From 04f06e00ff94cd25b61cc1cea3ae38ec0ef7dda9 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 27 Apr 2021 17:04:38 +0200
Subject: [PATCH] api: add tests for permission_required decorator

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/api/tests/test_decorators.py | 33 ++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 authentik/api/tests/test_decorators.py

diff --git a/authentik/api/tests/test_decorators.py b/authentik/api/tests/test_decorators.py
new file mode 100644
index 000000000..d7091280a
--- /dev/null
+++ b/authentik/api/tests/test_decorators.py
@@ -0,0 +1,33 @@
+"""test decorators api"""
+from django.urls import reverse
+from guardian.shortcuts import assign_perm
+from rest_framework.test import APITestCase
+
+from authentik.core.models import Application, User
+
+
+class TestAPIDecorators(APITestCase):
+    """test decorators api"""
+
+    def setUp(self) -> None:
+        super().setUp()
+        self.user = User.objects.create(username="test-user")
+
+    def test_obj_perm_denied(self):
+        """Test object perm denied"""
+        self.client.force_login(self.user)
+        app = Application.objects.create(name="denied", slug="denied")
+        response = self.client.get(
+            reverse("authentik_api:application-metrics", kwargs={"slug": app.slug})
+        )
+        self.assertEqual(response.status_code, 403)
+
+    def test_other_perm_denied(self):
+        """Test other perm denied"""
+        self.client.force_login(self.user)
+        app = Application.objects.create(name="denied", slug="denied")
+        assign_perm("authentik_core.view_application", self.user, app)
+        response = self.client.get(
+            reverse("authentik_api:application-metrics", kwargs={"slug": app.slug})
+        )
+        self.assertEqual(response.status_code, 403)