Add User-Specific Access Tests for Conversion Results (✓ Sandbox Passed)

convertPheno_server/tests/test_clinical.py

@@ -11,7 +11,8 @@
 #   License: GPL-3.0 license
 
 from copy import deepcopy
-from utils import req_post, convert_clinical_data, filter_by_criteria
+
+from utils import convert_clinical_data, filter_by_criteria, req_post
 
 url_root = "/api/"
 url_suffix = "clinical/json"
@@ -54,6 +55,33 @@ def test_conversion_job_not_exist(self, client, header):
         data = deepcopy(default_data)
         data["jobId"] = "1234"
         res = req_post(client, header, url_suffix, data=data)
+    def test_conversion_results_access_by_other_user(self, client, header, another_user_header):
+        # Simulate the scenario where a user tries to access the conversion results of another user
+        job_id = convert_clinical_data(client, header)
+        data = deepcopy(default_data)
+        data["jobId"] = str(job_id)
+        res = req_post(client, another_user_header, url_suffix, data=data)
+        # Assert that the server responds with an error or access denied message
+        assert res.status_code == 403  # HTTP Forbidden status code
+        assert res.json["message"] == "Access denied"
+
+    def test_conversion_results_access_by_owner(self, client, header):
+        # Simulate the scenario where a user tries to access their own conversion results
+        job_id = convert_clinical_data(client, header)
+        data = deepcopy(default_data)
+        data["jobId"] = str(job_id)
+        res = req_post(client, header, url_suffix, data=data)
+        # Assert the server responds with success message and the correct data
+        assert res.status_code == 200
+        expected_keys = [
+            "json",
+            "colHeaders",
+            "colTree",
+            "colNodeIds",
+            "shownColumns",
+            "nodeToSelected",
+        ]
+        assert all(key in res.json for key in expected_keys)
         assert res.status_code == 404
         assert res.json["message"] == "job not found"
 

convertPheno_server/tests/test_download.py

@@ -63,6 +63,29 @@ def test_download_results_clinical_data_not_found(self, client, header):
         assert res.status_code == 404
         assert res.json["message"] == "clinical data not found"
 
+
+    def test_download_access_by_owner(self, client, header):
+        # Simulate the scenario where a user tries to download their own conversion results
+        job_id = convert_clinical_data(client, header)
+        data = deepcopy(default_data)
+        data["jobId"] = job_id
+        data["tempFilename"] = f"{job_id}.result.json"  # Assuming the file format for the test
+        res = req_post(client, header, download_url_suffix, data=data)
+        # Assert the server responds with success message and the correct data
+        assert res.status_code == 200
+        assert res.data == b'some_binary_data'  # Assuming binary data for the test
+
+    def test_download_access_by_other_user(self, client, header, another_user_header):
+        # Simulate the scenario where a user tries to download results of another user
+        job_id = convert_clinical_data(client, header)
+        data = deepcopy(default_data)
+        data["jobId"] = job_id
+        res = req_post(client, another_user_header, download_url_suffix, data=data)
+        # Assert that the server responds with an error or access denied message
+        assert res.status_code == 403  # HTTP Forbidden status code
+        assert res.json["message"] == "Access denied"
+
+
     def test_download_all_results(self, client, header):
         data = {
             "runExampleData": True,