Fix failing test cases after revision of 403 status codes.

tests/backend/integration/api/organisations/test_resources.py

@@ -74,13 +74,13 @@ def test_get_all_org_includes_managers_if_user_is_authenticated(self):
             response_body[0]["managers"][0]["username"], self.test_author.username
         )
 
-    def test_get_all_org_raises_error_if_filter_by_manager_id__on_unauthenticated_request(
+    def test_get_all_org_raises_error_if_filter_by_manager_id_on_unauthenticated_request(
         self,
     ):
         "Test 403 is returned if filter by manager id on unauthenticated request"
 
         response = self.client.get(f"{self.endpoint_url}?manager_user_id=2")
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 401)
 
     def test_get_all_org_includes_stats_if_omit_stats_set_false(self):
         """Test stats are not returned is omitOrgStats is set to False"""
@@ -283,7 +283,7 @@ def test_delete_org_with_projects_fails(self):
             headers={"Authorization": self.session_token},
         )
         response_body = response.get_json()
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response_body["Error"], "Organisation has some projects")
         self.assertEqual(response_body["SubCode"], "OrgHasProjects")
 

tests/backend/integration/api/projects/test_resources.py

@@ -101,7 +101,7 @@ def test_project_with_mapped_tasks_cannot_be_deleted(self):
             self.url, headers={"Authorization": self.author_session_token}
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "HasMappedTasks")
 
     def test_org_manager_can_delete_project(self):

tests/backend/integration/api/system/test_authentication.py

@@ -210,7 +210,7 @@ def test_returns_404_if_user_does_not_exist(self):
         self.assertEqual(error_details["sub_code"], USER_NOT_FOUND_SUB_CODE)
         self.assertEqual(error_details["message"], USER_NOT_FOUND_MESSAGE)
 
-    def test_returns_403_if_invalid_email_token(self):
+    def test_returns_400_if_invalid_email_token(self):
         # Arrange
         user = return_canned_user(USERNAME, USER_ID)
         user.create()
@@ -219,7 +219,7 @@ def test_returns_403_if_invalid_email_token(self):
             self.url, query_string={"token": "1234", "username": USERNAME}
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 400)
         self.assertEqual(response.json["SubCode"], "BadSignature")
         self.assertEqual(response.json["Error"], " Bad Token Signature")
 
@@ -239,11 +239,11 @@ def test_returns_403_if_expired_email_token(self, mock_is_valid_token):
             self.url, query_string={"token": token, "username": USERNAME}
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 400)
         self.assertEqual(response.json["SubCode"], "ExpiredToken")
         self.assertEqual(response.json["Error"], " Token has expired")
 
-    def test_returns_403_if_token_and_email_mismatch(self):
+    def test_returns_400_if_token_and_email_mismatch(self):
         # Arrange
         user = return_canned_user(USERNAME, USER_ID)
         user.email_address = "test_email_2"
@@ -257,7 +257,7 @@ def test_returns_403_if_token_and_email_mismatch(self):
             self.url, query_string={"token": token, "username": USERNAME}
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 400)
         self.assertEqual(response.json["SubCode"], "InvalidEmail")
         self.assertEqual(response.json["Error"], " Email address does not match token")
 

tests/backend/integration/api/tasks/test_actions.py

@@ -386,10 +386,10 @@ def test_mapping_lock_returns_403_for_if_user_not_allowed_to_map(
         )
 
     @patch.object(ProjectAdminService, "is_user_action_permitted_on_project")
-    def test_mapping_lock_returns_403_if_task_in_invalid_state_for_mapping(
+    def test_mapping_lock_returns_409_if_task_in_invalid_state_for_mapping(
         self, mock_pm_role
     ):
-        """Test returns 403 if task is in invalid state for mapping. i.e. not in READY or INVALIDATED state."""
+        """Test returns 409 if task is in invalid state for mapping. i.e. not in READY or INVALIDATED state."""
         # Arrange
         mock_pm_role.return_value = True
         # Act
@@ -398,7 +398,7 @@ def test_mapping_lock_returns_403_if_task_in_invalid_state_for_mapping(
         )
         # Assert
         # As Task 1 is in MAPPED state, it should not be allowed to be locked for mapping.
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "InvalidTaskState")
 
         # Arrange
@@ -411,7 +411,7 @@ def test_mapping_lock_returns_403_if_task_in_invalid_state_for_mapping(
         )
         # Assert
         # As Task 1 is in VALIDATED state, it should not be allowed to be locked for mapping.
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "InvalidTaskState")
 
     @patch.object(UserService, "has_user_accepted_license")
@@ -513,20 +513,20 @@ def test_mapping_unlock_returns_404_for_invalid_task_id(self):
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json["error"]["sub_code"], TASK_NOT_FOUND_SUB_CODE)
 
-    def test_mapping_unlock_returns_403_if_task_not_locked_for_mapping(self):
-        """Test returns 403 if task is not locked for mapping."""
+    def test_mapping_unlock_returns_409_if_task_not_locked_for_mapping(self):
+        """Test returns 409 if task is not locked for mapping."""
         # Act
         response = self.client.post(
             self.url,
             headers={"Authorization": self.user_session_token},
             json={"status": "MAPPED"},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "LockBeforeUnlocking")
 
-    def test_mapping_unlock_returns_403_if_task_locked_by_other_user(self):
-        """Test returns 403 if task is locked by other user."""
+    def test_mapping_unlock_returns_409_if_task_locked_by_other_user(self):
+        """Test returns 409 if task is locked by other user."""
         # Arrange
         task = Task.get(1, self.test_project.id)
         task.task_status = TaskStatus.LOCKED_FOR_MAPPING.value
@@ -539,11 +539,11 @@ def test_mapping_unlock_returns_403_if_task_locked_by_other_user(self):
             json={"status": "MAPPED"},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "TaskNotOwned")
 
-    def test_returns_403_if_invalid_new_state_passed(self):
-        """Test returns 403 if invalid new state passed as new task state should be READY, MAPPED or BADIMAGERY."""
+    def test_returns_409_if_invalid_new_state_passed(self):
+        """Test returns 409 if invalid new state passed as new task state should be READY, MAPPED or BADIMAGERY."""
         # Arrange
         task = Task.get(1, self.test_project.id)
         task.task_status = TaskStatus.LOCKED_FOR_MAPPING.value
@@ -556,7 +556,7 @@ def test_returns_403_if_invalid_new_state_passed(self):
             json={"status": "INVALIDATED"},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "InvalidUnlockState")
 
     def test_mapping_unlock_returns_200_on_success(self):
@@ -664,11 +664,11 @@ def test_mapping_stop_returns_403_if_task_not_locked_for_mapping(self):
             headers={"Authorization": self.user_session_token},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "LockBeforeUnlocking")
 
-    def test_mapping_stop_returns_403_if_task_locked_by_other_user(self):
-        """Test returns 403 if task locked by other user."""
+    def test_mapping_stop_returns_409_if_task_locked_by_other_user(self):
+        """Test returns 409 if task locked by other user."""
         # Arrange
         task = Task.get(1, self.test_project.id)
         task.task_status = TaskStatus.LOCKED_FOR_MAPPING.value
@@ -680,7 +680,7 @@ def test_mapping_stop_returns_403_if_task_locked_by_other_user(self):
             headers={"Authorization": self.user_session_token},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "TaskNotOwned")
 
     def test_mapping_stop_returns_200_on_success(self):
@@ -780,8 +780,8 @@ def test_validation_lock_returns_404_for_invalid_task_id(self):
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json["error"]["sub_code"], TASK_NOT_FOUND_SUB_CODE)
 
-    def test_validation_lock_returns_403_if_task_not_ready_for_validation(self):
-        """Test returns 403 if task not ready for validation."""
+    def test_validation_lock_returns_409_if_task_not_ready_for_validation(self):
+        """Test returns 409 if task not ready for validation."""
         # Arrange
         task = Task.get(1, self.test_project.id)
         task.task_status = TaskStatus.READY.value  # not ready for validation
@@ -793,13 +793,13 @@ def test_validation_lock_returns_403_if_task_not_ready_for_validation(self):
             json={"taskIds": [1]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "NotReadyForValidation")
 
-    def test_validation_lock_returns_403_if_mapped_by_same_user_and_user_not_admin(
+    def test_validation_lock_returns_409_if_mapped_by_same_user_and_user_not_admin(
         self,
     ):
-        """Test returns 403 if mapped by same user."""
+        """Test returns 409 if mapped by same user."""
         # Arrange
         task = Task.get(1, self.test_project.id)
         task.task_status = TaskStatus.MAPPED.value
@@ -812,7 +812,7 @@ def test_validation_lock_returns_403_if_mapped_by_same_user_and_user_not_admin(
             json={"taskIds": [1]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "CannotValidateMappedTask")
 
     def test_validation_lock_returns_403_if_user_not_permitted_to_validate(self):
@@ -871,10 +871,10 @@ def test_validation_lock_returns_403_if_user_not_on_allowed_list(
         )
         # Assert
         self.assertEqual(response.status_code, 403)
-        self.assertEqual(response.json["SubCode"], "UserNotAllowed")
+        self.assertEqual(response.json["error"]["sub_code"], "USER_BLOCKED")
 
-    def test_validation_lock_returns_403_if_user_has_already_locked_other_task(self):
-        """Test returns 403 if user has already locked other task."""
+    def test_validation_lock_returns_409_if_user_has_already_locked_other_task(self):
+        """Test returns 409 if user has already locked other task."""
         # Arrange
         self.test_project.status = ProjectStatus.PUBLISHED.value
         self.test_project.save()
@@ -889,7 +889,7 @@ def test_validation_lock_returns_403_if_user_has_already_locked_other_task(self)
             json={"taskIds": [1]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "UserAlreadyHasTaskLocked")
 
     @patch.object(ProjectService, "is_user_permitted_to_validate")
@@ -980,16 +980,16 @@ def test_validation_unlock_returns_404_if_task_not_found(self):
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json["error"]["sub_code"], TASK_NOT_FOUND_SUB_CODE)
 
-    def test_validation_unlock_returns_403_if_task_not_locked_for_validation(self):
-        """Test returns 403 if task not locked for validation."""
+    def test_validation_unlock_returns_409_if_task_not_locked_for_validation(self):
+        """Test returns 409 if task not locked for validation."""
         # Act
         response = self.client.post(
             self.url,
             headers={"Authorization": self.user_session_token},
             json={"validatedTasks": [{"taskId": 1, "status": "VALIDATED"}]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "NotLockedForValidation")
 
     @staticmethod
@@ -1002,8 +1002,8 @@ def lock_task_for_validation(task_id, project_id, user_id, mapped_by=None):
             task.mapped_by = mapped_by
         task.update()
 
-    def test_validation_unlock_returns_403_if_task_locked_by_other_user(self):
-        """Test returns 403 if task locked by other user."""
+    def test_validation_unlock_returns_409_if_task_locked_by_other_user(self):
+        """Test returns 409 if task locked by other user."""
         # Arrange
         TestTasksActionsValidationUnlockAPI.lock_task_for_validation(
             1, self.test_project.id, self.test_author.id
@@ -1015,7 +1015,7 @@ def test_validation_unlock_returns_403_if_task_locked_by_other_user(self):
             json={"validatedTasks": [{"taskId": 1, "status": "VALIDATED"}]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "TaskNotOwned")
 
     def test_validation_unlock_returns_400_if_invalid_state_passsed(self):
@@ -1164,8 +1164,8 @@ def test_validation_stop_returns_404_if_task_not_found(self):
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json["error"]["sub_code"], TASK_NOT_FOUND_SUB_CODE)
 
-    def test_validation_stop_returns_403_if_task_not_locked_for_validation(self):
-        """Test returns 403 if task not locked for validation."""
+    def test_validation_stop_returns_409_if_task_not_locked_for_validation(self):
+        """Test returns 409 if task not locked for validation."""
         # Arrange
         TestTasksActionsValidationUnlockAPI.lock_task_for_validation(
             1, self.test_project.id, self.test_user.id
@@ -1178,11 +1178,11 @@ def test_validation_stop_returns_403_if_task_not_locked_for_validation(self):
         )
         # Assert
         # Since task 2 is not locked for validation, we should get a 403 even though task 1 is locked for validation
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "NotLockedForValidation")
 
-    def test_validation_stop_returns_403_if_task_locked_by_other_user(self):
-        """Test returns 403 if task locked by other user."""
+    def test_validation_stop_returns_409_if_task_locked_by_other_user(self):
+        """Test returns 409 if task locked by other user."""
         # Arrange
         TestTasksActionsValidationUnlockAPI.lock_task_for_validation(
             1, self.test_project.id, self.test_author.id, self.test_author.id
@@ -1194,7 +1194,7 @@ def test_validation_stop_returns_403_if_task_locked_by_other_user(self):
             json={"resetTasks": [{"taskId": 1}]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "TaskNotOwned")
 
     def test_validation_stop_returns_200_if_task_locked_by_user(self):
@@ -1287,8 +1287,8 @@ def test_returns_404_if_task_not_found(self):
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json["error"]["sub_code"], TASK_NOT_FOUND_SUB_CODE)
 
-    def test_returns_403_if_task_too_small_to_split(self):
-        """Test returns 403 if task too small to split."""
+    def test_returns_409_if_task_too_small_to_split(self):
+        """Test returns 409 if task too small to split."""
         # Arrange
         task = Task.get(1, self.test_project.id)
         task.zoom = 18
@@ -1299,21 +1299,21 @@ def test_returns_403_if_task_too_small_to_split(self):
             headers={"Authorization": self.author_session_token},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "SmallToSplit")
 
-    def test_returns_403_if_task_not_locked_for_mapping(self):
-        """Test returns 403 if task not locked for mapping."""
+    def test_returns_409_if_task_not_locked_for_mapping(self):
+        """Test returns 409 if task not locked for mapping."""
         # Since task should be locked for mapping to split, we should get a 403
         response = self.client.post(
             self.url,
             headers={"Authorization": self.author_session_token},
         )
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "LockToSplit")
 
-    def test_returns_403_if_task_locked_by_other_user(self):
-        """Test returns 403 if task locked by other user."""
+    def test_returns_409_if_task_locked_by_other_user(self):
+        """Test returns 409 if task locked by other user."""
         # Arrange
         test_user = return_canned_user("test user", 1111111)
         test_user.create()
@@ -1325,7 +1325,7 @@ def test_returns_403_if_task_locked_by_other_user(self):
             headers={"Authorization": self.author_session_token},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "SplitOtherUserTask")
 
     def test_returns_200_if_task_locked_by_user(self):
@@ -1549,8 +1549,8 @@ def test_returns_404_if_task_not_found(self):
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json["error"]["sub_code"], TASK_NOT_FOUND_SUB_CODE)
 
-    def test_returns_403_if_task_not_locked(self):
-        """Test returns 403 if task not locked."""
+    def test_returns_409_if_task_not_locked(self):
+        """Test returns 409 if task not locked."""
         # Task should be locked for mapping or validation to extend
         # Act
         response = self.client.post(
@@ -1559,11 +1559,11 @@ def test_returns_403_if_task_not_locked(self):
             json={"taskIds": [1]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "TaskStatusNotLocked")
 
-    def test_returns_403_if_task_is_not_locked_by_requesting_user(self):
-        """Test returns 403 if task is not locked by requesting user."""
+    def test_returns_409_if_task_is_not_locked_by_requesting_user(self):
+        """Test returns 409 if task is not locked by requesting user."""
         # Task should be locked for mapping or validation to extend
         # Arrange
         task = Task.get(1, self.test_project.id)
@@ -1575,7 +1575,7 @@ def test_returns_403_if_task_is_not_locked_by_requesting_user(self):
             json={"taskIds": [1]},
         )
         # Assert
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 409)
         self.assertEqual(response.json["SubCode"], "LockedByAnotherUser")
 
     def test_returns_200_if_task_locked_by_requesting_user(self):