3 files changed, 60 insertions, 0 deletions
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/__init__.py b/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/__init__.py
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/endpoint.py
new file mode 100644
index 00000000..9f6a60ec
--- /dev/null
+++ b/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/endpoint.py
@@ -0,0 +1,17 @@
+from opendc.models.project import Project
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Find all authorizations for a Project."""
+
+    request.check_required_parameters(path={'projectId': 'string'})
+
+    project = Project.from_id(request.params_path['projectId'])
+
+    project.check_exists()
+    project.check_user_access(request.google_id, False)
+
+    authorizations = project.get_all_authorizations()
+
+    return Response(200, 'Successfully retrieved project authorizations', authorizations)
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/test_endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/test_endpoint.py
new file mode 100644
index 00000000..bebd6cff
--- /dev/null
+++ b/opendc-web/opendc-web-api/opendc/api/v2/projects/projectId/authorizations/test_endpoint.py
@@ -0,0 +1,43 @@
+from opendc.util.database import DB
+
+test_id = 24 * '1'
+test_id_2 = 24 * '2'
+
+
+def test_get_authorizations_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    mocker.patch.object(DB, 'fetch_all', return_value=None)
+    assert '404' in client.get(f'/v2/projects/{test_id}/authorizations').status
+
+
+def test_get_authorizations_not_authorized(client, mocker):
+    mocker.patch.object(DB,
+                        'fetch_one',
+                        return_value={
+                            '_id': test_id,
+                            'name': 'test trace',
+                            'authorizations': [{
+                                'projectId': test_id_2,
+                                'authorizationLevel': 'OWN'
+                            }]
+                        })
+    mocker.patch.object(DB, 'fetch_all', return_value=[])
+    res = client.get(f'/v2/projects/{test_id}/authorizations')
+    assert '403' in res.status
+
+
+def test_get_authorizations(client, mocker):
+    mocker.patch.object(DB,
+                        'fetch_one',
+                        return_value={
+                            '_id': test_id,
+                            'name': 'test trace',
+                            'authorizations': [{
+                                'projectId': test_id,
+                                'authorizationLevel': 'OWN'
+                            }]
+                        })
+    mocker.patch.object(DB, 'fetch_all', return_value=[])
+    res = client.get(f'/v2/projects/{test_id}/authorizations')
+    assert len(res.json['content']) == 0
+    assert '200' in res.status