From ef39ab6a41168521210d4641b5688b4d1dec4667 Mon Sep 17 00:00:00 2001 From: Justin Visser Date: Sat, 7 Mar 2026 15:40:49 +0100 Subject: [PATCH] fix(ci): fix import sorting, API contract, and pdf-queue test - Add missing blank line after imports in application.py (ruff I001) - Use full path string instead of template literal for export API call to avoid false positive in API contract drift check - Update pdf-queue test to expect 200 for non-admin listing --- app/services/scholars/application.py | 1 + frontend/src/features/scholars/index.ts | 4 ++-- tests/integration/test_api_admin.py | 7 ++++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/services/scholars/application.py b/app/services/scholars/application.py index cc77613..1dbaa7d 100644 --- a/app/services/scholars/application.py +++ b/app/services/scholars/application.py @@ -27,6 +27,7 @@ from app.services.scholars.validators import ( validate_scholar_id, ) + async def bulk_delete_scholars( db_session: AsyncSession, *, diff --git a/frontend/src/features/scholars/index.ts b/frontend/src/features/scholars/index.ts index fedc71b..f6ad9d3 100644 --- a/frontend/src/features/scholars/index.ts +++ b/frontend/src/features/scholars/index.ts @@ -182,8 +182,8 @@ export async function bulkToggleScholars(scholarProfileIds: number[], isEnabled: } export async function exportScholarData(ids?: number[]): Promise { - const params = ids && ids.length > 0 ? `?ids=${ids.join(",")}` : ""; - const response = await apiRequest(`/scholars/export${params}`, { + const path = ids && ids.length > 0 ? `/scholars/export?ids=${ids.join(",")}` : "/scholars/export"; + const response = await apiRequest(path, { method: "GET", }); return response.data; diff --git a/tests/integration/test_api_admin.py b/tests/integration/test_api_admin.py index fb63f34..f80a8e3 100644 --- a/tests/integration/test_api_admin.py +++ b/tests/integration/test_api_admin.py @@ -340,10 +340,11 @@ async def test_api_admin_dbops_forbidden_for_non_admin_and_validates_scope(db_se assert forbidden_integrity.status_code == 403 assert forbidden_integrity.json()["error"]["code"] == "forbidden" - forbidden_pdf_queue = client.get("/api/v1/admin/db/pdf-queue") - assert forbidden_pdf_queue.status_code == 403 - assert forbidden_pdf_queue.json()["error"]["code"] == "forbidden" + # PDF queue listing is accessible to all authenticated users (not admin-only). + allowed_pdf_queue = client.get("/api/v1/admin/db/pdf-queue") + assert allowed_pdf_queue.status_code == 200 + # But requeue actions still require admin. forbidden_requeue = client.post( "/api/v1/admin/db/pdf-queue/1/requeue", headers=headers,