1 files changed, 14 insertions, 35 deletions

diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index b9d1183..b7512ef 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -22,45 +22,11 @@ PRIVILEGES = (
     Privilege("group:resource:edit-resource", "edit/update a resource"))
 
 
-@pytest.mark.skip(
-    "This needs to be replaced by tests for creation of resource roles.")
-@pytest.mark.unit_test
-@pytest.mark.parametrize(
-    "user,expected", tuple(zip(conftest.TEST_USERS[0:1], (
-        Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
-             True, PRIVILEGES),))))
-def test_create_role(# pylint: disable=[too-many-arguments, unused-argument]
-        fxtr_app,
-        auth_testdb_path,
-        mocker,
-        fxtr_users,
-        fxtr_oauth2_clients,
-        user,
-        expected
-):
-    """
-    GIVEN: an authenticated user
-    WHEN: the user attempts to create a role
-    THEN: verify they are only able to create the role if they have the
-          appropriate privileges
-    """
-    _conn, clients = fxtr_oauth2_clients
-    mocker.patch("gn_auth.auth.authorisation.roles.models.uuid4", conftest.uuid_fn)
-    mocker.patch(
-        "gn_auth.auth.authorisation.checks.require_oauth.acquire",
-        conftest.get_tokeniser(
-            user,
-            tuple(client for client in clients if client.user == user)[0]))
-    with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
-        the_role = create_role(cursor, "a_test_role", PRIVILEGES)
-        assert the_role == expected
-
-
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
     "user,expected", tuple(zip(conftest.TEST_USERS[1:], (
         create_role_failure, create_role_failure, create_role_failure))))
-def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[too-many-arguments, unused-argument]
+def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[too-many-arguments, unused-argument, too-many-positional-arguments]
         fxtr_app,
         auth_testdb_path,
         mocker,
@@ -149,6 +115,10 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
                 user_editable=False,
                 privileges=(
                     Privilege(
+                        "group:data:link-to-group",
+                        "Allow linking data to only one specific group."),
+
+                    Privilege(
                         privilege_id="group:resource:create-resource",
                         privilege_description="Create a resource object"),
                     Privilege(
@@ -167,6 +137,15 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
                         privilege_id="group:user:remove-group-member",
                         privilege_description="Remove a user from a group"),
                     Privilege(
+                        privilege_id="resource:role:create-role",
+                        privilege_description="Create a new role on a specific resource"),
+                    Privilege(
+                        privilege_id="resource:role:delete-role",
+                        privilege_description="Delete an existing role from a specific resource"),
+                    Privilege(
+                        privilege_id="resource:role:edit-role",
+                        privilege_description="Edit an existing role on a specific resource"),
+                    Privilege(
                         privilege_id="system:group:delete-group",
                         privilege_description="Delete a group"),
                     Privilege(