Add unit tests for api

2025-07-14 06:55:08 +02:00 · 2024-08-08 09:53:37 -06:00 · 2024-08-08 09:53:37 -06:00 · e90ef9ba98
commit e90ef9ba98
parent a2f87c7084
4 changed files with 73 additions and 11 deletions
--- a/src/registrar/assets/js/get-gov-admin.js
+++ b/src/registrar/assets/js/get-gov-admin.js
@ -863,4 +863,4 @@ function initializeWidgetOnList(list, parentId) {
            hideElement(urbanizationField)
        }
    }
-})();
+})();
--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@ -124,6 +124,11 @@ urlpatterns = [
        AnalyticsView.as_view(),
        name="analytics",
    ),
+    path(
+        "admin/api/get-senior-official-from-federal-agency-json/", 
+        get_senior_official_from_federal_agency_json, 
+        name="get-senior-official-from-federal-agency-json"
+    ),
    path("admin/", admin.site.urls),
    path(
        "reports/export_data_type_user/",
@ -156,12 +161,6 @@ urlpatterns = [
    path("api/v1/available/", available, name="available"),
    path("api/v1/get-report/current-federal", get_current_federal, name="get-current-federal"),
    path("api/v1/get-report/current-full", get_current_full, name="get-current-full"),
-    # TODO convert to admin view
-    path(
-        "api/v1/get-senior-official-from-federal-agency-json/", 
-        get_senior_official_from_federal_agency_json, 
-        name="get-senior-official-from-federal-agency-json"
-    ),
    path(
        "todo",
        lambda r: always_404(r, "We forgot to include this link, sorry."),
--- a/src/registrar/tests/test_api.py
+++ b/src/registrar/tests/test_api.py
@ -0,0 +1,64 @@
+from django.urls import reverse
+from django.test import TestCase, Client
+from registrar.models import FederalAgency, SeniorOfficial, User
+from django.contrib.auth import get_user_model
+from registrar.tests.common import create_superuser, create_user
+
+
+class GetSeniorOfficialJsonTest(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.user = get_user_model().objects.create_user(username="testuser", password="password")
+
+        self.superuser = create_superuser()
+        self.analyst_user = create_user()
+
+        self.agency = FederalAgency.objects.create(agency="Test Agency")
+        self.senior_official = SeniorOfficial.objects.create(
+            first_name="John", last_name="Doe", title="Director", federal_agency=self.agency
+        )
+
+        self.api_url = reverse("get-senior-official-from-federal-agency-json")
+
+    def tearDown(self):
+        User.objects.all().delete()
+        SeniorOfficial.objects.all().delete()
+        FederalAgency.objects.all().delete()
+
+    def test_get_senior_official_json_authenticated_superuser(self):
+        """Test that a superuser can fetch the senior official information."""
+        self.client.login(username="superuser", password="adminpass")
+        response = self.client.get(self.api_url, {"agency_name": "Test Agency"})
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertEqual(data["id"], self.senior_official.id)
+        self.assertEqual(data["first_name"], "John")
+        self.assertEqual(data["last_name"], "Doe")
+        self.assertEqual(data["title"], "Director")
+
+    def test_get_senior_official_json_authenticated_analyst(self):
+        """Test that an analyst user can fetch the senior official's information."""
+        self.client.login(username="staffuser", password="userpass")
+        response = self.client.get(self.api_url, {"agency_name": "Test Agency"})
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertEqual(data["id"], self.senior_official.id)
+        self.assertEqual(data["first_name"], "John")
+        self.assertEqual(data["last_name"], "Doe")
+        self.assertEqual(data["title"], "Director")
+
+    def test_get_senior_official_json_unauthenticated(self):
+        """Test that an unauthenticated user receives a 403 with an error message."""
+        self.client.login(username="testuser", password="password")
+        response = self.client.get(self.api_url, {"agency_name": "Test Agency"})
+        self.assertEqual(response.status_code, 403)
+        data = response.json()
+        self.assertEqual(data["error"], "You do not have access to this resource")
+
+    def test_get_senior_official_json_not_found(self):
+        """Test that a request for a non-existent agency returns a 404 with an error message."""
+        self.client.login(username="superuser", password="adminpass")
+        response = self.client.get(self.api_url, {"agency_name": "Non-Federal Agency"})
+        self.assertEqual(response.status_code, 404)
+        data = response.json()
+        self.assertEqual(data["error"], "Senior Official not found")
--- a/src/registrar/views/utility/api_views.py
+++ b/src/registrar/views/utility/api_views.py
@ -14,12 +14,11 @@ logger = logging.getLogger(__name__)
 def get_senior_official_from_federal_agency_json(request):
    """Returns federal_agency information as a JSON"""

-    # This API is only accessible to admins
+    # This API is only accessible to admins and analysts
    superuser_perm = request.user.has_perm("registrar.full_access_permission")
    analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
    if not request.user.is_authenticated or not analyst_perm or not superuser_perm:
-        # We intentionally don't return anything here
-        return {}
+        return JsonResponse({"error": "You do not have access to this resource"}, status=403)

    agency_name = request.GET.get("agency_name")
    agency = FederalAgency.objects.filter(agency=agency_name).first()
@ -29,4 +28,4 @@ def get_senior_official_from_federal_agency_json(request):
        so_dict = model_to_dict(senior_official)
        return JsonResponse(so_dict)
    else:
-        return JsonResponse({"error": "Senior Official not found"})
+        return JsonResponse({"error": "Senior Official not found"}, status=404)