inveniosoftware · ntarocco · Oct 3, 2024 · Sep 2, 2024
diff --git a/invenio_vocabularies/contrib/names/names.py b/invenio_vocabularies/contrib/names/names.py
@@ -21,7 +21,8 @@
 )
 from invenio_records_resources.resources.records.headers import etag_headers
 
-from ...services.permissions import PermissionPolicy
+from invenio_vocabularies.contrib.names.permissions import NamesPermissionPolicy
+
 from ..affiliations.api import Affiliation
 from .config import NamesSearchOptions, service_components
 from .schema import NameSchema
@@ -63,7 +64,7 @@
     service_schema=NameSchema,
     search_options=NamesSearchOptions,
     service_components=service_components,
-    permission_policy_cls=PermissionPolicy,
+    permission_policy_cls=NamesPermissionPolicy,
     # Resource layer
     endpoint_route="/names",
     resource_cls_attrs={

diff --git a/invenio_vocabularies/contrib/names/permissions.py b/invenio_vocabularies/contrib/names/permissions.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020-2024 CERN.
+#
+# Invenio-Vocabularies is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""Vocabulary permissions."""
+
+from invenio_records_permissions.generators import AuthenticatedUser, SystemProcess
+
+from ...services.permissions import PermissionPolicy
+
+
+class NamesPermissionPolicy(PermissionPolicy):
+    """Permission policy."""
+
+    can_search = [SystemProcess(), AuthenticatedUser()]
+    can_read = [SystemProcess(), AuthenticatedUser()]
diff --git a/tests/contrib/names/test_names_resource.py b/tests/contrib/names/test_names_resource.py
@@ -93,10 +93,27 @@ def example_name(
     return name
 
 
-def test_names_invalid(client, h, prefix):
+def test_non_authenticated(client, prefix, example_name, h):
+    """Test non-authenticated access."""
+    # Search
+    res = client.get(prefix)
+    assert res.status_code == 403
+
+    id_ = example_name.id
+
+    # Read
+    res = client.get(f"{prefix}/{id_}", headers=h)
+    assert res.status_code == 403
+
+    # Resolve
+    res = client.get(f"{prefix}/orcid/0000-0001-8135-3489", headers=h)
+    assert res.status_code == 403
+
+
+def test_names_invalid(client_with_credentials, h, prefix):
     """Test invalid type."""
     # invalid type
-    res = client.get(f"{prefix}/invalid", headers=h)
+    res = client_with_credentials.get(f"{prefix}/invalid", headers=h)
     assert res.status_code == 404
 
 
@@ -115,11 +132,11 @@ def test_names_forbidden(client, h, prefix, example_name, name_full_data):
     assert res.status_code == 403
 
 
-def test_names_get(client, example_name, h, prefix):
+def test_names_get(client_with_credentials, example_name, h, prefix):
     """Test the endpoint to retrieve a single item."""
     id_ = example_name.id
 
-    res = client.get(f"{prefix}/{id_}", headers=h)
+    res = client_with_credentials.get(f"{prefix}/{id_}", headers=h)
     assert res.status_code == 200
     assert res.json["id"] == id_
     # Test links
@@ -128,51 +145,53 @@ def test_names_get(client, example_name, h, prefix):
     }
 
 
-def test_names_search(client, example_name, h, prefix):
+def test_names_search(client_with_credentials, example_name, h, prefix):
     """Test a successful search."""
-    res = client.get(prefix, headers=h)
+    res = client_with_credentials.get(prefix, headers=h)
 
     assert res.status_code == 200
     assert res.json["hits"]["total"] == 1
     assert res.json["sortBy"] == "name"
 
 
-def test_names_resolve(client, example_name, h, prefix):
-    res = client.get(f"{prefix}/orcid/0000-0001-8135-3489", headers=h)
+def test_names_resolve(client_with_credentials, example_name, h, prefix):
+    res = client_with_credentials.get(f"{prefix}/orcid/0000-0001-8135-3489", headers=h)
     assert res.status_code == 200
     assert res.json["id"] == example_name.id
 
-    res = client.get(f"{prefix}/orcid/0000-0002-5082-6404", headers=h)
+    res = client_with_credentials.get(f"{prefix}/orcid/0000-0002-5082-6404", headers=h)
     assert res.status_code == 404
 
 
-def test_names_suggest_sort(client, example_multiple_names, h, prefix):
+def test_names_suggest_sort(client_with_credentials, example_multiple_names, h, prefix):
     """Test a successful search."""
 
     # With typo
-    res = client.get(f"{prefix}?suggest=davisson", headers=h)
+    res = client_with_credentials.get(f"{prefix}?suggest=davisson", headers=h)
     assert res.status_code == 200
     assert res.json["hits"]["total"] == 1
     assert res.json["hits"]["hits"][0]["name"] == "Davidson, Niels John"
 
     # With accent
-    res = client.get(f"{prefix}?suggest=dwayne", headers=h)
+    res = client_with_credentials.get(f"{prefix}?suggest=dwayne", headers=h)
     assert res.status_code == 200
     assert res.json["hits"]["total"] == 1
     assert res.json["hits"]["hits"][0]["name"] == "Johnsœn, Dwäyne"
 
-    res = client.get(f"{prefix}?suggest=Dw%C3%A4yne", headers=h)  # Dwäyne
+    res = client_with_credentials.get(
+        f"{prefix}?suggest=Dw%C3%A4yne", headers=h
+    )  # Dwäyne
     assert res.status_code == 200
     assert res.json["hits"]["total"] == 1
     assert res.json["hits"]["hits"][0]["name"] == "Johnsœn, Dwäyne"
 
     # With incomplete
-    res = client.get(f"{prefix}?suggest=joh", headers=h)
+    res = client_with_credentials.get(f"{prefix}?suggest=joh", headers=h)
     assert res.status_code == 200
     assert res.json["hits"]["total"] == 3
 
     # With affiliation
-    res = client.get(f"{prefix}?suggest=john%20wwe", headers=h)
+    res = client_with_credentials.get(f"{prefix}?suggest=john%20wwe", headers=h)
     assert res.status_code == 200
     assert (
         res.json["hits"]["total"] == 3