From 912e624cc218b383cecc2f63c6af6b779476726d Mon Sep 17 00:00:00 2001 From: "sweep-ai[bot]" <128439645+sweep-ai[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 22:31:51 +0000 Subject: [PATCH 1/2] feat: Updated convertPheno_server/tests/test_downl --- convertPheno_server/tests/test_download.py | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/convertPheno_server/tests/test_download.py b/convertPheno_server/tests/test_download.py index 2cedd62d..937070a0 100644 --- a/convertPheno_server/tests/test_download.py +++ b/convertPheno_server/tests/test_download.py @@ -63,6 +63,29 @@ def test_download_results_clinical_data_not_found(self, client, header): assert res.status_code == 404 assert res.json["message"] == "clinical data not found" + + def test_download_access_by_owner(self, client, header): + # Simulate the scenario where a user tries to download their own conversion results + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = job_id + data["tempFilename"] = f"{job_id}.result.json" # Assuming the file format for the test + res = req_post(client, header, download_url_suffix, data=data) + # Assert the server responds with success message and the correct data + assert res.status_code == 200 + assert res.data == b'some_binary_data' # Assuming binary data for the test + + def test_download_access_by_other_user(self, client, header, another_user_header): + # Simulate the scenario where a user tries to download results of another user + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = job_id + res = req_post(client, another_user_header, download_url_suffix, data=data) + # Assert that the server responds with an error or access denied message + assert res.status_code == 403 # HTTP Forbidden status code + assert res.json["message"] == "Access denied" + + def test_download_all_results(self, client, header): data = { "runExampleData": True, From 1f2834a8c9398f5e971c2a3829eb6e523e6e3c0c Mon Sep 17 00:00:00 2001 From: "sweep-ai[bot]" <128439645+sweep-ai[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 22:37:52 +0000 Subject: [PATCH 2/2] feat: Updated convertPheno_server/tests/test_clini --- convertPheno_server/tests/test_clinical.py | 30 +++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/convertPheno_server/tests/test_clinical.py b/convertPheno_server/tests/test_clinical.py index 16108ff3..abcc1cca 100644 --- a/convertPheno_server/tests/test_clinical.py +++ b/convertPheno_server/tests/test_clinical.py @@ -11,7 +11,8 @@ # License: GPL-3.0 license from copy import deepcopy -from utils import req_post, convert_clinical_data, filter_by_criteria + +from utils import convert_clinical_data, filter_by_criteria, req_post url_root = "/api/" url_suffix = "clinical/json" @@ -54,6 +55,33 @@ def test_conversion_job_not_exist(self, client, header): data = deepcopy(default_data) data["jobId"] = "1234" res = req_post(client, header, url_suffix, data=data) + def test_conversion_results_access_by_other_user(self, client, header, another_user_header): + # Simulate the scenario where a user tries to access the conversion results of another user + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = str(job_id) + res = req_post(client, another_user_header, url_suffix, data=data) + # Assert that the server responds with an error or access denied message + assert res.status_code == 403 # HTTP Forbidden status code + assert res.json["message"] == "Access denied" + + def test_conversion_results_access_by_owner(self, client, header): + # Simulate the scenario where a user tries to access their own conversion results + job_id = convert_clinical_data(client, header) + data = deepcopy(default_data) + data["jobId"] = str(job_id) + res = req_post(client, header, url_suffix, data=data) + # Assert the server responds with success message and the correct data + assert res.status_code == 200 + expected_keys = [ + "json", + "colHeaders", + "colTree", + "colNodeIds", + "shownColumns", + "nodeToSelected", + ] + assert all(key in res.json for key in expected_keys) assert res.status_code == 404 assert res.json["message"] == "job not found"