FS-5044 - Add role-based auth to FAB

communitiesuk · Feb 27, 2025 · 50a7408 · 50a7408
1 parent 66676ca
commit 50a7408
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/app/create_app.py b/app/create_app.py
@@ -28,7 +28,9 @@ def protect_private_routes(flask_app: Flask) -> Flask:
         if endpoint in PUBLIC_ROUTES:
             continue
         flask_app.view_functions[endpoint] = login_required(
-            check_internal_user(view_func), return_app=SupportedApp.FUND_APPLICATION_BUILDER
+            check_internal_user(view_func),
+            roles_required=["FSD_ADMIN"],
+            return_app=SupportedApp.FUND_APPLICATION_BUILDER,
         )
     return flask_app
 

diff --git a/tests/unit/conftest.py b/tests/unit/conftest.py
@@ -137,7 +137,7 @@ def patch_validate_token_rs256_internal_user():
     with patch("fsd_utils.authentication.decorators.validate_token_rs256") as mock_validate_token_rs256:
         mock_validate_token_rs256.return_value = {
             "accountId": "test-account-id",
-            "roles": [],
+            "roles": ["FSD_ADMIN"],
             "email": "[email protected]",
         }
         yield mock_validate_token_rs256
@@ -149,7 +149,7 @@ def patch_validate_token_rs256_external_user():
     with patch("fsd_utils.authentication.decorators.validate_token_rs256") as mock_validate_token_rs256:
         mock_validate_token_rs256.return_value = {
             "accountId": "test-account-id",
-            "roles": [],
+            "roles": ["FSD_ADMIN"],
             "email": "[email protected]",
         }
         yield mock_validate_token_rs256