From aca3ba4fdab548f964c787ea7aff1e398f02201a Mon Sep 17 00:00:00 2001
From: Kaustav Banerjee <kaustav@opencraft.com>
Date: Mon, 26 May 2025 20:57:25 +0530
Subject: [PATCH] test: add test for unprivileged user

---
 common/djangoapps/third_party_auth/api/tests/test_views.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/common/djangoapps/third_party_auth/api/tests/test_views.py b/common/djangoapps/third_party_auth/api/tests/test_views.py
index e598493208..6ff644f48e 100644
--- a/common/djangoapps/third_party_auth/api/tests/test_views.py
+++ b/common/djangoapps/third_party_auth/api/tests/test_views.py
@@ -252,6 +252,13 @@ class UserViewV2APITests(UserViewsMixin, TpaAPITestCase):
         assert response.status_code == expect_code
         assert (response.data == expect_data)
 
+    def test_unauthorized_delete_social_auth_record_call(self):
+        user = get_user_model().objects.get(username=CARL_USERNAME)
+        auth_token = f"JWT {generate_jwt(user, is_restricted=False, scopes=None, filters=None)}"
+        url = self.make_url({'username': ALICE_USERNAME, 'uid': f'{ALICE_USERNAME}@gmail.com'})
+        response = self.client.delete(url, HTTP_AUTHORIZATION=auth_token)
+        assert response.status_code == 403
+
 
 @override_settings(EDX_API_KEY=VALID_API_KEY)
 @ddt.ddt