test: add authz test for assets

openedx · Oct 15, 2024 · d608aed · d608aed
1 parent f150d9f
commit d608aed
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/openedx/core/djangoapps/content_libraries/tests/test_static_assets.py b/openedx/core/djangoapps/content_libraries/tests/test_static_assets.py
@@ -5,6 +5,7 @@
 
 from opaque_keys.edx.keys import UsageKey
 
+from common.djangoapps.student.tests.factories import UserFactory
 from openedx.core.djangoapps.content_libraries.tests.base import (
     ContentLibrariesRestApiTest,
 )
@@ -167,3 +168,19 @@ def test_anonymous_user(self):
             f"/library_assets/{self.draft_component_version.uuid}/static/test.svg"
         )
         assert response.status_code == 403
+
+    def test_unauthorized_user(self):
+        """User who is not a Content Library staff should not have access."""
+        self.client.logout()
+        student = UserFactory.create(
+            username="student",
+            email="[email protected]",
+            password="student-pass",
+            is_staff=False,
+            is_superuser=False,
+        )
+        self.client.login(username="student", password="student-pass")
+        get_response = self.client.get(
+            f"/library_assets/{self.draft_component_version.uuid}/static/test.svg"
+        )
+        assert get_response.status_code == 403