Source code for galaxy_test.api.test_framework

# This file doesn't test any API in particular but is meant to functionally
# test the API framework itself.
from galaxy_test.base.decorators import requires_admin
from ._framework import ApiTestCase

[docs]class TestApiFramework(ApiTestCase):
[docs] def test_default_xframe_options(self): get_response = self._get("licenses") assert get_response.headers["x-frame-options"] == "SAMEORIGIN"
# Next several tests test the API's run_as functionality.
[docs] def test_user_cannont_run_as(self): run_as_user = self._setup_user("") post_data = dict(name="TestHistory1") # Normal user cannot run_as... create_response = self._post( "histories", data=post_data, headers={"run-as": run_as_user["id"]}, ) self._assert_status_code_is(create_response, 403)
[docs] @requires_admin def test_run_as_invalid_user(self): post_data = dict(name="TestHistory1") # admin user can run_as, but this user doesn't exist, expect 400. create_response = self._post( "histories", data=post_data, headers={"run-as": "another_user"}, admin=True, ) self._assert_status_code_is(create_response, 400)
[docs] @requires_admin def test_run_as_valid_user(self): run_as_user = self._setup_user("") post_data = dict(name="TestHistory1") # Use run_as with admin user and for another user just created, this # should work. create_response = self._post( "histories", data=post_data, headers={"run-as": run_as_user["id"]}, admin=True, ) self._assert_status_code_is(create_response, 200)