Add unit tests for api

src/registrar/config/urls.py

@@ -124,6 +124,11 @@ urlpatterns = [
         AnalyticsView.as_view(),
         name="analytics",
     ),
+    path(
+        "admin/api/get-senior-official-from-federal-agency-json/", 
+        get_senior_official_from_federal_agency_json, 
+        name="get-senior-official-from-federal-agency-json"
+    ),
     path("admin/", admin.site.urls),
     path(
         "reports/export_data_type_user/",
@@ -156,12 +161,6 @@ urlpatterns = [
     path("api/v1/available/", available, name="available"),
     path("api/v1/get-report/current-federal", get_current_federal, name="get-current-federal"),
     path("api/v1/get-report/current-full", get_current_full, name="get-current-full"),
-    # TODO convert to admin view
-    path(
-        "api/v1/get-senior-official-from-federal-agency-json/", 
-        get_senior_official_from_federal_agency_json, 
-        name="get-senior-official-from-federal-agency-json"
-    ),
     path(
         "todo",
         lambda r: always_404(r, "We forgot to include this link, sorry."),

src/registrar/tests/test_api.py

@@ -0,0 +1,64 @@
+from django.urls import reverse
+from django.test import TestCase, Client
+from registrar.models import FederalAgency, SeniorOfficial, User
+from django.contrib.auth import get_user_model
+from registrar.tests.common import create_superuser, create_user
+
+
+class GetSeniorOfficialJsonTest(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.user = get_user_model().objects.create_user(username="testuser", password="password")
+
+        self.superuser = create_superuser()
+        self.analyst_user = create_user()
+
+        self.agency = FederalAgency.objects.create(agency="Test Agency")
+        self.senior_official = SeniorOfficial.objects.create(
+            first_name="John", last_name="Doe", title="Director", federal_agency=self.agency
+        )
+
+        self.api_url = reverse("get-senior-official-from-federal-agency-json")
+
+    def tearDown(self):
+        User.objects.all().delete()
+        SeniorOfficial.objects.all().delete()
+        FederalAgency.objects.all().delete()
+
+    def test_get_senior_official_json_authenticated_superuser(self):
+        """Test that a superuser can fetch the senior official information."""
+        self.client.login(username="superuser", password="adminpass")
+        response = self.client.get(self.api_url, {"agency_name": "Test Agency"})
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertEqual(data["id"], self.senior_official.id)
+        self.assertEqual(data["first_name"], "John")
+        self.assertEqual(data["last_name"], "Doe")
+        self.assertEqual(data["title"], "Director")
+
+    def test_get_senior_official_json_authenticated_analyst(self):
+        """Test that an analyst user can fetch the senior official's information."""
+        self.client.login(username="staffuser", password="userpass")
+        response = self.client.get(self.api_url, {"agency_name": "Test Agency"})
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertEqual(data["id"], self.senior_official.id)
+        self.assertEqual(data["first_name"], "John")
+        self.assertEqual(data["last_name"], "Doe")
+        self.assertEqual(data["title"], "Director")
+
+    def test_get_senior_official_json_unauthenticated(self):
+        """Test that an unauthenticated user receives a 403 with an error message."""
+        self.client.login(username="testuser", password="password")
+        response = self.client.get(self.api_url, {"agency_name": "Test Agency"})
+        self.assertEqual(response.status_code, 403)
+        data = response.json()
+        self.assertEqual(data["error"], "You do not have access to this resource")
+
+    def test_get_senior_official_json_not_found(self):
+        """Test that a request for a non-existent agency returns a 404 with an error message."""
+        self.client.login(username="superuser", password="adminpass")
+        response = self.client.get(self.api_url, {"agency_name": "Non-Federal Agency"})
+        self.assertEqual(response.status_code, 404)
+        data = response.json()
+        self.assertEqual(data["error"], "Senior Official not found")

src/registrar/views/utility/api_views.py

@@ -14,12 +14,11 @@ logger = logging.getLogger(__name__)
 def get_senior_official_from_federal_agency_json(request):
     """Returns federal_agency information as a JSON"""
 
-    # This API is only accessible to admins
+    # This API is only accessible to admins and analysts
     superuser_perm = request.user.has_perm("registrar.full_access_permission")
     analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
     if not request.user.is_authenticated or not analyst_perm or not superuser_perm:
-        # We intentionally don't return anything here
+        return JsonResponse({"error": "You do not have access to this resource"}, status=403)
-        return {}
 
     agency_name = request.GET.get("agency_name")
     agency = FederalAgency.objects.filter(agency=agency_name).first()
@@ -29,4 +28,4 @@ def get_senior_official_from_federal_agency_json(request):
         so_dict = model_to_dict(senior_official)
         return JsonResponse(so_dict)
     else:
-        return JsonResponse({"error": "Senior Official not found"})
+        return JsonResponse({"error": "Senior Official not found"}, status=404)