diff --git a/convertPheno_server/tests/test_clinical.py b/convertPheno_server/tests/test_clinical.py index 150c00f0..224711c8 100644 --- a/convertPheno_server/tests/test_clinical.py +++ b/convertPheno_server/tests/test_clinical.py @@ -11,7 +11,8 @@ # License: GPL-3.0 license from copy import deepcopy -from utils import req_post, convert_clinical_data, filter_by_criteria + +from utils import convert_clinical_data, filter_by_criteria, req_post url_root = "/api/" url_suffix = "clinical/json" @@ -54,6 +55,33 @@ def test_conversion_job_not_exist(self, client, header): data = deepcopy(default_data) data["jobId"] = "1234" res = req_post(client, header, url_suffix, data=data) + def test_conversion_results_access_by_other_user(self, client, header, another_user_header): + # Simulate the scenario where a user tries to access the conversion results of another user + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = str(job_id) + res = req_post(client, another_user_header, url_suffix, data=data) + # Assert that the server responds with an error or access denied message + assert res.status_code == 403 # HTTP Forbidden status code + assert res.json["message"] == "Access denied" + + def test_conversion_results_access_by_owner(self, client, header): + # Simulate the scenario where a user tries to access their own conversion results + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = str(job_id) + res = req_post(client, header, url_suffix, data=data) + # Assert the server responds with success message and the correct data + assert res.status_code == 200 + expected_keys = [ + "json", + "colHeaders", + "colTree", + "colNodeIds", + "shownColumns", + "nodeToSelected", + ] + assert all(key in res.json for key in expected_keys) assert res.status_code == 404 assert res.json["message"] == "job not found" diff --git a/convertPheno_server/tests/test_download.py b/convertPheno_server/tests/test_download.py index 07ad421b..a82253e9 100644 --- a/convertPheno_server/tests/test_download.py +++ b/convertPheno_server/tests/test_download.py @@ -63,6 +63,29 @@ def test_download_results_clinical_data_not_found(self, client, header): assert res.status_code == 404 assert res.json["message"] == "clinical data not found" + + def test_download_access_by_owner(self, client, header): + # Simulate the scenario where a user tries to download their own conversion results + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = job_id + data["tempFilename"] = f"{job_id}.result.json" # Assuming the file format for the test + res = req_post(client, header, download_url_suffix, data=data) + # Assert the server responds with success message and the correct data + assert res.status_code == 200 + assert res.data == b'some_binary_data' # Assuming binary data for the test + + def test_download_access_by_other_user(self, client, header, another_user_header): + # Simulate the scenario where a user tries to download results of another user + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = job_id + res = req_post(client, another_user_header, download_url_suffix, data=data) + # Assert that the server responds with an error or access denied message + assert res.status_code == 403 # HTTP Forbidden status code + assert res.json["message"] == "Access denied" + + def test_download_all_results(self, client, header): data = { "runExampleData": True,