Enforce authorization when getting a request

2018-08-30 13:19:12 -04:00
parent e7aed35054
commit d785f19b5b
8 changed files with 65 additions and 41 deletions
--- a/tests/domain/test_requests.py
+++ b/tests/domain/test_requests.py
@@ -21,14 +21,15 @@ def new_request(session):


 def test_can_get_request(new_request):
-    request = Requests.get(new_request.id)
+    request = Requests.get(new_request.creator, new_request.id)

    assert request.id == new_request.id


 def test_nonexistent_request_raises():
+    a_user = UserFactory.build()
    with pytest.raises(NotFoundError):
-        Requests.get(uuid4())
+        Requests.get(a_user, uuid4())


 def test_new_request_has_started_status():