3 files changed, 91 insertions, 70 deletions

diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index f22a8cf..16df56e 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -6,10 +6,9 @@ from pymonad.maybe import Nothing
 
 from gn_auth.auth.db import sqlite3 as db
 from gn_auth.auth.errors import AuthorisationError
-from gn_auth.auth.authorisation.roles import Role
 from gn_auth.auth.authorisation.privileges import Privilege
 from gn_auth.auth.authorisation.resources.groups.models import (
-    Group, GroupRole, user_group, create_group, create_group_role)
+    Group, user_group, create_group, create_group_role)
 
 from tests.unit.auth import conftest
 
@@ -126,40 +125,6 @@ create_role_failure = {
     "message": "Unauthorised: Could not create the group role"
 }
 
-@pytest.mark.skip("Keep as placeholder until we implement test for creating "
-                  "a resource role.")
-@pytest.mark.unit_test
-@pytest.mark.parametrize(
-    "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
-        GroupRole(
-            UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
-            GROUP,
-            Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
-                 "ResourceEditor", True, PRIVILEGES)),))))
-def test_create_group_role(mocker, fxtr_users_in_group, fxtr_oauth2_clients, user, expected):
-    """
-    GIVEN: an authenticated user
-    WHEN: the user attempts to create a role, attached to a group
-    THEN: verify they are only able to create the role if they have the
-        appropriate privileges and that the role is attached to the given group
-    """
-    _conn, clients = fxtr_oauth2_clients
-    mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
-    mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
-    mocker.patch(
-        "gn_auth.auth.authorisation.checks.require_oauth.acquire",
-        conftest.get_tokeniser(
-            user,
-            tuple(client for client in clients if client.user == user)[0]))
-    conn, _group, _users = fxtr_users_in_group
-    with db.cursor(conn) as cursor:
-        assert create_group_role(
-            conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
-        # cleanup
-        cursor.execute(
-            ("DELETE FROM group_roles "
-             "WHERE group_role_id=? AND group_id=? AND role_id=?"),
-            (str(conftest.uuid_fn()), str(GROUP.group_id), str(conftest.uuid_fn())))
 
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
diff --git a/tests/unit/auth/test_resources_roles.py b/tests/unit/auth/test_resources_roles.py
new file mode 100644
index 0000000..39a198f
--- /dev/null
+++ b/tests/unit/auth/test_resources_roles.py
@@ -0,0 +1,90 @@
+"""Tests for roles for a specific resource."""
+from uuid import UUID
+
+import pytest
+
+from gn_auth.auth.db import sqlite3 as db
+from gn_auth.auth.authorisation.privileges import Privilege
+from gn_auth.auth.authorisation.roles.models import Role, create_role
+from gn_auth.auth.authorisation.resources.groups.models import (
+    GroupRole,
+    create_group_role)
+
+from tests.unit.auth import conftest
+
+
+GROUP = conftest.TEST_GROUP_01
+PRIVILEGES = (
+    Privilege("group:resource:view-resource",
+              "view a resource and use it in computations"),
+    Privilege("group:resource:edit-resource", "edit/update a resource"))
+
+
+@pytest.mark.skip("Keep as placeholder until we implement test for creating "
+                  "a resource role.")
+@pytest.mark.unit_test
+@pytest.mark.parametrize(
+    "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
+        GroupRole(
+            UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+            GROUP,
+            Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+                 "ResourceEditor", True, PRIVILEGES)),))))
+def test_create_group_role(mocker, fxtr_users_in_group, fxtr_oauth2_clients, user, expected):
+    """
+    GIVEN: an authenticated user
+    WHEN: the user attempts to create a role, attached to a group
+    THEN: verify they are only able to create the role if they have the
+        appropriate privileges and that the role is attached to the given group
+    """
+    _conn, clients = fxtr_oauth2_clients
+    mocker.patch("gn_auth.auth.authorisation.resources.groups.models.uuid4", conftest.uuid_fn)
+    mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
+    mocker.patch(
+        "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+        conftest.get_tokeniser(
+            user,
+            tuple(client for client in clients if client.user == user)[0]))
+    conn, _group, _users = fxtr_users_in_group
+    with db.cursor(conn) as cursor:
+        assert create_group_role(
+            conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
+        # cleanup
+        cursor.execute(
+            ("DELETE FROM group_roles "
+             "WHERE group_role_id=? AND group_id=? AND role_id=?"),
+            (str(conftest.uuid_fn()), str(GROUP.group_id), str(conftest.uuid_fn())))
+
+
+@pytest.mark.skip(
+    "This needs to be replaced by tests for creation of resource roles.")
+@pytest.mark.unit_test
+@pytest.mark.parametrize(
+    "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
+        Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
+             True, PRIVILEGES),))))
+def test_create_role(# pylint: disable=[too-many-arguments, unused-argument]
+        fxtr_app,
+        auth_testdb_path,
+        mocker,
+        fxtr_users,
+        fxtr_oauth2_clients,
+        user,
+        expected
+):
+    """
+    GIVEN: an authenticated user
+    WHEN: the user attempts to create a role
+    THEN: verify they are only able to create the role if they have the
+          appropriate privileges
+    """
+    _conn, clients = fxtr_oauth2_clients
+    mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
+    mocker.patch(
+        "gn_auth.auth.authorisation.checks.require_oauth.acquire",
+        conftest.get_tokeniser(
+            user,
+            tuple(client for client in clients if client.user == user)[0]))
+    with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
+        the_role = create_role(cursor, "a_test_role", PRIVILEGES)
+        assert the_role == expected
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index b9d1183..251defb 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -22,40 +22,6 @@ PRIVILEGES = (
     Privilege("group:resource:edit-resource", "edit/update a resource"))
 
 
-@pytest.mark.skip(
-    "This needs to be replaced by tests for creation of resource roles.")
-@pytest.mark.unit_test
-@pytest.mark.parametrize(
-    "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
-        Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
-             True, PRIVILEGES),))))
-def test_create_role(# pylint: disable=[too-many-arguments, unused-argument]
-        fxtr_app,
-        auth_testdb_path,
-        mocker,
-        fxtr_users,
-        fxtr_oauth2_clients,
-        user,
-        expected
-):
-    """
-    GIVEN: an authenticated user
-    WHEN: the user attempts to create a role
-    THEN: verify they are only able to create the role if they have the
-          appropriate privileges
-    """
-    _conn, clients = fxtr_oauth2_clients
-    mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
-    mocker.patch(
-        "gn_auth.auth.authorisation.checks.require_oauth.acquire",
-        conftest.get_tokeniser(
-            user,
-            tuple(client for client in clients if client.user == user)[0]))
-    with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
-        the_role = create_role(cursor, "a_test_role", PRIVILEGES)
-        assert the_role == expected
-
-
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
     "user,expected", tuple(zip(conftest.TEST_USERS[1:], (