auth: Implement `create_resource` function

* gn3/auth/authentication/checks.py: new `authenticated_p` decorator to apply
  on any function that requires the user to be authenticated before it runs.
* gn3/auth/authorisation/checks.py: use a `auth.authentication.users.User`
  object rather than a UUID object in the global `g`.
* gn3/auth/authorisation/groups.py: Implement the `authenticated_user_group`
  function to get the group(s) in which the currently authenticated user
  belongs.
* gn3/auth/authorisation/resources.py: Implement the `create_resource`
  function correctly.
* tests/unit/auth/conftest.py: extract the User objects into a global variable
  for reusability with the tests.
* tests/unit/auth/test_resources.py: Use global user objects from conftest in
  the tests. Set a User object (rather than UUID) in the global `g` variable.

2 files changed, 29 insertions, 22 deletions

diff --git a/tests/unit/auth/conftest.py b/tests/unit/auth/conftest.py
index 37d78a3..e582640 100644
--- a/tests/unit/auth/conftest.py
+++ b/tests/unit/auth/conftest.py
@@ -65,29 +65,30 @@ def test_group(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na
 
     yield (conn_after_auth_migrations, Group(group_id, group_name))
 
+TEST_USERS = (
+        User(uuid.UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er",
+             "Group Leader"),
+        User(uuid.UUID("21351b66-8aad-475b-84ac-53ce528451e3"),
+             "group@mem.ber01", "Group Member 01"),
+        User(uuid.UUID("ae9c6245-0966-41a5-9a5e-20885a96bea7"),
+             "group@mem.ber02", "Group Member 02"),
+        User(uuid.UUID("9a0c7ce5-2f40-4e78-979e-bf3527a59579"),
+             "unaff@iliated.user", "Unaffiliated User"))
+
 @pytest.fixture(scope="function")
 def test_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-name]
     """Fixture: setup test users."""
     query = "INSERT INTO users(user_id, email, name) VALUES (?, ?, ?)"
     query_user_roles = "INSERT INTO user_roles(user_id, role_id) VALUES (?, ?)"
-    the_users = (
-        ("ecb52977-3004-469e-9428-2a1856725c7f", "group@lead.er",
-         "Group Leader"),
-        ("21351b66-8aad-475b-84ac-53ce528451e3", "group@mem.ber01",
-         "Group Member 01"),
-        ("ae9c6245-0966-41a5-9a5e-20885a96bea7", "group@mem.ber02",
-         "Group Member 02"),
-        ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", "unaff@iliated.user",
-         "Unaffiliated User"))
     test_user_roles = (
         ("ecb52977-3004-469e-9428-2a1856725c7f",
          "a0e67630-d502-4b9f-b23f-6805d0f30e30"),)
     with db.cursor(conn_after_auth_migrations) as cursor:
-        cursor.executemany(query, the_users)
+        cursor.executemany(query, (
+            (str(user.user_id), user.email, user.name) for user in TEST_USERS))
         cursor.executemany(query_user_roles, test_user_roles)
 
-    yield (conn_after_auth_migrations, tuple(
-        User(uuid.UUID(uid), email, name) for uid, email, name in the_users))
+    yield (conn_after_auth_migrations, TEST_USERS)
 
     with db.cursor(conn_after_auth_migrations) as cursor:
         cursor.executemany(
diff --git a/tests/unit/auth/test_resources.py b/tests/unit/auth/test_resources.py
index 04d0017..aaf22e6 100644
--- a/tests/unit/auth/test_resources.py
+++ b/tests/unit/auth/test_resources.py
@@ -7,6 +7,8 @@ from gn3.auth.authorisation.groups import Group
 from gn3.auth.authorisation.resources import (
     Resource, create_resource, ResourceCategory)
 
+from tests.unit.auth import conftest
+
 group = Group(uuid.UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup")
 resource_category = ResourceCategory(
     uuid.UUID("fad071a3-2fc8-40b8-992b-cdefe7dcac79"), "mrna", "mRNA Dataset")
@@ -14,20 +16,24 @@ create_resource_failure = {
     "status": "error",
     "message": "Unauthorised: Could not create resource"
 }
+uuid_fn = lambda : uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b")
 
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
-    "user_id,expected", (
-    ("ecb52977-3004-469e-9428-2a1856725c7f", Resource(
-        group, uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
-        "test_resource", resource_category)),
-    ("21351b66-8aad-475b-84ac-53ce528451e3", create_resource_failure),
-    ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_resource_failure),
-    ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_resource_failure),
-    ("e614247d-84d2-491d-a048-f80b578216cb", create_resource_failure)))
-def test_create_resource(test_app, test_users_in_group, user_id, expected):
+    "user,expected",
+    tuple(zip(
+        conftest.TEST_USERS,
+        (Resource(
+            group, uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+            "test_resource", resource_category),
+         create_resource_failure,
+         create_resource_failure,
+         create_resource_failure,
+         create_resource_failure))))
+def test_create_resource(mocker, test_app, test_users_in_group, user, expected):
     """Test that resource creation works as expected."""
+    mocker.patch("gn3.auth.authorisation.resources.uuid4", uuid_fn)
     conn, _group, _users = test_users_in_group
     with test_app.app_context() as flask_context:
-        flask_context.g.user_id = uuid.UUID(user_id)
+        flask_context.g.user = user
         assert create_resource(conn, "test_resource", resource_category) == expected