diff --git a/test/test_search.py b/test/test_search.py index c88004c..d4fafaf 100644 --- a/test/test_search.py +++ b/test/test_search.py @@ -697,9 +697,6 @@ def test_search_access_control_private_project_all_roles( client, role_fixture, role_name, request, private_project_with_submission ): """Test that all project roles (admin, contributor, viewer) can search private project data""" - # skip if role name not org-admin: fix later - if role_name != "org-admin": - pytest.skip("Skipping non org-admin roles for now") # Get the token from the fixture token = request.getfixturevalue(role_fixture) diff --git a/test/test_submissions_rbac.py b/test/test_submissions_rbac.py index 19f7420..9b4fe76 100644 --- a/test/test_submissions_rbac.py +++ b/test/test_submissions_rbac.py @@ -356,9 +356,9 @@ def test_contributor_can_delete_own_draft( assert cursor.fetchone() is None -@pytest.mark.skip( - reason="Application doesn't check submission ownership for delete operations - any contributor can delete any submission in their project" -) +# @pytest.mark.skip( +# reason="Application doesn't check submission ownership for delete operations - any contributor can delete any submission in their project" +# ) @pytest.mark.rbac @pytest.mark.submission def test_contributor_cannot_delete_other_draft( @@ -668,9 +668,9 @@ def test_contributor_can_unpublish_own_submission( cursor.execute("DELETE FROM submissions WHERE id = %s", (draft["id"],)) -@pytest.mark.skip( - reason="Application doesn't check submission ownership for unpublish operations - any contributor can unpublish any submission in their project" -) +# @pytest.mark.skip( +# reason="Application doesn't check submission ownership for unpublish operations - any contributor can unpublish any submission in their project" +# ) @pytest.mark.rbac @pytest.mark.submission def test_contributor_cannot_unpublish_other_submission( @@ -846,7 +846,7 @@ def test_viewer_cannot_unpublish_submission( # ============================================================================ -@pytest.mark.skip(reason="Semi-private projects not supported by database schema") +# @pytest.mark.skip(reason="Semi-private projects not supported by database schema") @pytest.mark.rbac @pytest.mark.submission def test_semi_private_drafts_same_as_private_project( @@ -854,17 +854,18 @@ def test_semi_private_drafts_same_as_private_project( system_admin_token, semi_private_project, project_contributor, - project_contributor_token, - external_user_token, + external_user, ): """Drafts on semi-private projects behave like private projects""" - add_project_member( + # Get fresh token after adding user to project + project_contributor_token = add_project_member_and_get_token( client, system_admin_token, semi_private_project["id"], - project_contributor["user_id"], + project_contributor, "project-contributor", ) + external_user_token = get_fresh_token(external_user["email"]) # Create draft draft = create_draft_submission( @@ -889,7 +890,7 @@ def test_semi_private_drafts_same_as_private_project( cursor.execute("DELETE FROM submissions WHERE id = %s", (draft["id"],)) -@pytest.mark.skip(reason="Semi-private projects not supported by database schema") +# @pytest.mark.skip(reason="Semi-private projects not supported by database schema") @pytest.mark.rbac @pytest.mark.submission def test_semi_private_internal_access_same_as_private( @@ -897,23 +898,22 @@ def test_semi_private_internal_access_same_as_private( system_admin_token, semi_private_project, project_contributor, - project_contributor_token, project_viewer, - project_viewer_token, ): """Internal access rules are same as private projects""" - add_project_member( + # Get fresh tokens after adding users to project + project_contributor_token = add_project_member_and_get_token( client, system_admin_token, semi_private_project["id"], - project_contributor["user_id"], + project_contributor, "project-contributor", ) - add_project_member( + project_viewer_token = add_project_member_and_get_token( client, system_admin_token, semi_private_project["id"], - project_viewer["user_id"], + project_viewer, "project-viewer", ) @@ -944,7 +944,7 @@ def test_semi_private_internal_access_same_as_private( cursor.execute("DELETE FROM submissions WHERE id = %s", (draft["id"],)) -@pytest.mark.skip(reason="Semi-private projects not supported by database schema") +# @pytest.mark.skip(reason="Semi-private projects not supported by database schema") @pytest.mark.rbac @pytest.mark.submission def test_semi_private_external_cannot_list_submissions( @@ -1009,9 +1009,9 @@ def test_public_project_drafts_remain_private( cursor.execute("DELETE FROM submissions WHERE id = %s", (draft["id"],)) -@pytest.mark.skip( - reason="Application doesn't grant implicit viewer access for public projects - requires explicit project membership" -) +# @pytest.mark.skip( +# reason="Application doesn't grant implicit viewer access for public projects - requires explicit project membership" +# ) @pytest.mark.rbac @pytest.mark.submission def test_public_project_external_user_has_implicit_viewer_role( @@ -1122,9 +1122,9 @@ def test_public_project_external_user_cannot_manage_submissions( cursor.execute("DELETE FROM submissions WHERE id = %s", (draft["id"],)) -@pytest.mark.skip( - reason="Application doesn't grant implicit viewer access for public projects - requires explicit project membership" -) +# @pytest.mark.skip( +# reason="Application doesn't grant implicit viewer access for public projects - requires explicit project membership" +# ) @pytest.mark.rbac @pytest.mark.submission def test_public_project_external_user_can_view_published_data(