Add tests for the revoke and list endpoints

TheByronHimes · TheByronHimes · commit 4f4a7367765a · 2025-09-11T10:47:57.000Z
diff --git a/src/uos/core/orchestrator.py b/src/uos/core/orchestrator.py
@@ -241,7 +241,8 @@ async def get_upload_access_grants(
                     },
                 )
                 continue
-        return grants_with_info
+        # Sort grants by id in ascending order for predictability
+        return sorted(grants_with_info, key=lambda x: x.id)
 
     async def get_upload_box_files(
         self,
@@ -282,7 +283,9 @@ async def get_upload_box_files(
         file_ids = await self._ucs_client.get_file_upload_list(
             box_id=upload_box.file_upload_box_id,
         )
-        return file_ids
+
+        # Sort files by ID for predictability
+        return sorted(file_ids)
 
     async def upsert_file_upload_box(self, file_upload_box: FileUploadBox) -> None:
         """Handle FileUploadBox update events from UCS.
diff --git a/tests/unit/test_api.py b/tests/unit/test_api.py
@@ -24,7 +24,7 @@
 from hexkit.utils import now_utc_ms_prec
 
 from tests.fixtures import ConfigFixture
-from uos.core.models import ResearchDataUploadBox
+from uos.core.models import GrantWithBoxInfo, ResearchDataUploadBox
 from uos.inject import prepare_rest_app
 from uos.ports.inbound.orchestrator import UploadOrchestratorPort
 from uos.ports.outbound.http import UCSClientPort
@@ -288,15 +288,15 @@ async def test_update_research_data_upload_box(
 async def test_grant_upload_access(
     config: ConfigFixture, ds_auth_headers, user_auth_headers, bad_auth_headers
 ):
-    """Test the POST /access-grant endpoint"""
+    """Test the POST /access-grants endpoint"""
     orchestrator = AsyncMock()
     async with (
         prepare_rest_app(
             config=config.config, upload_orchestrator_override=orchestrator
         ) as app,
         AsyncTestClient(app=app) as rest_client,
     ):
-        url = "/access-grant"
+        url = "/access-grants"
         request_data = {
             "user_id": str(uuid4()),
             "iva_id": str(uuid4()),
@@ -395,3 +395,113 @@ async def test_list_upload_box_files(
         orchestrator.get_upload_box_files.side_effect = TypeError()
         response = await rest_client.get(url, headers=user_auth_headers)
         assert response.status_code == 500
+
+
+async def test_revoke_upload_access_grant(
+    config: ConfigFixture, ds_auth_headers, user_auth_headers, bad_auth_headers
+):
+    """Test the DELETE /access-grants/{grant_id} endpoint"""
+    orchestrator = AsyncMock()
+    test_grant_id = uuid4()
+
+    async with (
+        prepare_rest_app(
+            config=config.config, upload_orchestrator_override=orchestrator
+        ) as app,
+        AsyncTestClient(app=app) as rest_client,
+    ):
+        url = f"/access-grants/{test_grant_id}"
+
+        # unauthenticated
+        response = await rest_client.delete(url)
+        assert response.status_code == 403
+
+        # bad credentials
+        response = await rest_client.delete(url, headers=bad_auth_headers)
+        assert response.status_code == 401
+
+        # normal response but user is not a data steward (no data_steward role)
+        response = await rest_client.delete(url, headers=user_auth_headers)
+        assert response.status_code == 403
+
+        # normal response with data steward role
+        orchestrator.revoke_upload_access_grant.return_value = None
+        response = await rest_client.delete(url, headers=ds_auth_headers)
+        assert response.status_code == 204
+
+        # handle grant not found error from core
+        orchestrator.reset_mock()
+        orchestrator.revoke_upload_access_grant.side_effect = (
+            UploadOrchestratorPort.GrantNotFoundError(grant_id=test_grant_id)
+        )
+        response = await rest_client.delete(url, headers=ds_auth_headers)
+        assert response.status_code == 404
+
+        # handle other exception
+        orchestrator.reset_mock()
+        orchestrator.revoke_upload_access_grant.side_effect = TypeError()
+        response = await rest_client.delete(url, headers=ds_auth_headers)
+        assert response.status_code == 500
+
+
+async def test_get_upload_access_grants(
+    config: ConfigFixture, ds_auth_headers, user_auth_headers, bad_auth_headers
+):
+    """Test the GET /access-grants endpoint"""
+    orchestrator = AsyncMock()
+    async with (
+        prepare_rest_app(
+            config=config.config, upload_orchestrator_override=orchestrator
+        ) as app,
+        AsyncTestClient(app=app) as rest_client,
+    ):
+        url = "/access-grants"
+
+        # unauthenticated
+        response = await rest_client.get(url)
+        assert response.status_code == 403
+
+        # bad credentials
+        response = await rest_client.get(url, headers=bad_auth_headers)
+        assert response.status_code == 401
+
+        # normal response but user is not a data steward (no data_steward role)
+        response = await rest_client.get(url, headers=user_auth_headers)
+        assert response.status_code == 403
+
+        test_grants = [
+            GrantWithBoxInfo(
+                id=uuid4(),
+                user_id=uuid4(),
+                iva_id=uuid4(),
+                box_id=TEST_BOX_ID,
+                created=now_utc_ms_prec(),
+                valid_from=now_utc_ms_prec(),
+                valid_until=now_utc_ms_prec() + timedelta(days=7),
+                user_name="Test User",
+                user_email="test@example.com",
+                user_title="Dr.",
+                title="Test Box",
+                description="Test box description",
+            )
+        ]
+        orchestrator.get_upload_access_grants.return_value = test_grants
+        response = await rest_client.get(url, headers=ds_auth_headers)
+        assert response.status_code == 200
+        assert response.json() == [
+            grant.model_dump(mode="json") for grant in test_grants
+        ]
+
+        # test with query parameters
+        response = await rest_client.get(
+            url,
+            headers=ds_auth_headers,
+            params={"user_id": str(uuid4()), "valid": "true"},
+        )
+        assert response.status_code == 200
+
+        # handle other exception
+        orchestrator.reset_mock()
+        orchestrator.get_upload_access_grants.side_effect = TypeError()
+        response = await rest_client.get(url, headers=ds_auth_headers)
+        assert response.status_code == 500
diff --git a/tests/unit/test_orchestrator.py b/tests/unit/test_orchestrator.py
@@ -386,3 +386,137 @@ async def test_get_research_data_upload_box_not_found(rig: JointRig):
 
     # Verify access check was called first
     rig.access_client.check_box_access.assert_called_once()  # type: ignore
+
+
+async def test_get_upload_access_grants_happy(rig: JointRig):
+    """Test the normal path for getting upload access grants."""
+    # First create a research data upload box
+    box_id = await rig.controller.create_research_data_upload_box(
+        title="Test Box",
+        description="Test Description",
+        storage_alias="HD01",
+        user_id=TEST_DS_ID,
+    )
+
+    # Create mock upload grants that would be returned by access client
+    test_user_id = uuid4()
+    test_iva_id = uuid4()
+    test_grant_id = uuid4()
+
+    mock_grants = [
+        models.UploadGrant(
+            id=test_grant_id,
+            user_id=test_user_id,
+            iva_id=test_iva_id,
+            box_id=box_id,
+            created=now_utc_ms_prec(),
+            valid_from=now_utc_ms_prec(),
+            valid_until=now_utc_ms_prec() + timedelta(days=7),
+            user_name="Test User",
+            user_email="test@example.com",
+            user_title="Dr.",
+        )
+    ]
+
+    # Mock the access client to return these grants
+    rig.access_client.get_upload_access_grants.return_value = mock_grants  # type: ignore
+
+    # Call the method
+    result = await rig.controller.get_upload_access_grants(
+        user_id=test_user_id,
+        iva_id=test_iva_id,
+        box_id=box_id,
+        valid=True,
+    )
+
+    # Verify the results
+    assert len(result) == 1
+    grant_with_info = result[0]
+    assert grant_with_info.id == test_grant_id
+    assert grant_with_info.user_id == test_user_id
+    assert grant_with_info.iva_id == test_iva_id
+    assert grant_with_info.box_id == box_id
+    assert grant_with_info.user_name == "Test User"
+    assert grant_with_info.user_email == "test@example.com"
+    assert grant_with_info.user_title == "Dr."
+    # These should come from the box
+    assert grant_with_info.title == "Test Box"
+    assert grant_with_info.description == "Test Description"
+
+    # Verify access client was called with correct parameters
+    rig.access_client.get_upload_access_grants.assert_called_once_with(  # type: ignore
+        user_id=test_user_id,
+        iva_id=test_iva_id,
+        box_id=box_id,
+        valid=True,
+    )
+
+
+async def test_get_upload_access_grants_box_missing(rig: JointRig, caplog):
+    """Test the case where grants returned from the access API include a grant with
+    a box ID that doesn't exist in the UOS. This test also checks that we emit a
+    WARNING log (but don't raise an error).
+    """
+    # Create one valid box
+    valid_box_id = await rig.controller.create_research_data_upload_box(
+        title="Valid Box",
+        description="Valid Description",
+        storage_alias="HD01",
+        user_id=TEST_DS_ID,
+    )
+
+    # Create mock upload grants - one with a valid box ID, one with an invalid box ID
+    test_user_id = uuid4()
+    invalid_box_id = uuid4()  # This box doesn't/won't exist
+
+    mock_grants = [
+        models.UploadGrant(
+            id=uuid4(),
+            user_id=test_user_id,
+            iva_id=uuid4(),
+            box_id=valid_box_id,  # This box exists
+            created=now_utc_ms_prec(),
+            valid_from=now_utc_ms_prec(),
+            valid_until=now_utc_ms_prec() + timedelta(days=7),
+            user_name="Test User",
+            user_email="test@example.com",
+            user_title="Dr.",
+        ),
+        models.UploadGrant(
+            id=uuid4(),
+            user_id=test_user_id,
+            iva_id=uuid4(),
+            box_id=invalid_box_id,  # This box doesn't exist
+            created=now_utc_ms_prec(),
+            valid_from=now_utc_ms_prec(),
+            valid_until=now_utc_ms_prec() + timedelta(days=7),
+            user_name="Test User 2",
+            user_email="test2@example.com",
+            user_title="Prof.",
+        ),
+    ]
+
+    # Mock the access client to return these grants
+    rig.access_client.get_upload_access_grants.return_value = mock_grants  # type: ignore
+
+    # Call the method
+    result = await rig.controller.get_upload_access_grants()
+
+    # Verify the results - should only contain the grant with the valid box
+    assert len(result) == 1
+    grant_with_info = result[0]
+    assert grant_with_info.box_id == valid_box_id
+    assert grant_with_info.title == "Valid Box"
+    assert grant_with_info.description == "Valid Description"
+
+    # Verify a warning was logged for the invalid box
+    assert caplog.records
+    warning_messages = [
+        record.message for record in caplog.records if record.levelname == "WARNING"
+    ]
+    assert len(warning_messages) >= 1
+    assert any(str(invalid_box_id) in msg for msg in warning_messages)
+    assert any("doesn't exist in UOS" in msg for msg in warning_messages)
+
+    # Verify access client was called
+    rig.access_client.get_upload_access_grants.assert_called_once()  # type: ignore
