[Feature] Create API Key Authenticaton for v1 API (#327)

Add API key authentication to v1 API Also includes: - management command to create keys for users - Improvements to API tests Minor: - more robust way to start docker dev container. Reviewed-on: enviPath/enviPy#327 Co-authored-by: Tobias O <tobias.olenyi@envipath.com> Co-committed-by: Tobias O <tobias.olenyi@envipath.com>
2026-02-11 02:29:54 +13:00
parent c0cfdb9255
commit 5789f20e7f
15 changed files with 282 additions and 165 deletions
--- a/epapi/tests/v1/test_api_permissions.py
+++ b/epapi/tests/v1/test_api_permissions.py
@ -261,13 +261,6 @@ class GlobalCompoundListPermissionTest(APIPermissionTestBase):
        self.assertEqual(response.status_code, 200)
        payload = response.json()

-        # user2 should see compounds from:
-        # - reviewed_package (public)
-        # - unreviewed_package_read (READ permission)
-        # - unreviewed_package_write (WRITE permission)
-        # - unreviewed_package_all (ALL permission)
-        # - group_package (via group membership)
-        # Total: 5 compounds
        self.assertEqual(payload["total_items"], 5)

        visible_uuids = {item["uuid"] for item in payload["items"]}
@ -303,54 +296,6 @@ class GlobalCompoundListPermissionTest(APIPermissionTestBase):
        # user1 owns all packages, so sees all compounds
        self.assertEqual(payload["total_items"], 7)

-    def test_read_permission_allows_viewing(self):
-        """READ permission allows viewing compounds."""
-        self.client.force_login(self.user2)
-        response = self.client.get(self.ENDPOINT)
-
-        self.assertEqual(response.status_code, 200)
-        payload = response.json()
-
-        # Check that read_compound is included
-        uuids = [item["uuid"] for item in payload["items"]]
-        self.assertIn(str(self.read_compound.uuid), uuids)
-
-    def test_write_permission_allows_viewing(self):
-        """WRITE permission also allows viewing compounds."""
-        self.client.force_login(self.user2)
-        response = self.client.get(self.ENDPOINT)
-
-        self.assertEqual(response.status_code, 200)
-        payload = response.json()
-
-        # Check that write_compound is included
-        uuids = [item["uuid"] for item in payload["items"]]
-        self.assertIn(str(self.write_compound.uuid), uuids)
-
-    def test_all_permission_allows_viewing(self):
-        """ALL permission allows viewing compounds."""
-        self.client.force_login(self.user2)
-        response = self.client.get(self.ENDPOINT)
-
-        self.assertEqual(response.status_code, 200)
-        payload = response.json()
-
-        # Check that all_compound is included
-        uuids = [item["uuid"] for item in payload["items"]]
-        self.assertIn(str(self.all_compound.uuid), uuids)
-
-    def test_group_permission_allows_viewing(self):
-        """Group membership grants access to group-permitted packages."""
-        self.client.force_login(self.user2)
-        response = self.client.get(self.ENDPOINT)
-
-        self.assertEqual(response.status_code, 200)
-        payload = response.json()
-
-        # Check that group_compound is included
-        uuids = [item["uuid"] for item in payload["items"]]
-        self.assertIn(str(self.group_compound.uuid), uuids)
-

@tag("api", "end2end")
 class PackageScopedCompoundListPermissionTest(APIPermissionTestBase):