 --- a/compliance-api/tests/integration/api/test_staff_user.py +++ b/compliance-api/tests/integration/api/test_staff_user.py @@ -183,14 +183,6 @@ def test_get_users(mock_auth_service, mocker, client, auth_header_super_user): assert result.status_code == HTTPStatus.OK -def test_get_users_with_non_super_user(mock_auth_service, mocker, client, auth_header): - """Create an existing user.""" - url = urljoin(API_BASE_URL, "staff-users") - - result = client.get(url, headers=auth_header) - assert result.status_code == HTTPStatus.FORBIDDEN - - def test_get_user_by_id(mock_auth_service, client, auth_header_super_user): """Get user by id.""" staff_data = StaffScenario.default_data.value @@ -204,15 +196,6 @@ def test_get_user_by_id(mock_auth_service, client, auth_header_super_user): assert result.json["id"] == created_user.id -def test_get_user_by_id_with_non_super_user(mock_auth_service, client, auth_header): - """Get user by id.""" - url = urljoin(API_BASE_URL, "staff-users/1") - - result = client.get(url, headers=auth_header) - - assert result.status_code == HTTPStatus.FORBIDDEN - - def test_get_user_by_id_not_found(mock_auth_service, client, auth_header_super_user): """Get user by id not found.""" url = urljoin(API_BASE_URL, "staff-users/9999") diff --git a/compliance-api/tests/integration/api/test_topic.py b/compliance-api/tests/integration/api/test_topic.py index 72df9407..96e69d06 100644 --- a/compliance-api/tests/integration/api/test_topic.py +++ b/compliance-api/tests/integration/api/test_topic.py @@ -23,13 +23,6 @@ def test_get_topics(app, client, auth_header_super_user): assert result.status_code == HTTPStatus.OK -def test_get_topics_with_non_super_user(app, client, auth_header): - """Get topics.""" - url = urljoin(API_BASE_URL, "topics") - result = client.get(url, headers=auth_header) - assert result.status_code == HTTPStatus.FORBIDDEN - - def test_get_specific_topic(app, client, auth_header_super_user): """Get topic by id.""" # Create a topic @@ -41,13 +34,6 @@ def test_get_specific_topic(app, client, auth_header_super_user): assert result.json["name"] == created_topic.name -def test_get_specific_topic_with_non_super_user(app, client, auth_header): - """Get topic by id.""" - url = urljoin(API_BASE_URL, "topics/1") - result = client.get(url, headers=auth_header) - assert result.status_code == HTTPStatus.FORBIDDEN - - def test_create_topic(client, auth_header_super_user): """Create topic.""" url = urljoin(API_BASE_URL, "topics")