@@ -989,6 +989,37 @@ async def test_global_admin_manager_can_set_project_admins(
989989 members = res .scalars ().all ()
990990 assert len (members ) == 2
991991
992+ @pytest .mark .asyncio
993+ @pytest .mark .parametrize ("test_db" , ["sqlite" , "postgres" ], indirect = True )
994+ async def test_cannot_set_same_user_twice (
995+ self , test_db , session : AsyncSession , client : AsyncClient
996+ ):
997+ project = await create_project (session = session )
998+ user = await create_user (session = session , global_role = GlobalRole .ADMIN )
999+ user1 = await create_user (session = session , name = "user1" )
1000+ members = [
1001+ {
1002+ "username" : user1 .name ,
1003+ "project_role" : ProjectRole .ADMIN ,
1004+ },
1005+ {
1006+ "username" : user1 .name ,
1007+ "project_role" : ProjectRole .ADMIN ,
1008+ },
1009+ ]
1010+ body = {"members" : members }
1011+ response = await client .post (
1012+ f"/api/projects/{ project .name } /set_members" ,
1013+ headers = get_auth_headers (user .token ),
1014+ json = body ,
1015+ )
1016+ assert response .status_code == 400
1017+ res = await session .execute (select (MemberModel ))
1018+ members = res .scalars ().all ()
1019+ assert len (members ) == 0
1020+
1021+
1022+ class TestAddProjectMembers :
9921023 @pytest .mark .asyncio
9931024 @pytest .mark .parametrize ("test_db" , ["sqlite" , "postgres" ], indirect = True )
9941025 async def test_add_member_errors_on_nonexistent_user (
@@ -1053,6 +1084,35 @@ async def test_add_member_manager_cannot_add_admin_without_global_admin(
10531084
10541085 assert response .status_code == 403
10551086
1087+ @pytest .mark .asyncio
1088+ @pytest .mark .parametrize ("test_db" , ["sqlite" , "postgres" ], indirect = True )
1089+ async def test_cannot_add_same_user_twice (
1090+ self , test_db , session : AsyncSession , client : AsyncClient
1091+ ):
1092+ project = await create_project (session = session )
1093+ user = await create_user (session = session , global_role = GlobalRole .ADMIN )
1094+ user1 = await create_user (session = session , name = "user1" )
1095+ members = [
1096+ {
1097+ "username" : user1 .name ,
1098+ "project_role" : ProjectRole .ADMIN ,
1099+ },
1100+ {
1101+ "username" : user1 .name ,
1102+ "project_role" : ProjectRole .ADMIN ,
1103+ },
1104+ ]
1105+ body = {"members" : members }
1106+ response = await client .post (
1107+ f"/api/projects/{ project .name } /add_members" ,
1108+ headers = get_auth_headers (user .token ),
1109+ json = body ,
1110+ )
1111+ assert response .status_code == 400 , response .json ()
1112+ res = await session .execute (select (MemberModel ))
1113+ members = res .scalars ().all ()
1114+ assert len (members ) == 0
1115+
10561116
10571117class TestUpdateProjectVisibility :
10581118 @pytest .mark .asyncio
0 commit comments