diff --git a/services/web/server/src/simcore_service_webserver/groups_handlers.py b/services/web/server/src/simcore_service_webserver/groups_handlers.py index 4e5629ff8f9..2d20ec86873 100644 --- a/services/web/server/src/simcore_service_webserver/groups_handlers.py +++ b/services/web/server/src/simcore_service_webserver/groups_handlers.py @@ -20,7 +20,7 @@ # groups/ ------------------------------------------------------ @login_required -@permission_required("groups.*") +@permission_required("groups.read") async def list_groups(request: web.Request): user_id = request[RQT_USERID_KEY] primary_group, user_groups, all_group = await groups_api.list_user_groups( @@ -30,7 +30,7 @@ async def list_groups(request: web.Request): @login_required -@permission_required("groups.*") +@permission_required("groups.read") async def get_group(request: web.Request): user_id = request[RQT_USERID_KEY] gid = request.match_info["gid"] diff --git a/services/web/server/src/simcore_service_webserver/security_roles.py b/services/web/server/src/simcore_service_webserver/security_roles.py index 903056cd6b9..8e386c4a735 100644 --- a/services/web/server/src/simcore_service_webserver/security_roles.py +++ b/services/web/server/src/simcore_service_webserver/security_roles.py @@ -27,6 +27,7 @@ "project.update", "storage.locations.*", # "storage.datcore.read" "storage.files.*", + "groups.read", "project.open", "project.read", # "studies.user.read", # "studies.templates.read" diff --git a/services/web/server/tests/unit/with_dbs/test_groups.py b/services/web/server/tests/unit/with_dbs/test_groups.py index 884cfea7d53..72d6c87e00b 100644 --- a/services/web/server/tests/unit/with_dbs/test_groups.py +++ b/services/web/server/tests/unit/with_dbs/test_groups.py @@ -119,7 +119,9 @@ async def test_list_groups( assert str(url) == f"{PREFIX}" resp = await client.get(url) - data, error = await assert_status(resp, expected.ok) + data, error = await assert_status( + resp, expected.ok if user_role != UserRole.GUEST else web.HTTPOk + ) if not error: assert isinstance(data, dict) @@ -198,8 +200,10 @@ async def test_group_creation_workflow(client, logged_user, user_role, expected) assert str(url) == f"{PREFIX}" resp = await client.get(url) - data, error = await assert_status(resp, expected.ok) - if not error: + data, error = await assert_status( + resp, expected.ok if user_role != UserRole.GUEST else web.HTTPOk + ) + if not error and user_role != UserRole.GUEST: assert len(data["organizations"]) == 1 assert data["organizations"][0] == assigned_group @@ -207,7 +211,9 @@ async def test_group_creation_workflow(client, logged_user, user_role, expected) url = client.app.router["get_group"].url_for(gid=str(assigned_group["gid"])) assert str(url) == f"{PREFIX}/{assigned_group['gid']}" resp = await client.get(url) - data, error = await assert_status(resp, expected.ok) + data, error = await assert_status( + resp, expected.ok if user_role != UserRole.GUEST else web.HTTPNotFound + ) if not error: assert data == assigned_group @@ -226,7 +232,9 @@ async def test_group_creation_workflow(client, logged_user, user_role, expected) url = client.app.router["get_group"].url_for(gid=str(assigned_group["gid"])) assert str(url) == f"{PREFIX}/{assigned_group['gid']}" resp = await client.get(url) - data, error = await assert_status(resp, expected.ok) + data, error = await assert_status( + resp, expected.ok if user_role != UserRole.GUEST else web.HTTPNotFound + ) if not error: _assert_group(data) assert data == assigned_group @@ -249,7 +257,9 @@ async def test_group_creation_workflow(client, logged_user, user_role, expected) url = client.app.router["get_group"].url_for(gid=str(assigned_group["gid"])) assert str(url) == f"{PREFIX}/{assigned_group['gid']}" resp = await client.get(url) - data, error = await assert_status(resp, expected.not_found) + data, error = await assert_status( + resp, expected.not_found if user_role != UserRole.GUEST else web.HTTPNotFound + ) @pytest.mark.parametrize(*standard_role_response())