Flesh out server tests

[robotoer]

Outstanding issues:

• Tests are limited to using a single user (sub == 42) with auth set to none. Need a "fake" auth provider for testing purposes.
• Tests are inadequate/low coverage over API.
• Providing a fake CASBIN policy for the test.

Thoughts/Suggestions:

• Table driven tests are nice for making certain test types repeatable for different cases. Also see: https://lorenzopeppoloni.com/tabledriventestspy/
• Starting with testing the API itself with a mock/testing database under the hood would be a good start.
• Consider adding a generic way to run common "permissions" tests for API

Group API Tests:

• Ensure all CASBIN groups show up (a group is only defined if there's at least one member in it by CASBIN rules)

Protocol API Tests:

• Ensure protocol search query/paging parameters work properly
• Ensure protocol get returns a protocol if it exists, returns 404 if it does not, and returns a specific historical version if the version_id parameter is provided
• Ensure create protocol saves new protocols in DB, creates appropriate CASBIN policy records, and returns a copy of the new protocol with an ID (a new one if not provided)
• Ensure update protocol works properly
• Ensure delete protocol works properly

Run API Tests:

• Ensure run search query/paging parameters work properly
• Ensure run get returns a run if it exists, returns 404 if it does not, and returns a specific historical version if the version_id parameter is provided
• Ensure create run saves new run in DB, creates appropriate CASBIN policy records, and returns a copy of the new run with an ID (a new one if not provided)
• Ensure update run works properly
• Ensure delete run works properly

Sample API Tests:

• Ensure sample search query/paging parameters work properly
• Ensure sample get returns a sample if it exists, returns 404 if it does not, and returns a specific historical version if the version_id parameter is provided
• Ensure update sample works properly

User API Tests:

• Ensure user search query/paging parameters work properly
• Ensure user get returns a user if it exists, returns 404 if it does not, and returns a specific historical version if the version_id parameter is provided
• Ensure create user saves new users in DB, creates appropriate CASBIN policy records, and returns a copy of the new user
• Ensure update user works properly

This will test most of the core functionality with some of the special behavior of the Runs API not being tested yet, but we can add that afterwards.