|
29 | 29 |
|
30 | 30 | @pytest.mark.integration_test |
31 | 31 | class TestUserRestricted: |
| 32 | + |
| 33 | + @pytest.mark.asyncio |
| 34 | + @pytest.mark.parametrize( |
| 35 | + "endpoint_url, is_fhir_4", |
| 36 | + [("", False), ("/FHIR/R4/", True), ("/FHIR/STU3/", False)], |
| 37 | + ) |
| 38 | + async def test_user_restricted_valid_ods_code( |
| 39 | + self, |
| 40 | + authenticate_user, |
| 41 | + endpoint_url, |
| 42 | + is_fhir_4, |
| 43 | + service_url, |
| 44 | + update_user_restricted_product, |
| 45 | + ): |
| 46 | + access_code = await authenticate_user( |
| 47 | + referring_clinician, [referring_clinician.org_code] |
| 48 | + ) |
| 49 | + |
| 50 | + client_request_headers = { |
| 51 | + _HEADER_ECHO: "", # enable echo target |
| 52 | + _HEADER_AUTHORIZATION: "Bearer " + access_code, |
| 53 | + _HEADER_REQUEST_ID: "DUMMY-VALUE", |
| 54 | + RenamedHeader.REFERRAL_ID.original: _EXPECTED_REFERRAL_ID, |
| 55 | + RenamedHeader.CORRELATION_ID.original: _EXPECTED_CORRELATION_ID, |
| 56 | + RenamedHeader.BUSINESS_FUNCTION.original: referring_clinician.business_function, |
| 57 | + RenamedHeader.ODS_CODE.original: referring_clinician.org_code, |
| 58 | + RenamedHeader.FILENAME.original: _EXPECTED_FILENAME, |
| 59 | + RenamedHeader.COMM_RULE_ORG.original: _EXPECTED_COMM_RULE_ORG, |
| 60 | + RenamedHeader.OBO_USER_ID.original: _EXPECTED_OBO_USER_ID, |
| 61 | + } |
| 62 | + |
| 63 | + # Make the API call |
| 64 | + |
| 65 | + # Make request with user with ODS code not in allow list (e.g. R69) |
| 66 | + response = requests.get( |
| 67 | + f"{service_url}{endpoint_url}", headers=client_request_headers |
| 68 | + ) |
| 69 | + |
| 70 | + # Verify the status |
| 71 | + # Verify 403 response with appropriate error message |
| 72 | + assert ( |
| 73 | + response.status_code == 200 |
| 74 | + ), "Expected a 200 when accessing the api but got " + str(response.status_code) |
| 75 | + |
32 | 76 | @pytest.mark.asyncio |
33 | 77 | @pytest.mark.parametrize( |
34 | 78 | "endpoint_url, is_fhir_4", |
|
0 commit comments