Test permissions use api (#784)

* initial push * fmt; clippy --------- Co-authored-by: Geometrically <18202329+Geometrically@users.noreply.github.com>
2023-12-11 18:24:49 -08:00
parent 27ccd3dfa8
commit 6217523cc8
32 changed files with 1558 additions and 1015 deletions
--- a/tests/common/api_common/generic.rs
+++ b/tests/common/api_common/generic.rs
@@ -10,8 +10,8 @@ use labrinth::models::{
 use crate::common::{api_v2::ApiV2, api_v3::ApiV3, dummy_data::TestFile};

 use super::{
-    models::{CommonImageData, CommonProject, CommonVersion},
-    request_data::ProjectCreationRequestData,
+    models::{CommonProject, CommonVersion},
+    request_data::{ImageData, ProjectCreationRequestData},
    Api, ApiProject, ApiTags, ApiTeams, ApiVersion,
 };

@@ -65,17 +65,21 @@ impl Api for GenericApi {
 delegate_api_variant!(
    #[async_trait(?Send)]
    impl ApiProject for GenericApi {
-        [add_public_project, (CommonProject, Vec<CommonVersion>), slug: &str, version_jar: Option<TestFile>, modify_json: Option<json_patch::Patch>, pat: &str],
+        [add_public_project, (CommonProject, Vec<CommonVersion>), slug: &str, version_jar: Option<TestFile>, modify_json: Option<json_patch::Patch>, pat: Option<&str>],
        [get_public_project_creation_data_json, serde_json::Value, slug: &str, version_jar: Option<&TestFile>],
-        [create_project, ServiceResponse, creation_data: ProjectCreationRequestData, pat: &str],
-        [remove_project, ServiceResponse, project_slug_or_id: &str, pat: &str],
-        [get_project, ServiceResponse, id_or_slug: &str, pat: &str],
-        [get_project_deserialized_common, CommonProject, id_or_slug: &str, pat: &str],
-        [get_user_projects, ServiceResponse, user_id_or_username: &str, pat: &str],
-        [get_user_projects_deserialized_common, Vec<CommonProject>, user_id_or_username: &str, pat: &str],
-        [edit_project, ServiceResponse, id_or_slug: &str, patch: serde_json::Value, pat: &str],
-        [edit_project_bulk, ServiceResponse, ids_or_slugs: &[&str], patch: serde_json::Value, pat: &str],
-        [edit_project_icon, ServiceResponse, id_or_slug: &str, icon: Option<CommonImageData>, pat: &str],
+        [create_project, ServiceResponse, creation_data: ProjectCreationRequestData, pat: Option<&str>],
+        [remove_project, ServiceResponse, project_slug_or_id: &str, pat: Option<&str>],
+        [get_project, ServiceResponse, id_or_slug: &str, pat: Option<&str>],
+        [get_project_deserialized_common, CommonProject, id_or_slug: &str, pat: Option<&str>],
+        [get_user_projects, ServiceResponse, user_id_or_username: &str, pat: Option<&str>],
+        [get_user_projects_deserialized_common, Vec<CommonProject>, user_id_or_username: &str, pat: Option<&str>],
+        [edit_project, ServiceResponse, id_or_slug: &str, patch: serde_json::Value, pat: Option<&str>],
+        [edit_project_bulk, ServiceResponse, ids_or_slugs: &[&str], patch: serde_json::Value, pat: Option<&str>],
+        [edit_project_icon, ServiceResponse, id_or_slug: &str, icon: Option<ImageData>, pat: Option<&str>],
+        [schedule_project, ServiceResponse, id_or_slug: &str, requested_status: &str, date : chrono::DateTime<chrono::Utc>, pat: Option<&str>],
+        [add_gallery_item, ServiceResponse, id_or_slug: &str, image: ImageData,  featured: bool, title: Option<String>, description: Option<String>, ordering: Option<i32>, pat: Option<&str>],
+        [remove_gallery_item, ServiceResponse, id_or_slug: &str, image_url: &str, pat: Option<&str>],
+        [edit_gallery_item, ServiceResponse, id_or_slug: &str, image_url: &str, patch: HashMap<String, String>, pat: Option<&str>],
    }
 );

@@ -92,44 +96,47 @@ delegate_api_variant!(
 delegate_api_variant!(
    #[async_trait(?Send)]
    impl ApiTeams for GenericApi {
-        [get_team_members, ServiceResponse, team_id: &str, pat: &str],
-        [get_team_members_deserialized_common, Vec<crate::common::api_common::models::CommonTeamMember>, team_id: &str, pat: &str],
-        [get_project_members, ServiceResponse, id_or_slug: &str, pat: &str],
-        [get_project_members_deserialized_common, Vec<crate::common::api_common::models::CommonTeamMember>, id_or_slug: &str, pat: &str],
-        [get_organization_members, ServiceResponse, id_or_title: &str, pat: &str],
-        [get_organization_members_deserialized_common, Vec<crate::common::api_common::models::CommonTeamMember>, id_or_title: &str, pat: &str],
-        [join_team, ServiceResponse, team_id: &str, pat: &str],
-        [remove_from_team, ServiceResponse, team_id: &str, user_id: &str, pat: &str],
-        [edit_team_member, ServiceResponse, team_id: &str, user_id: &str, patch: serde_json::Value, pat: &str],
-        [transfer_team_ownership, ServiceResponse, team_id: &str, user_id: &str, pat: &str],
-        [get_user_notifications, ServiceResponse, user_id: &str, pat: &str],
-        [get_user_notifications_deserialized_common, Vec<crate::common::api_common::models::CommonNotification>, user_id: &str, pat: &str],
-        [mark_notification_read, ServiceResponse, notification_id: &str, pat: &str],
-        [add_user_to_team, ServiceResponse, team_id: &str, user_id: &str, project_permissions: Option<ProjectPermissions>, organization_permissions: Option<OrganizationPermissions>, pat: &str],
-        [delete_notification, ServiceResponse, notification_id: &str, pat: &str],
+        [get_team_members, ServiceResponse, team_id: &str, pat: Option<&str>],
+        [get_team_members_deserialized_common, Vec<crate::common::api_common::models::CommonTeamMember>, team_id: &str, pat: Option<&str>],
+        [get_project_members, ServiceResponse, id_or_slug: &str, pat: Option<&str>],
+        [get_project_members_deserialized_common, Vec<crate::common::api_common::models::CommonTeamMember>, id_or_slug: &str, pat: Option<&str>],
+        [get_organization_members, ServiceResponse, id_or_title: &str, pat: Option<&str>],
+        [get_organization_members_deserialized_common, Vec<crate::common::api_common::models::CommonTeamMember>, id_or_title: &str, pat: Option<&str>],
+        [join_team, ServiceResponse, team_id: &str, pat: Option<&str>],
+        [remove_from_team, ServiceResponse, team_id: &str, user_id: &str, pat: Option<&str>],
+        [edit_team_member, ServiceResponse, team_id: &str, user_id: &str, patch: serde_json::Value, pat: Option<&str>],
+        [transfer_team_ownership, ServiceResponse, team_id: &str, user_id: &str, pat: Option<&str>],
+        [get_user_notifications, ServiceResponse, user_id: &str, pat: Option<&str>],
+        [get_user_notifications_deserialized_common, Vec<crate::common::api_common::models::CommonNotification>, user_id: &str, pat: Option<&str>],
+        [mark_notification_read, ServiceResponse, notification_id: &str, pat: Option<&str>],
+        [add_user_to_team, ServiceResponse, team_id: &str, user_id: &str, project_permissions: Option<ProjectPermissions>, organization_permissions: Option<OrganizationPermissions>, pat: Option<&str>],
+        [delete_notification, ServiceResponse, notification_id: &str, pat: Option<&str>],
    }
 );

 delegate_api_variant!(
    #[async_trait(?Send)]
    impl ApiVersion for GenericApi {
-        [add_public_version, ServiceResponse, project_id: ProjectId, version_number: &str, version_jar: TestFile, ordering: Option<i32>, modify_json: Option<json_patch::Patch>, pat: &str],
-        [add_public_version_deserialized_common, CommonVersion, project_id: ProjectId, version_number: &str, version_jar: TestFile, ordering: Option<i32>, modify_json: Option<json_patch::Patch>, pat: &str],
-        [get_version, ServiceResponse, id_or_slug: &str, pat: &str],
-        [get_version_deserialized_common, CommonVersion, id_or_slug: &str, pat: &str],
-        [get_versions, ServiceResponse, ids_or_slugs: Vec<String>, pat: &str],
-        [get_versions_deserialized_common, Vec<CommonVersion>, ids_or_slugs: Vec<String>, pat: &str],
-        [edit_version, ServiceResponse, id_or_slug: &str, patch: serde_json::Value, pat: &str],
-        [get_version_from_hash, ServiceResponse, id_or_slug: &str, hash: &str, pat: &str],
-        [get_version_from_hash_deserialized_common, CommonVersion, id_or_slug: &str, hash: &str, pat: &str],
-        [get_versions_from_hashes, ServiceResponse, hashes: &[&str], algorithm: &str, pat: &str],
-        [get_versions_from_hashes_deserialized_common, HashMap<String, CommonVersion>, hashes: &[&str],        algorithm: &str,        pat: &str],
-        [get_update_from_hash, ServiceResponse, hash: &str, algorithm: &str, loaders: Option<Vec<String>>,game_versions: Option<Vec<String>>, version_types: Option<Vec<String>>, pat: &str],
-        [get_update_from_hash_deserialized_common, CommonVersion, hash: &str,        algorithm: &str,loaders: Option<Vec<String>>,game_versions: Option<Vec<String>>,version_types: Option<Vec<String>>,        pat: &str],
-        [update_files, ServiceResponse, algorithm: &str,        hashes: Vec<String>,        loaders: Option<Vec<String>>,        game_versions: Option<Vec<String>>,        version_types: Option<Vec<String>>,        pat: &str],
-        [update_files_deserialized_common, HashMap<String, CommonVersion>, algorithm: &str,        hashes: Vec<String>,        loaders: Option<Vec<String>>,        game_versions: Option<Vec<String>>,        version_types: Option<Vec<String>>,        pat: &str],
-        [get_project_versions, ServiceResponse, project_id_slug: &str,        game_versions: Option<Vec<String>>,loaders: Option<Vec<String>>,featured: Option<bool>,        version_type: Option<VersionType>,        limit: Option<usize>,        offset: Option<usize>,pat: &str],
-        [get_project_versions_deserialized_common, Vec<CommonVersion>, project_id_slug: &str, game_versions: Option<Vec<String>>, loaders: Option<Vec<String>>,featured: Option<bool>,version_type: Option<VersionType>,limit: Option<usize>,offset: Option<usize>,pat: &str],
-        [edit_version_ordering, ServiceResponse, version_id: &str,ordering: Option<i32>,pat: &str],
+        [add_public_version, ServiceResponse, project_id: ProjectId, version_number: &str, version_jar: TestFile, ordering: Option<i32>, modify_json: Option<json_patch::Patch>, pat: Option<&str>],
+        [add_public_version_deserialized_common, CommonVersion, project_id: ProjectId, version_number: &str, version_jar: TestFile, ordering: Option<i32>, modify_json: Option<json_patch::Patch>, pat: Option<&str>],
+        [get_version, ServiceResponse, id_or_slug: &str, pat: Option<&str>],
+        [get_version_deserialized_common, CommonVersion, id_or_slug: &str, pat: Option<&str>],
+        [get_versions, ServiceResponse, ids_or_slugs: Vec<String>, pat: Option<&str>],
+        [get_versions_deserialized_common, Vec<CommonVersion>, ids_or_slugs: Vec<String>, pat: Option<&str>],
+        [edit_version, ServiceResponse, id_or_slug: &str, patch: serde_json::Value, pat: Option<&str>],
+        [get_version_from_hash, ServiceResponse, id_or_slug: &str, hash: &str, pat: Option<&str>],
+        [get_version_from_hash_deserialized_common, CommonVersion, id_or_slug: &str, hash: &str, pat: Option<&str>],
+        [get_versions_from_hashes, ServiceResponse, hashes: &[&str], algorithm: &str, pat: Option<&str>],
+        [get_versions_from_hashes_deserialized_common, HashMap<String, CommonVersion>, hashes: &[&str],        algorithm: &str,        pat: Option<&str>],
+        [get_update_from_hash, ServiceResponse, hash: &str, algorithm: &str, loaders: Option<Vec<String>>,game_versions: Option<Vec<String>>, version_types: Option<Vec<String>>, pat: Option<&str>],
+        [get_update_from_hash_deserialized_common, CommonVersion, hash: &str,        algorithm: &str,loaders: Option<Vec<String>>,game_versions: Option<Vec<String>>,version_types: Option<Vec<String>>,        pat: Option<&str>],
+        [update_files, ServiceResponse, algorithm: &str,        hashes: Vec<String>,        loaders: Option<Vec<String>>,        game_versions: Option<Vec<String>>,        version_types: Option<Vec<String>>,        pat: Option<&str>],
+        [update_files_deserialized_common, HashMap<String, CommonVersion>, algorithm: &str,        hashes: Vec<String>,        loaders: Option<Vec<String>>,        game_versions: Option<Vec<String>>,        version_types: Option<Vec<String>>,        pat: Option<&str>],
+        [get_project_versions, ServiceResponse, project_id_slug: &str,        game_versions: Option<Vec<String>>,loaders: Option<Vec<String>>,featured: Option<bool>,        version_type: Option<VersionType>,        limit: Option<usize>,        offset: Option<usize>,pat: Option<&str>],
+        [get_project_versions_deserialized_common, Vec<CommonVersion>, project_id_slug: &str, game_versions: Option<Vec<String>>, loaders: Option<Vec<String>>,featured: Option<bool>,version_type: Option<VersionType>,limit: Option<usize>,offset: Option<usize>,pat: Option<&str>],
+        [edit_version_ordering, ServiceResponse, version_id: &str,ordering: Option<i32>,pat: Option<&str>],
+        [upload_file_to_version, ServiceResponse, version_id: &str, file: &TestFile, pat: Option<&str>],
+        [remove_version, ServiceResponse, version_id: &str, pat: Option<&str>],
+        [remove_version_file, ServiceResponse, hash: &str, pat: Option<&str>],
    }
 );
--- a/tests/common/api_common/mod.rs
+++ b/tests/common/api_common/mod.rs
@@ -1,12 +1,13 @@
 use std::collections::HashMap;

 use self::models::{
-    CommonCategoryData, CommonImageData, CommonLoaderData, CommonNotification, CommonProject,
-    CommonTeamMember, CommonVersion,
+    CommonCategoryData, CommonLoaderData, CommonNotification, CommonProject, CommonTeamMember,
+    CommonVersion,
 };
-use self::request_data::ProjectCreationRequestData;
+use self::request_data::{ImageData, ProjectCreationRequestData};
 use actix_web::dev::ServiceResponse;
 use async_trait::async_trait;
+use chrono::{DateTime, Utc};
 use labrinth::{
    models::{
        projects::{ProjectId, VersionType},
@@ -38,12 +39,12 @@ pub trait ApiProject {
        slug: &str,
        version_jar: Option<TestFile>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> (CommonProject, Vec<CommonVersion>);
    async fn create_project(
        &self,
        creation_data: ProjectCreationRequestData,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn get_public_project_creation_data_json(
        &self,
@@ -51,32 +52,71 @@ pub trait ApiProject {
        version_jar: Option<&TestFile>,
    ) -> serde_json::Value;

-    async fn remove_project(&self, id_or_slug: &str, pat: &str) -> ServiceResponse;
-    async fn get_project(&self, id_or_slug: &str, pat: &str) -> ServiceResponse;
-    async fn get_project_deserialized_common(&self, id_or_slug: &str, pat: &str) -> CommonProject;
-    async fn get_user_projects(&self, user_id_or_username: &str, pat: &str) -> ServiceResponse;
+    async fn remove_project(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse;
+    async fn get_project(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse;
+    async fn get_project_deserialized_common(
+        &self,
+        id_or_slug: &str,
+        pat: Option<&str>,
+    ) -> CommonProject;
+    async fn get_user_projects(
+        &self,
+        user_id_or_username: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
    async fn get_user_projects_deserialized_common(
        &self,
        user_id_or_username: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonProject>;
    async fn edit_project(
        &self,
        id_or_slug: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn edit_project_bulk(
        &self,
        ids_or_slugs: &[&str],
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn edit_project_icon(
        &self,
        id_or_slug: &str,
-        icon: Option<CommonImageData>,
-        pat: &str,
+        icon: Option<ImageData>,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
+    async fn schedule_project(
+        &self,
+        id_or_slug: &str,
+        requested_status: &str,
+        date: DateTime<Utc>,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
+    #[allow(clippy::too_many_arguments)]
+    async fn add_gallery_item(
+        &self,
+        id_or_slug: &str,
+        image: ImageData,
+        featured: bool,
+        title: Option<String>,
+        description: Option<String>,
+        ordering: Option<i32>,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
+    async fn remove_gallery_item(
+        &self,
+        id_or_slug: &str,
+        url: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
+    async fn edit_gallery_item(
+        &self,
+        id_or_slug: &str,
+        url: &str,
+        patch: HashMap<String, String>,
+        pat: Option<&str>,
    ) -> ServiceResponse;
 }

@@ -90,55 +130,72 @@ pub trait ApiTags {

 #[async_trait(?Send)]
 pub trait ApiTeams {
-    async fn get_team_members(&self, team_id: &str, pat: &str) -> ServiceResponse;
+    async fn get_team_members(&self, team_id: &str, pat: Option<&str>) -> ServiceResponse;
    async fn get_team_members_deserialized_common(
        &self,
        team_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember>;
-    async fn get_project_members(&self, id_or_slug: &str, pat: &str) -> ServiceResponse;
+    async fn get_project_members(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse;
    async fn get_project_members_deserialized_common(
        &self,
        id_or_slug: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember>;
-    async fn get_organization_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse;
+    async fn get_organization_members(
+        &self,
+        id_or_title: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
    async fn get_organization_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember>;
-    async fn join_team(&self, team_id: &str, pat: &str) -> ServiceResponse;
-    async fn remove_from_team(&self, team_id: &str, user_id: &str, pat: &str) -> ServiceResponse;
+    async fn join_team(&self, team_id: &str, pat: Option<&str>) -> ServiceResponse;
+    async fn remove_from_team(
+        &self,
+        team_id: &str,
+        user_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
    async fn edit_team_member(
        &self,
        team_id: &str,
        user_id: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn transfer_team_ownership(
        &self,
        team_id: &str,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
-    async fn get_user_notifications(&self, user_id: &str, pat: &str) -> ServiceResponse;
+    async fn get_user_notifications(&self, user_id: &str, pat: Option<&str>) -> ServiceResponse;
    async fn get_user_notifications_deserialized_common(
        &self,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonNotification>;
-    async fn mark_notification_read(&self, notification_id: &str, pat: &str) -> ServiceResponse;
+    async fn mark_notification_read(
+        &self,
+        notification_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
    async fn add_user_to_team(
        &self,
        team_id: &str,
        user_id: &str,
        project_permissions: Option<ProjectPermissions>,
        organization_permissions: Option<OrganizationPermissions>,
-        pat: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
+    async fn delete_notification(
+        &self,
+        notification_id: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
-    async fn delete_notification(&self, notification_id: &str, pat: &str) -> ServiceResponse;
 }

 #[async_trait(?Send)]
@@ -150,7 +207,7 @@ pub trait ApiVersion {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn add_public_version_deserialized_common(
        &self,
@@ -159,45 +216,49 @@ pub trait ApiVersion {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion;
-    async fn get_version(&self, id_or_slug: &str, pat: &str) -> ServiceResponse;
-    async fn get_version_deserialized_common(&self, id_or_slug: &str, pat: &str) -> CommonVersion;
-    async fn get_versions(&self, ids_or_slugs: Vec<String>, pat: &str) -> ServiceResponse;
+    async fn get_version(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse;
+    async fn get_version_deserialized_common(
+        &self,
+        id_or_slug: &str,
+        pat: Option<&str>,
+    ) -> CommonVersion;
+    async fn get_versions(&self, ids_or_slugs: Vec<String>, pat: Option<&str>) -> ServiceResponse;
    async fn get_versions_deserialized_common(
        &self,
        ids_or_slugs: Vec<String>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonVersion>;
    async fn edit_version(
        &self,
        id_or_slug: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn get_version_from_hash(
        &self,
        id_or_slug: &str,
        hash: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn get_version_from_hash_deserialized_common(
        &self,
        id_or_slug: &str,
        hash: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion;
    async fn get_versions_from_hashes(
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn get_versions_from_hashes_deserialized_common(
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, CommonVersion>;
    async fn get_update_from_hash(
        &self,
@@ -206,7 +267,7 @@ pub trait ApiVersion {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn get_update_from_hash_deserialized_common(
        &self,
@@ -215,7 +276,7 @@ pub trait ApiVersion {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion;
    async fn update_files(
        &self,
@@ -224,7 +285,7 @@ pub trait ApiVersion {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    async fn update_files_deserialized_common(
        &self,
@@ -233,7 +294,7 @@ pub trait ApiVersion {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, CommonVersion>;
    #[allow(clippy::too_many_arguments)]
    async fn get_project_versions(
@@ -245,7 +306,7 @@ pub trait ApiVersion {
        version_type: Option<VersionType>,
        limit: Option<usize>,
        offset: Option<usize>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
    #[allow(clippy::too_many_arguments)]
    async fn get_project_versions_deserialized_common(
@@ -257,12 +318,34 @@ pub trait ApiVersion {
        version_type: Option<VersionType>,
        limit: Option<usize>,
        offset: Option<usize>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonVersion>;
    async fn edit_version_ordering(
        &self,
        version_id: &str,
        ordering: Option<i32>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse;
+    async fn upload_file_to_version(
+        &self,
+        version_id: &str,
+        file: &TestFile,
+        pat: Option<&str>,
+    ) -> ServiceResponse;
+    async fn remove_version(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse;
+    async fn remove_version_file(&self, hash: &str, pat: Option<&str>) -> ServiceResponse;
+}
+
+pub trait AppendsOptionalPat {
+    fn append_pat(self, pat: Option<&str>) -> Self;
+}
+// Impl this on all actix_web::test::TestRequest
+impl AppendsOptionalPat for actix_web::test::TestRequest {
+    fn append_pat(self, pat: Option<&str>) -> Self {
+        if let Some(pat) = pat {
+            self.append_header(("Authorization", pat))
+        } else {
+            self
+        }
+    }
 }
--- a/tests/common/api_common/models.rs
+++ b/tests/common/api_common/models.rs
@@ -74,13 +74,6 @@ pub struct CommonVersion {
    pub ordering: Option<i32>,
 }

-#[derive(Deserialize)]
-pub struct CommonImageData {
-    pub filename: String,
-    pub extension: String,
-    pub icon: Vec<u8>,
-}
-
 #[derive(Deserialize)]
 pub struct CommonLoaderData {
    pub icon: String,
--- a/tests/common/api_v2/project.rs
+++ b/tests/common/api_v2/project.rs
@@ -1,8 +1,10 @@
+use std::collections::HashMap;
+
 use crate::common::{
    api_common::{
-        models::{CommonImageData, CommonProject, CommonVersion},
-        request_data::ProjectCreationRequestData,
-        Api, ApiProject,
+        models::{CommonProject, CommonVersion},
+        request_data::{ImageData, ProjectCreationRequestData},
+        Api, ApiProject, AppendsOptionalPat,
    },
    dummy_data::TestFile,
 };
@@ -13,6 +15,7 @@ use actix_web::{
 };
 use async_trait::async_trait;
 use bytes::Bytes;
+use chrono::{DateTime, Utc};
 use labrinth::{
    models::v2::{projects::LegacyProject, search::LegacySearchResults},
    util::actix::AppendsMultipart,
@@ -27,7 +30,11 @@ use super::{
 };

 impl ApiV2 {
-    pub async fn get_project_deserialized(&self, id_or_slug: &str, pat: &str) -> LegacyProject {
+    pub async fn get_project_deserialized(
+        &self,
+        id_or_slug: &str,
+        pat: Option<&str>,
+    ) -> LegacyProject {
        let resp = self.get_project(id_or_slug, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
@@ -36,7 +43,7 @@ impl ApiV2 {
    pub async fn get_user_projects_deserialized(
        &self,
        user_id_or_username: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<LegacyProject> {
        let resp = self.get_user_projects(user_id_or_username, pat).await;
        assert_eq!(resp.status(), 200);
@@ -47,7 +54,7 @@ impl ApiV2 {
        &self,
        query: Option<&str>,
        facets: Option<serde_json::Value>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> LegacySearchResults {
        let query_field = if let Some(query) = query {
            format!("&query={}", urlencoding::encode(query))
@@ -63,7 +70,7 @@ impl ApiV2 {

        let req = test::TestRequest::get()
            .uri(&format!("/v2/search?{}{}", query_field, facets_field))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        let resp = self.call(req).await;
        let status = resp.status();
@@ -79,7 +86,7 @@ impl ApiProject for ApiV2 {
        slug: &str,
        version_jar: Option<TestFile>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> (CommonProject, Vec<CommonVersion>) {
        let creation_data = get_public_project_creation_data(slug, version_jar, modify_json);

@@ -91,7 +98,7 @@ impl ApiProject for ApiV2 {
        // Approve as a moderator.
        let req = TestRequest::patch()
            .uri(&format!("/v2/project/{}", slug))
-            .append_header(("Authorization", MOD_USER_PAT))
+            .append_pat(MOD_USER_PAT)
            .set_json(json!(
                {
                    "status": "approved"
@@ -106,7 +113,7 @@ impl ApiProject for ApiV2 {
        // Get project's versions
        let req = TestRequest::get()
            .uri(&format!("/v2/project/{}/version", slug))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        let resp = self.call(req).await;
        let versions: Vec<CommonVersion> = test::read_body_json(resp).await;
@@ -125,35 +132,38 @@ impl ApiProject for ApiV2 {
    async fn create_project(
        &self,
        creation_data: ProjectCreationRequestData,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = TestRequest::post()
            .uri("/v2/project")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_multipart(creation_data.segment_data)
            .to_request();
        self.call(req).await
    }

-    async fn remove_project(&self, project_slug_or_id: &str, pat: &str) -> ServiceResponse {
+    async fn remove_project(&self, project_slug_or_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v2/project/{project_slug_or_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
-        let resp = self.call(req).await;
-        assert_eq!(resp.status(), 204);
-        resp
+
+        self.call(req).await
    }

-    async fn get_project(&self, id_or_slug: &str, pat: &str) -> ServiceResponse {
+    async fn get_project(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/v2/project/{id_or_slug}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    async fn get_project_deserialized_common(&self, id_or_slug: &str, pat: &str) -> CommonProject {
+    async fn get_project_deserialized_common(
+        &self,
+        id_or_slug: &str,
+        pat: Option<&str>,
+    ) -> CommonProject {
        let resp = self.get_project(id_or_slug, pat).await;
        assert_eq!(resp.status(), 200);
        // First, deserialize to the non-common format (to test the response is valid for this api version)
@@ -163,10 +173,14 @@ impl ApiProject for ApiV2 {
        serde_json::from_value(value).unwrap()
    }

-    async fn get_user_projects(&self, user_id_or_username: &str, pat: &str) -> ServiceResponse {
+    async fn get_user_projects(
+        &self,
+        user_id_or_username: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v2/user/{}/projects", user_id_or_username))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -174,7 +188,7 @@ impl ApiProject for ApiV2 {
    async fn get_user_projects_deserialized_common(
        &self,
        user_id_or_username: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonProject> {
        let resp = self.get_user_projects(user_id_or_username, pat).await;
        assert_eq!(resp.status(), 200);
@@ -189,11 +203,11 @@ impl ApiProject for ApiV2 {
        &self,
        id_or_slug: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v2/project/{id_or_slug}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -204,7 +218,7 @@ impl ApiProject for ApiV2 {
        &self,
        ids_or_slugs: &[&str],
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let projects_str = ids_or_slugs
            .iter()
@@ -216,7 +230,7 @@ impl ApiProject for ApiV2 {
                "/v2/projects?ids={encoded}",
                encoded = urlencoding::encode(&format!("[{projects_str}]"))
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -226,8 +240,8 @@ impl ApiProject for ApiV2 {
    async fn edit_project_icon(
        &self,
        id_or_slug: &str,
-        icon: Option<CommonImageData>,
-        pat: &str,
+        icon: Option<ImageData>,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        if let Some(icon) = icon {
            // If an icon is provided, upload it
@@ -236,7 +250,7 @@ impl ApiProject for ApiV2 {
                    "/v2/project/{id_or_slug}/icon?ext={ext}",
                    ext = icon.extension
                ))
-                .append_header(("Authorization", pat))
+                .append_pat(pat)
                .set_payload(Bytes::from(icon.icon))
                .to_request();

@@ -245,10 +259,110 @@ impl ApiProject for ApiV2 {
            // If no icon is provided, delete the icon
            let req = test::TestRequest::delete()
                .uri(&format!("/v2/project/{id_or_slug}/icon"))
-                .append_header(("Authorization", pat))
+                .append_pat(pat)
                .to_request();

            self.call(req).await
        }
    }
+
+    async fn schedule_project(
+        &self,
+        id_or_slug: &str,
+        requested_status: &str,
+        date: DateTime<Utc>,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let req = test::TestRequest::post()
+            .uri(&format!("/v2/version/{id_or_slug}/schedule"))
+            .set_json(json!(
+                {
+                    "requested_status": requested_status,
+                    "time": date,
+                }
+            ))
+            .append_pat(pat)
+            .to_request();
+
+        self.call(req).await
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn add_gallery_item(
+        &self,
+        id_or_slug: &str,
+        image: ImageData,
+        featured: bool,
+        title: Option<String>,
+        description: Option<String>,
+        ordering: Option<i32>,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let mut url = format!(
+            "/v2/project/{id_or_slug}/gallery?ext={ext}&featured={featured}",
+            ext = image.extension,
+            featured = featured
+        );
+        if let Some(title) = title {
+            url.push_str(&format!("&title={}", title));
+        }
+        if let Some(description) = description {
+            url.push_str(&format!("&description={}", description));
+        }
+        if let Some(ordering) = ordering {
+            url.push_str(&format!("&ordering={}", ordering));
+        }
+
+        let req = test::TestRequest::post()
+            .uri(&url)
+            .append_pat(pat)
+            .set_payload(Bytes::from(image.icon))
+            .to_request();
+
+        self.call(req).await
+    }
+
+    async fn edit_gallery_item(
+        &self,
+        id_or_slug: &str,
+        image_url: &str,
+        patch: HashMap<String, String>,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let mut url = format!(
+            "/v2/project/{id_or_slug}/gallery?url={image_url}",
+            image_url = urlencoding::encode(image_url)
+        );
+
+        for (key, value) in patch {
+            url.push_str(&format!(
+                "&{key}={value}",
+                key = key,
+                value = urlencoding::encode(&value)
+            ));
+        }
+
+        let req = test::TestRequest::patch()
+            .uri(&url)
+            .append_pat(pat)
+            .to_request();
+        self.call(req).await
+    }
+
+    async fn remove_gallery_item(
+        &self,
+        id_or_slug: &str,
+        url: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let req = test::TestRequest::delete()
+            .uri(&format!(
+                "/v2/project/{id_or_slug}/gallery?url={url}",
+                url = url
+            ))
+            .append_pat(pat)
+            .to_request();
+
+        self.call(req).await
+    }
 }
--- a/tests/common/api_v2/request_data.rs
+++ b/tests/common/api_v2/request_data.rs
@@ -2,8 +2,8 @@
 use serde_json::json;

 use crate::common::{
-    api_common::request_data::{ImageData, ProjectCreationRequestData, VersionCreationRequestData},
-    dummy_data::{DummyImage, TestFile},
+    api_common::request_data::{ProjectCreationRequestData, VersionCreationRequestData},
+    dummy_data::TestFile,
 };
 use labrinth::{
    models::projects::ProjectId,
@@ -123,11 +123,3 @@ pub fn get_public_creation_data_multipart(
        vec![json_segment]
    }
 }
-
-pub fn get_icon_data(dummy_icon: DummyImage) -> ImageData {
-    ImageData {
-        filename: dummy_icon.filename(),
-        extension: dummy_icon.extension(),
-        icon: dummy_icon.bytes(),
-    }
-}
--- a/tests/common/api_v2/tags.rs
+++ b/tests/common/api_v2/tags.rs
@@ -8,7 +8,7 @@ use labrinth::routes::v2::tags::{CategoryData, GameVersionQueryData, LoaderData}
 use crate::common::{
    api_common::{
        models::{CommonCategoryData, CommonLoaderData},
-        Api, ApiTags,
+        Api, ApiTags, AppendsOptionalPat,
    },
    database::ADMIN_USER_PAT,
 };
@@ -21,7 +21,7 @@ impl ApiV2 {
    async fn get_side_types(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v2/tag/side_type")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
@@ -35,7 +35,7 @@ impl ApiV2 {
    pub async fn get_game_versions(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v2/tag/game_version")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
@@ -64,7 +64,7 @@ impl ApiTags for ApiV2 {
    async fn get_loaders(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v2/tag/loader")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
@@ -82,7 +82,7 @@ impl ApiTags for ApiV2 {
    async fn get_categories(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v2/tag/category")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
--- a/tests/common/api_v2/team.rs
+++ b/tests/common/api_v2/team.rs
@@ -10,7 +10,7 @@ use serde_json::json;
 use crate::common::{
    api_common::{
        models::{CommonNotification, CommonTeamMember},
-        Api, ApiTeams,
+        Api, ApiTeams, AppendsOptionalPat,
    },
    asserts::assert_status,
 };
@@ -21,7 +21,7 @@ impl ApiV2 {
    pub async fn get_organization_members_deserialized(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<LegacyTeamMember> {
        let resp = self.get_organization_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -31,7 +31,7 @@ impl ApiV2 {
    pub async fn get_team_members_deserialized(
        &self,
        team_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<LegacyTeamMember> {
        let resp = self.get_team_members(team_id, pat).await;
        assert_eq!(resp.status(), 200);
@@ -41,7 +41,7 @@ impl ApiV2 {
    pub async fn get_user_notifications_deserialized(
        &self,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<LegacyNotification> {
        let resp = self.get_user_notifications(user_id, pat).await;
        assert_eq!(resp.status(), 200);
@@ -51,10 +51,10 @@ impl ApiV2 {

 #[async_trait(?Send)]
 impl ApiTeams for ApiV2 {
-    async fn get_team_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    async fn get_team_members(&self, id_or_title: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v2/team/{id_or_title}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -62,7 +62,7 @@ impl ApiTeams for ApiV2 {
    async fn get_team_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember> {
        let resp = self.get_team_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -72,10 +72,10 @@ impl ApiTeams for ApiV2 {
        test::read_body_json(resp).await
    }

-    async fn get_project_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    async fn get_project_members(&self, id_or_title: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v2/project/{id_or_title}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -83,7 +83,7 @@ impl ApiTeams for ApiV2 {
    async fn get_project_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember> {
        let resp = self.get_project_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -93,10 +93,14 @@ impl ApiTeams for ApiV2 {
        test::read_body_json(resp).await
    }

-    async fn get_organization_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    async fn get_organization_members(
+        &self,
+        id_or_title: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v2/organization/{id_or_title}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -104,7 +108,7 @@ impl ApiTeams for ApiV2 {
    async fn get_organization_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember> {
        let resp = self.get_organization_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -114,18 +118,23 @@ impl ApiTeams for ApiV2 {
        test::read_body_json(resp).await
    }

-    async fn join_team(&self, team_id: &str, pat: &str) -> ServiceResponse {
+    async fn join_team(&self, team_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri(&format!("/v2/team/{team_id}/join"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    async fn remove_from_team(&self, team_id: &str, user_id: &str, pat: &str) -> ServiceResponse {
+    async fn remove_from_team(
+        &self,
+        team_id: &str,
+        user_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v2/team/{team_id}/members/{user_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -135,11 +144,11 @@ impl ApiTeams for ApiV2 {
        team_id: &str,
        user_id: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v2/team/{team_id}/members/{user_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();
        self.call(req).await
@@ -149,11 +158,11 @@ impl ApiTeams for ApiV2 {
        &self,
        team_id: &str,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v2/team/{team_id}/owner"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "user_id": user_id,
            }))
@@ -161,10 +170,10 @@ impl ApiTeams for ApiV2 {
        self.call(req).await
    }

-    async fn get_user_notifications(&self, user_id: &str, pat: &str) -> ServiceResponse {
+    async fn get_user_notifications(&self, user_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v2/user/{user_id}/notifications"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -172,7 +181,7 @@ impl ApiTeams for ApiV2 {
    async fn get_user_notifications_deserialized_common(
        &self,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonNotification> {
        let resp = self.get_user_notifications(user_id, pat).await;
        assert_status(&resp, StatusCode::OK);
@@ -183,10 +192,14 @@ impl ApiTeams for ApiV2 {
        serde_json::from_value(value).unwrap()
    }

-    async fn mark_notification_read(&self, notification_id: &str, pat: &str) -> ServiceResponse {
+    async fn mark_notification_read(
+        &self,
+        notification_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v2/notification/{notification_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -197,11 +210,11 @@ impl ApiTeams for ApiV2 {
        user_id: &str,
        project_permissions: Option<ProjectPermissions>,
        organization_permissions: Option<OrganizationPermissions>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri(&format!("/v2/team/{team_id}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!( {
                "user_id": user_id,
                "permissions" : project_permissions.map(|p| p.bits()).unwrap_or_default(),
@@ -211,10 +224,14 @@ impl ApiTeams for ApiV2 {
        self.call(req).await
    }

-    async fn delete_notification(&self, notification_id: &str, pat: &str) -> ServiceResponse {
+    async fn delete_notification(
+        &self,
+        notification_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v2/notification/{notification_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
--- a/tests/common/api_v2/version.rs
+++ b/tests/common/api_v2/version.rs
@@ -1,12 +1,15 @@
 use std::collections::HashMap;

-use super::{request_data::get_public_version_creation_data, ApiV2};
+use super::{
+    request_data::{self, get_public_version_creation_data},
+    ApiV2,
+};
 use crate::common::{
-    api_common::{models::CommonVersion, Api, ApiVersion},
+    api_common::{models::CommonVersion, Api, ApiVersion, AppendsOptionalPat},
    asserts::assert_status,
    dummy_data::TestFile,
 };
-use actix_http::{header::AUTHORIZATION, StatusCode};
+use actix_http::StatusCode;
 use actix_web::{
    dev::ServiceResponse,
    test::{self, TestRequest},
@@ -28,7 +31,7 @@ pub fn url_encode_json_serialized_vec(elements: &[String]) -> String {
 }

 impl ApiV2 {
-    pub async fn get_version_deserialized(&self, id: &str, pat: &str) -> LegacyVersion {
+    pub async fn get_version_deserialized(&self, id: &str, pat: Option<&str>) -> LegacyVersion {
        let resp = self.get_version(id, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
@@ -38,7 +41,7 @@ impl ApiV2 {
        &self,
        hash: &str,
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> LegacyVersion {
        let resp = self.get_version_from_hash(hash, algorithm, pat).await;
        assert_eq!(resp.status(), 200);
@@ -49,7 +52,7 @@ impl ApiV2 {
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, LegacyVersion> {
        let resp = self.get_versions_from_hashes(hashes, algorithm, pat).await;
        assert_eq!(resp.status(), 200);
@@ -60,11 +63,11 @@ impl ApiV2 {
        &self,
        algorithm: &str,
        hashes: Vec<FileUpdateData>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri("/v2/version_files/update_individual")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "algorithm": algorithm,
                "hashes": hashes
@@ -77,7 +80,7 @@ impl ApiV2 {
        &self,
        algorithm: &str,
        hashes: Vec<FileUpdateData>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, LegacyVersion> {
        let resp = self.update_individual_files(algorithm, hashes, pat).await;
        assert_eq!(resp.status(), 200);
@@ -94,7 +97,7 @@ impl ApiVersion for ApiV2 {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let creation_data = get_public_version_creation_data(
            project_id,
@@ -107,7 +110,7 @@ impl ApiVersion for ApiV2 {
        // Add a project.
        let req = TestRequest::post()
            .uri("/v2/version")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_multipart(creation_data.segment_data)
            .to_request();
        self.call(req).await
@@ -120,7 +123,7 @@ impl ApiVersion for ApiV2 {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion {
        let resp = self
            .add_public_version(
@@ -140,15 +143,15 @@ impl ApiVersion for ApiV2 {
        serde_json::from_value(value).unwrap()
    }

-    async fn get_version(&self, id: &str, pat: &str) -> ServiceResponse {
+    async fn get_version(&self, id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/v2/version/{id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    async fn get_version_deserialized_common(&self, id: &str, pat: &str) -> CommonVersion {
+    async fn get_version_deserialized_common(&self, id: &str, pat: Option<&str>) -> CommonVersion {
        let resp = self.get_version(id, pat).await;
        assert_eq!(resp.status(), 200);
        // First, deserialize to the non-common format (to test the response is valid for this api version)
@@ -162,11 +165,11 @@ impl ApiVersion for ApiV2 {
        &self,
        version_id: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v2/version/{version_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -177,11 +180,11 @@ impl ApiVersion for ApiV2 {
        &self,
        hash: &str,
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v2/version_file/{hash}?algorithm={algorithm}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -190,7 +193,7 @@ impl ApiVersion for ApiV2 {
        &self,
        hash: &str,
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion {
        let resp = self.get_version_from_hash(hash, algorithm, pat).await;
        assert_eq!(resp.status(), 200);
@@ -205,11 +208,11 @@ impl ApiVersion for ApiV2 {
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = TestRequest::post()
            .uri("/v2/version_files")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "hashes": hashes,
                "algorithm": algorithm,
@@ -222,7 +225,7 @@ impl ApiVersion for ApiV2 {
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, CommonVersion> {
        let resp = self.get_versions_from_hashes(hashes, algorithm, pat).await;
        assert_eq!(resp.status(), 200);
@@ -240,13 +243,13 @@ impl ApiVersion for ApiV2 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri(&format!(
                "/v2/version_file/{hash}/update?algorithm={algorithm}"
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "loaders": loaders,
                "game_versions": game_versions,
@@ -263,7 +266,7 @@ impl ApiVersion for ApiV2 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion {
        let resp = self
            .get_update_from_hash(hash, algorithm, loaders, game_versions, version_types, pat)
@@ -283,11 +286,11 @@ impl ApiVersion for ApiV2 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri("/v2/version_files/update")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "algorithm": algorithm,
                "hashes": hashes,
@@ -306,7 +309,7 @@ impl ApiVersion for ApiV2 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, CommonVersion> {
        let resp = self
            .update_files(
@@ -337,7 +340,7 @@ impl ApiVersion for ApiV2 {
        version_type: Option<VersionType>,
        limit: Option<usize>,
        offset: Option<usize>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let mut query_string = String::new();
        if let Some(game_versions) = game_versions {
@@ -372,7 +375,7 @@ impl ApiVersion for ApiV2 {
                "/v2/project/{project_id_slug}/version?{}",
                query_string.trim_start_matches('&')
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -387,7 +390,7 @@ impl ApiVersion for ApiV2 {
        version_type: Option<VersionType>,
        limit: Option<usize>,
        offset: Option<usize>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonVersion> {
        let resp = self
            .get_project_versions(
@@ -413,7 +416,7 @@ impl ApiVersion for ApiV2 {
        &self,
        version_id: &str,
        ordering: Option<i32>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let request = test::TestRequest::patch()
            .uri(&format!("/v2/version/{version_id}"))
@@ -422,16 +425,16 @@ impl ApiVersion for ApiV2 {
                    "ordering": ordering
                }
            ))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        self.call(request).await
    }

-    async fn get_versions(&self, version_ids: Vec<String>, pat: &str) -> ServiceResponse {
+    async fn get_versions(&self, version_ids: Vec<String>, pat: Option<&str>) -> ServiceResponse {
        let ids = url_encode_json_serialized_vec(&version_ids);
        let request = test::TestRequest::get()
            .uri(&format!("/v2/versions?ids={}", ids))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        self.call(request).await
    }
@@ -439,7 +442,7 @@ impl ApiVersion for ApiV2 {
    async fn get_versions_deserialized_common(
        &self,
        version_ids: Vec<String>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonVersion> {
        let resp = self.get_versions(version_ids, pat).await;
        assert_status(&resp, StatusCode::OK);
@@ -449,4 +452,40 @@ impl ApiVersion for ApiV2 {
        let value = serde_json::to_value(v).unwrap();
        serde_json::from_value(value).unwrap()
    }
+
+    async fn upload_file_to_version(
+        &self,
+        version_id: &str,
+        file: &TestFile,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let m = request_data::get_public_creation_data_multipart(
+            &json!({
+                "file_parts": [file.filename()]
+            }),
+            Some(file),
+        );
+        let request = test::TestRequest::post()
+            .uri(&format!("/v2/version/{version_id}/file"))
+            .append_pat(pat)
+            .set_multipart(m)
+            .to_request();
+        self.call(request).await
+    }
+
+    async fn remove_version(&self, version_id: &str, pat: Option<&str>) -> ServiceResponse {
+        let request = test::TestRequest::delete()
+            .uri(&format!("/v2/version/{version_id}"))
+            .append_pat(pat)
+            .to_request();
+        self.call(request).await
+    }
+
+    async fn remove_version_file(&self, hash: &str, pat: Option<&str>) -> ServiceResponse {
+        let request = test::TestRequest::delete()
+            .uri(&format!("/v2/version_file/{hash}"))
+            .append_pat(pat)
+            .to_request();
+        self.call(request).await
+    }
 }
--- a/tests/common/api_v3/oauth.rs
+++ b/tests/common/api_v3/oauth.rs
@@ -10,7 +10,10 @@ use labrinth::auth::oauth::{
 };
 use reqwest::header::{AUTHORIZATION, LOCATION};

-use crate::common::{api_common::Api, asserts::assert_status};
+use crate::common::{
+    api_common::{Api, AppendsOptionalPat},
+    asserts::assert_status,
+};

 use super::ApiV3;

@@ -22,7 +25,7 @@ impl ApiV3 {
        scope: Option<&str>,
        redirect_uri: Option<&str>,
        state: Option<&str>,
-        user_pat: &str,
+        user_pat: Option<&str>,
    ) -> String {
        let auth_resp = self
            .oauth_authorize(client_id, scope, redirect_uri, state, user_pat)
@@ -42,21 +45,18 @@ impl ApiV3 {
        scope: Option<&str>,
        redirect_uri: Option<&str>,
        state: Option<&str>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let uri = generate_authorize_uri(client_id, scope, redirect_uri, state);
-        let req = TestRequest::get()
-            .uri(&uri)
-            .append_header((AUTHORIZATION, pat))
-            .to_request();
+        let req = TestRequest::get().uri(&uri).append_pat(pat).to_request();
        self.call(req).await
    }

-    pub async fn oauth_accept(&self, flow: &str, pat: &str) -> ServiceResponse {
+    pub async fn oauth_accept(&self, flow: &str, pat: Option<&str>) -> ServiceResponse {
        self.call(
            TestRequest::post()
                .uri("/_internal/oauth/accept")
-                .append_header((AUTHORIZATION, pat))
+                .append_pat(pat)
                .set_json(RespondToOAuthClientScopes {
                    flow: flow.to_string(),
                })
@@ -65,11 +65,11 @@ impl ApiV3 {
        .await
    }

-    pub async fn oauth_reject(&self, flow: &str, pat: &str) -> ServiceResponse {
+    pub async fn oauth_reject(&self, flow: &str, pat: Option<&str>) -> ServiceResponse {
        self.call(
            TestRequest::post()
                .uri("/_internal/oauth/reject")
-                .append_header((AUTHORIZATION, pat))
+                .append_pat(pat)
                .set_json(RespondToOAuthClientScopes {
                    flow: flow.to_string(),
                })
--- a/tests/common/api_v3/oauth_clients.rs
+++ b/tests/common/api_v3/oauth_clients.rs
@@ -10,10 +10,12 @@ use labrinth::{
    },
    routes::v3::oauth_clients::OAuthClientEdit,
 };
-use reqwest::header::AUTHORIZATION;
 use serde_json::json;

-use crate::common::{api_common::Api, asserts::assert_status};
+use crate::common::{
+    api_common::{Api, AppendsOptionalPat},
+    asserts::assert_status,
+};

 use super::ApiV3;

@@ -23,12 +25,12 @@ impl ApiV3 {
        name: String,
        max_scopes: Scopes,
        redirect_uris: Vec<String>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let max_scopes = max_scopes.bits();
        let req = TestRequest::post()
            .uri("/_internal/oauth/app")
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .set_json(json!({
                "name": name,
                "max_scopes": max_scopes,
@@ -39,10 +41,14 @@ impl ApiV3 {
        self.call(req).await
    }

-    pub async fn get_user_oauth_clients(&self, user_id: &str, pat: &str) -> Vec<OAuthClient> {
+    pub async fn get_user_oauth_clients(
+        &self,
+        user_id: &str,
+        pat: Option<&str>,
+    ) -> Vec<OAuthClient> {
        let req = TestRequest::get()
            .uri(&format!("/v3/user/{}/oauth_apps", user_id))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        let resp = self.call(req).await;
        assert_status(&resp, StatusCode::OK);
@@ -50,10 +56,10 @@ impl ApiV3 {
        test::read_body_json(resp).await
    }

-    pub async fn get_oauth_client(&self, client_id: String, pat: &str) -> ServiceResponse {
+    pub async fn get_oauth_client(&self, client_id: String, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/_internal/oauth/app/{}", client_id))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();

        self.call(req).await
@@ -63,7 +69,7 @@ impl ApiV3 {
        &self,
        client_id: &str,
        edit: OAuthClientEdit,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = TestRequest::patch()
            .uri(&format!(
@@ -71,36 +77,43 @@ impl ApiV3 {
                urlencoding::encode(client_id)
            ))
            .set_json(edit)
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();

        self.call(req).await
    }

-    pub async fn delete_oauth_client(&self, client_id: &str, pat: &str) -> ServiceResponse {
+    pub async fn delete_oauth_client(&self, client_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::delete()
            .uri(&format!("/_internal/oauth/app/{}", client_id))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();

        self.call(req).await
    }

-    pub async fn revoke_oauth_authorization(&self, client_id: &str, pat: &str) -> ServiceResponse {
+    pub async fn revoke_oauth_authorization(
+        &self,
+        client_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = TestRequest::delete()
            .uri(&format!(
                "/_internal/oauth/authorizations?client_id={}",
                urlencoding::encode(client_id)
            ))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    pub async fn get_user_oauth_authorizations(&self, pat: &str) -> Vec<OAuthClientAuthorization> {
+    pub async fn get_user_oauth_authorizations(
+        &self,
+        pat: Option<&str>,
+    ) -> Vec<OAuthClientAuthorization> {
        let req = TestRequest::get()
            .uri("/_internal/oauth/authorizations")
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        let resp = self.call(req).await;
        assert_status(&resp, StatusCode::OK);
--- a/tests/common/api_v3/organization.rs
+++ b/tests/common/api_v3/organization.rs
@@ -6,7 +6,7 @@ use bytes::Bytes;
 use labrinth::models::{organizations::Organization, v3::projects::Project};
 use serde_json::json;

-use crate::common::api_common::{request_data::ImageData, Api};
+use crate::common::api_common::{request_data::ImageData, Api, AppendsOptionalPat};

 use super::ApiV3;

@@ -15,11 +15,11 @@ impl ApiV3 {
        &self,
        organization_title: &str,
        description: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri("/v3/organization")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "name": organization_title,
                "description": description,
@@ -28,10 +28,10 @@ impl ApiV3 {
        self.call(req).await
    }

-    pub async fn get_organization(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    pub async fn get_organization(&self, id_or_title: &str, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/v3/organization/{id_or_title}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -39,17 +39,21 @@ impl ApiV3 {
    pub async fn get_organization_deserialized(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Organization {
        let resp = self.get_organization(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
    }

-    pub async fn get_organization_projects(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    pub async fn get_organization_projects(
+        &self,
+        id_or_title: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/organization/{id_or_title}/projects"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -57,7 +61,7 @@ impl ApiV3 {
    pub async fn get_organization_projects_deserialized(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<Project> {
        let resp = self.get_organization_projects(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -68,11 +72,11 @@ impl ApiV3 {
        &self,
        id_or_title: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v3/organization/{id_or_title}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -83,7 +87,7 @@ impl ApiV3 {
        &self,
        id_or_title: &str,
        icon: Option<ImageData>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        if let Some(icon) = icon {
            // If an icon is provided, upload it
@@ -92,7 +96,7 @@ impl ApiV3 {
                    "/v3/organization/{id_or_title}/icon?ext={ext}",
                    ext = icon.extension
                ))
-                .append_header(("Authorization", pat))
+                .append_pat(pat)
                .set_payload(Bytes::from(icon.icon))
                .to_request();

@@ -101,17 +105,21 @@ impl ApiV3 {
            // If no icon is provided, delete the icon
            let req = test::TestRequest::delete()
                .uri(&format!("/v3/organization/{id_or_title}/icon"))
-                .append_header(("Authorization", pat))
+                .append_pat(pat)
                .to_request();

            self.call(req).await
        }
    }

-    pub async fn delete_organization(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    pub async fn delete_organization(
+        &self,
+        id_or_title: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v3/organization/{id_or_title}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();

        self.call(req).await
@@ -121,11 +129,11 @@ impl ApiV3 {
        &self,
        id_or_title: &str,
        project_id_or_slug: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri(&format!("/v3/organization/{id_or_title}/projects"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "project_id": project_id_or_slug,
            }))
@@ -138,13 +146,13 @@ impl ApiV3 {
        &self,
        id_or_title: &str,
        project_id_or_slug: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!(
                "/v3/organization/{id_or_title}/projects/{project_id_or_slug}"
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();

        self.call(req).await
--- a/tests/common/api_v3/project.rs
+++ b/tests/common/api_v3/project.rs
@@ -17,9 +17,9 @@ use serde_json::json;

 use crate::common::{
    api_common::{
-        models::{CommonImageData, CommonProject, CommonVersion},
-        request_data::ProjectCreationRequestData,
-        Api, ApiProject,
+        models::{CommonProject, CommonVersion},
+        request_data::{ImageData, ProjectCreationRequestData},
+        Api, ApiProject, AppendsOptionalPat,
    },
    asserts::assert_status,
    database::MOD_USER_PAT,
@@ -38,7 +38,7 @@ impl ApiProject for ApiV3 {
        slug: &str,
        version_jar: Option<TestFile>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> (CommonProject, Vec<CommonVersion>) {
        let creation_data = get_public_project_creation_data(slug, version_jar, modify_json);

@@ -50,7 +50,7 @@ impl ApiProject for ApiV3 {
        // Approve as a moderator.
        let req = TestRequest::patch()
            .uri(&format!("/v3/project/{}", slug))
-            .append_header(("Authorization", MOD_USER_PAT))
+            .append_pat(MOD_USER_PAT)
            .set_json(json!(
                {
                    "status": "approved"
@@ -66,7 +66,7 @@ impl ApiProject for ApiV3 {
        // Get project's versions
        let req = TestRequest::get()
            .uri(&format!("/v3/project/{}/version", slug))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        let resp = self.call(req).await;
        let versions: Vec<CommonVersion> = test::read_body_json(resp).await;
@@ -85,35 +85,38 @@ impl ApiProject for ApiV3 {
    async fn create_project(
        &self,
        creation_data: ProjectCreationRequestData,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = TestRequest::post()
            .uri("/v3/project")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_multipart(creation_data.segment_data)
            .to_request();
        self.call(req).await
    }

-    async fn remove_project(&self, project_slug_or_id: &str, pat: &str) -> ServiceResponse {
+    async fn remove_project(&self, project_slug_or_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v3/project/{project_slug_or_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
-        let resp = self.call(req).await;
-        assert_eq!(resp.status(), 204);
-        resp
+
+        self.call(req).await
    }

-    async fn get_project(&self, id_or_slug: &str, pat: &str) -> ServiceResponse {
+    async fn get_project(&self, id_or_slug: &str, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/v3/project/{id_or_slug}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    async fn get_project_deserialized_common(&self, id_or_slug: &str, pat: &str) -> CommonProject {
+    async fn get_project_deserialized_common(
+        &self,
+        id_or_slug: &str,
+        pat: Option<&str>,
+    ) -> CommonProject {
        let resp = self.get_project(id_or_slug, pat).await;
        assert_eq!(resp.status(), 200);
        // First, deserialize to the non-common format (to test the response is valid for this api version)
@@ -123,10 +126,14 @@ impl ApiProject for ApiV3 {
        serde_json::from_value(value).unwrap()
    }

-    async fn get_user_projects(&self, user_id_or_username: &str, pat: &str) -> ServiceResponse {
+    async fn get_user_projects(
+        &self,
+        user_id_or_username: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/user/{}/projects", user_id_or_username))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -134,7 +141,7 @@ impl ApiProject for ApiV3 {
    async fn get_user_projects_deserialized_common(
        &self,
        user_id_or_username: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonProject> {
        let resp = self.get_user_projects(user_id_or_username, pat).await;
        assert_eq!(resp.status(), 200);
@@ -149,11 +156,11 @@ impl ApiProject for ApiV3 {
        &self,
        id_or_slug: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v3/project/{id_or_slug}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -164,7 +171,7 @@ impl ApiProject for ApiV3 {
        &self,
        ids_or_slugs: &[&str],
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let projects_str = ids_or_slugs
            .iter()
@@ -176,7 +183,7 @@ impl ApiProject for ApiV3 {
                "/v3/projects?ids={encoded}",
                encoded = urlencoding::encode(&format!("[{projects_str}]"))
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -186,8 +193,8 @@ impl ApiProject for ApiV3 {
    async fn edit_project_icon(
        &self,
        id_or_slug: &str,
-        icon: Option<CommonImageData>,
-        pat: &str,
+        icon: Option<ImageData>,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        if let Some(icon) = icon {
            // If an icon is provided, upload it
@@ -196,7 +203,7 @@ impl ApiProject for ApiV3 {
                    "/v3/project/{id_or_slug}/icon?ext={ext}",
                    ext = icon.extension
                ))
-                .append_header(("Authorization", pat))
+                .append_pat(pat)
                .set_payload(Bytes::from(icon.icon))
                .to_request();

@@ -205,16 +212,120 @@ impl ApiProject for ApiV3 {
            // If no icon is provided, delete the icon
            let req = test::TestRequest::delete()
                .uri(&format!("/v3/project/{id_or_slug}/icon"))
-                .append_header(("Authorization", pat))
+                .append_pat(pat)
                .to_request();

            self.call(req).await
        }
    }
+
+    async fn schedule_project(
+        &self,
+        id_or_slug: &str,
+        requested_status: &str,
+        date: DateTime<Utc>,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let req = test::TestRequest::post()
+            .uri(&format!("/v3/version/{id_or_slug}/schedule"))
+            .set_json(json!(
+                {
+                    "requested_status": requested_status,
+                    "time": date,
+                }
+            ))
+            .append_pat(pat)
+            .to_request();
+
+        self.call(req).await
+    }
+
+    #[allow(clippy::too_many_arguments)]
+    async fn add_gallery_item(
+        &self,
+        id_or_slug: &str,
+        image: ImageData,
+        featured: bool,
+        title: Option<String>,
+        description: Option<String>,
+        ordering: Option<i32>,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let mut url = format!(
+            "/v3/project/{id_or_slug}/gallery?ext={ext}&featured={featured}",
+            ext = image.extension,
+            featured = featured
+        );
+        if let Some(title) = title {
+            url.push_str(&format!("&title={}", title));
+        }
+        if let Some(description) = description {
+            url.push_str(&format!("&description={}", description));
+        }
+        if let Some(ordering) = ordering {
+            url.push_str(&format!("&ordering={}", ordering));
+        }
+
+        let req = test::TestRequest::post()
+            .uri(&url)
+            .append_pat(pat)
+            .set_payload(Bytes::from(image.icon))
+            .to_request();
+
+        self.call(req).await
+    }
+
+    async fn edit_gallery_item(
+        &self,
+        id_or_slug: &str,
+        image_url: &str,
+        patch: HashMap<String, String>,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let mut url = format!(
+            "/v3/project/{id_or_slug}/gallery?url={image_url}",
+            image_url = urlencoding::encode(image_url)
+        );
+
+        for (key, value) in patch {
+            url.push_str(&format!(
+                "&{key}={value}",
+                key = key,
+                value = urlencoding::encode(&value)
+            ));
+        }
+
+        let req = test::TestRequest::patch()
+            .uri(&url)
+            .append_pat(pat)
+            .to_request();
+
+        let t = self.call(req).await;
+        println!("Status: {}", t.status());
+        println!("respone Body: {:?}", t.response().body());
+        t
+    }
+
+    async fn remove_gallery_item(
+        &self,
+        id_or_slug: &str,
+        url: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let req = test::TestRequest::delete()
+            .uri(&format!(
+                "/v3/project/{id_or_slug}/gallery?url={url}",
+                url = url
+            ))
+            .append_pat(pat)
+            .to_request();
+
+        self.call(req).await
+    }
 }

 impl ApiV3 {
-    pub async fn get_project_deserialized(&self, id_or_slug: &str, pat: &str) -> Project {
+    pub async fn get_project_deserialized(&self, id_or_slug: &str, pat: Option<&str>) -> Project {
        let resp = self.get_project(id_or_slug, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
@@ -224,7 +335,7 @@ impl ApiV3 {
        &self,
        query: Option<&str>,
        facets: Option<serde_json::Value>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ReturnSearchResults {
        let query_field = if let Some(query) = query {
            format!("&query={}", urlencoding::encode(query))
@@ -240,7 +351,7 @@ impl ApiV3 {

        let req = test::TestRequest::get()
            .uri(&format!("/v3/search?{}{}", query_field, facets_field))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        let resp = self.call(req).await;
        let status = resp.status();
@@ -255,7 +366,7 @@ impl ApiV3 {
        start_date: Option<DateTime<Utc>>,
        end_date: Option<DateTime<Utc>>,
        resolution_minutes: Option<u32>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let pv_string = if ids_are_version_ids {
            let version_string: String = serde_json::to_string(&id_or_slugs).unwrap();
@@ -286,7 +397,7 @@ impl ApiV3 {

        let req = test::TestRequest::get()
            .uri(&format!("/v3/analytics/revenue?{pv_string}{extra_args}",))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();

        self.call(req).await
@@ -299,7 +410,7 @@ impl ApiV3 {
        start_date: Option<DateTime<Utc>>,
        end_date: Option<DateTime<Utc>>,
        resolution_minutes: Option<u32>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, HashMap<i64, Decimal>> {
        let resp = self
            .get_analytics_revenue(
--- a/tests/common/api_v3/request_data.rs
+++ b/tests/common/api_v3/request_data.rs
@@ -2,8 +2,8 @@
 use serde_json::json;

 use crate::common::{
-    api_common::request_data::{ImageData, ProjectCreationRequestData, VersionCreationRequestData},
-    dummy_data::{DummyImage, TestFile},
+    api_common::request_data::{ProjectCreationRequestData, VersionCreationRequestData},
+    dummy_data::TestFile,
 };
 use labrinth::{
    models::projects::ProjectId,
@@ -133,11 +133,3 @@ pub fn get_public_creation_data_multipart(
        vec![json_segment]
    }
 }
-
-pub fn get_icon_data(dummy_icon: DummyImage) -> ImageData {
-    ImageData {
-        filename: dummy_icon.filename(),
-        extension: dummy_icon.extension(),
-        icon: dummy_icon.bytes(),
-    }
-}
--- a/tests/common/api_v3/tags.rs
+++ b/tests/common/api_v3/tags.rs
@@ -11,7 +11,7 @@ use labrinth::{
 use crate::common::{
    api_common::{
        models::{CommonCategoryData, CommonLoaderData},
-        Api, ApiTags,
+        Api, ApiTags, AppendsOptionalPat,
    },
    database::ADMIN_USER_PAT,
 };
@@ -23,7 +23,7 @@ impl ApiTags for ApiV3 {
    async fn get_loaders(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v3/tag/loader")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
@@ -41,7 +41,7 @@ impl ApiTags for ApiV3 {
    async fn get_categories(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v3/tag/category")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
@@ -67,7 +67,7 @@ impl ApiV3 {
    pub async fn get_loader_field_variants(&self, loader_field: &str) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/v3/loader_field?loader_field={}", loader_field))
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
@@ -85,7 +85,7 @@ impl ApiV3 {
    async fn get_games(&self) -> ServiceResponse {
        let req = TestRequest::get()
            .uri("/v3/games")
-            .append_header(("Authorization", ADMIN_USER_PAT))
+            .append_pat(ADMIN_USER_PAT)
            .to_request();
        self.call(req).await
    }
--- a/tests/common/api_v3/team.rs
+++ b/tests/common/api_v3/team.rs
@@ -10,7 +10,7 @@ use serde_json::json;
 use crate::common::{
    api_common::{
        models::{CommonNotification, CommonTeamMember},
-        Api, ApiTeams,
+        Api, ApiTeams, AppendsOptionalPat,
    },
    asserts::assert_status,
 };
@@ -21,14 +21,18 @@ impl ApiV3 {
    pub async fn get_organization_members_deserialized(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<TeamMember> {
        let resp = self.get_organization_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
    }

-    pub async fn get_team_members_deserialized(&self, team_id: &str, pat: &str) -> Vec<TeamMember> {
+    pub async fn get_team_members_deserialized(
+        &self,
+        team_id: &str,
+        pat: Option<&str>,
+    ) -> Vec<TeamMember> {
        let resp = self.get_team_members(team_id, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
@@ -37,10 +41,10 @@ impl ApiV3 {

 #[async_trait(?Send)]
 impl ApiTeams for ApiV3 {
-    async fn get_team_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    async fn get_team_members(&self, id_or_title: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/team/{id_or_title}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -48,7 +52,7 @@ impl ApiTeams for ApiV3 {
    async fn get_team_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember> {
        let resp = self.get_team_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -59,10 +63,10 @@ impl ApiTeams for ApiV3 {
        serde_json::from_value(value).unwrap()
    }

-    async fn get_project_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    async fn get_project_members(&self, id_or_title: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/project/{id_or_title}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -70,7 +74,7 @@ impl ApiTeams for ApiV3 {
    async fn get_project_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember> {
        let resp = self.get_project_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -81,10 +85,14 @@ impl ApiTeams for ApiV3 {
        serde_json::from_value(value).unwrap()
    }

-    async fn get_organization_members(&self, id_or_title: &str, pat: &str) -> ServiceResponse {
+    async fn get_organization_members(
+        &self,
+        id_or_title: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/organization/{id_or_title}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -92,7 +100,7 @@ impl ApiTeams for ApiV3 {
    async fn get_organization_members_deserialized_common(
        &self,
        id_or_title: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonTeamMember> {
        let resp = self.get_organization_members(id_or_title, pat).await;
        assert_eq!(resp.status(), 200);
@@ -103,18 +111,23 @@ impl ApiTeams for ApiV3 {
        serde_json::from_value(value).unwrap()
    }

-    async fn join_team(&self, team_id: &str, pat: &str) -> ServiceResponse {
+    async fn join_team(&self, team_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri(&format!("/v3/team/{team_id}/join"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    async fn remove_from_team(&self, team_id: &str, user_id: &str, pat: &str) -> ServiceResponse {
+    async fn remove_from_team(
+        &self,
+        team_id: &str,
+        user_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v3/team/{team_id}/members/{user_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -124,11 +137,11 @@ impl ApiTeams for ApiV3 {
        team_id: &str,
        user_id: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v3/team/{team_id}/members/{user_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();
        self.call(req).await
@@ -138,11 +151,11 @@ impl ApiTeams for ApiV3 {
        &self,
        team_id: &str,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v3/team/{team_id}/owner"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "user_id": user_id,
            }))
@@ -150,10 +163,10 @@ impl ApiTeams for ApiV3 {
        self.call(req).await
    }

-    async fn get_user_notifications(&self, user_id: &str, pat: &str) -> ServiceResponse {
+    async fn get_user_notifications(&self, user_id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/user/{user_id}/notifications"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -161,7 +174,7 @@ impl ApiTeams for ApiV3 {
    async fn get_user_notifications_deserialized_common(
        &self,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonNotification> {
        let resp = self.get_user_notifications(user_id, pat).await;
        assert_status(&resp, StatusCode::OK);
@@ -172,10 +185,14 @@ impl ApiTeams for ApiV3 {
        serde_json::from_value(value).unwrap()
    }

-    async fn mark_notification_read(&self, notification_id: &str, pat: &str) -> ServiceResponse {
+    async fn mark_notification_read(
+        &self,
+        notification_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v3/notification/{notification_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -185,11 +202,11 @@ impl ApiTeams for ApiV3 {
        user_id: &str,
        project_permissions: Option<ProjectPermissions>,
        organization_permissions: Option<OrganizationPermissions>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri(&format!("/v3/team/{team_id}/members"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!( {
                "user_id": user_id,
                "permissions" : project_permissions.map(|p| p.bits()).unwrap_or_default(),
@@ -199,10 +216,14 @@ impl ApiTeams for ApiV3 {
        self.call(req).await
    }

-    async fn delete_notification(&self, notification_id: &str, pat: &str) -> ServiceResponse {
+    async fn delete_notification(
+        &self,
+        notification_id: &str,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
        let req = test::TestRequest::delete()
            .uri(&format!("/v3/notification/{notification_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
--- a/tests/common/api_v3/version.rs
+++ b/tests/common/api_v3/version.rs
@@ -1,12 +1,15 @@
 use std::collections::HashMap;

-use super::{request_data::get_public_version_creation_data, ApiV3};
+use super::{
+    request_data::{self, get_public_version_creation_data},
+    ApiV3,
+};
 use crate::common::{
-    api_common::{models::CommonVersion, Api, ApiVersion},
+    api_common::{models::CommonVersion, Api, ApiVersion, AppendsOptionalPat},
    asserts::assert_status,
    dummy_data::TestFile,
 };
-use actix_http::{header::AUTHORIZATION, StatusCode};
+use actix_http::StatusCode;
 use actix_web::{
    dev::ServiceResponse,
    test::{self, TestRequest},
@@ -35,7 +38,7 @@ impl ApiV3 {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Version {
        let resp = self
            .add_public_version(
@@ -55,7 +58,7 @@ impl ApiV3 {
        test::read_body_json(version).await
    }

-    pub async fn get_version_deserialized(&self, id: &str, pat: &str) -> Version {
+    pub async fn get_version_deserialized(&self, id: &str, pat: Option<&str>) -> Version {
        let resp = self.get_version(id, pat).await;
        assert_eq!(resp.status(), 200);
        test::read_body_json(resp).await
@@ -65,11 +68,11 @@ impl ApiV3 {
        &self,
        algorithm: &str,
        hashes: Vec<FileUpdateData>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::post()
            .uri("/v3/version_files/update_individual")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "algorithm": algorithm,
                "hashes": hashes
@@ -82,7 +85,7 @@ impl ApiV3 {
        &self,
        algorithm: &str,
        hashes: Vec<FileUpdateData>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, Version> {
        let resp = self.update_individual_files(algorithm, hashes, pat).await;
        assert_eq!(resp.status(), 200);
@@ -99,7 +102,7 @@ impl ApiVersion for ApiV3 {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let creation_data = get_public_version_creation_data(
            project_id,
@@ -112,7 +115,7 @@ impl ApiVersion for ApiV3 {
        // Add a versiom.
        let req = TestRequest::post()
            .uri("/v3/version")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_multipart(creation_data.segment_data)
            .to_request();
        self.call(req).await
@@ -125,7 +128,7 @@ impl ApiVersion for ApiV3 {
        version_jar: TestFile,
        ordering: Option<i32>,
        modify_json: Option<json_patch::Patch>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion {
        let resp = self
            .add_public_version(
@@ -145,15 +148,15 @@ impl ApiVersion for ApiV3 {
        serde_json::from_value(value).unwrap()
    }

-    async fn get_version(&self, id: &str, pat: &str) -> ServiceResponse {
+    async fn get_version(&self, id: &str, pat: Option<&str>) -> ServiceResponse {
        let req = TestRequest::get()
            .uri(&format!("/v3/version/{id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }

-    async fn get_version_deserialized_common(&self, id: &str, pat: &str) -> CommonVersion {
+    async fn get_version_deserialized_common(&self, id: &str, pat: Option<&str>) -> CommonVersion {
        let resp = self.get_version(id, pat).await;
        assert_eq!(resp.status(), 200);
        // First, deserialize to the non-common format (to test the response is valid for this api version)
@@ -167,11 +170,11 @@ impl ApiVersion for ApiV3 {
        &self,
        version_id: &str,
        patch: serde_json::Value,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::patch()
            .uri(&format!("/v3/version/{version_id}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(patch)
            .to_request();

@@ -182,11 +185,11 @@ impl ApiVersion for ApiV3 {
        &self,
        hash: &str,
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = test::TestRequest::get()
            .uri(&format!("/v3/version_file/{hash}?algorithm={algorithm}"))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -195,7 +198,7 @@ impl ApiVersion for ApiV3 {
        &self,
        hash: &str,
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion {
        let resp = self.get_version_from_hash(hash, algorithm, pat).await;
        assert_eq!(resp.status(), 200);
@@ -210,11 +213,11 @@ impl ApiVersion for ApiV3 {
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let req = TestRequest::post()
            .uri("/v3/version_files")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json!({
                "hashes": hashes,
                "algorithm": algorithm,
@@ -227,7 +230,7 @@ impl ApiVersion for ApiV3 {
        &self,
        hashes: &[&str],
        algorithm: &str,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, CommonVersion> {
        let resp = self.get_versions_from_hashes(hashes, algorithm, pat).await;
        assert_eq!(resp.status(), 200);
@@ -245,7 +248,7 @@ impl ApiVersion for ApiV3 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let mut json = json!({});
        if let Some(loaders) = loaders {
@@ -264,7 +267,7 @@ impl ApiVersion for ApiV3 {
            .uri(&format!(
                "/v3/version_file/{hash}/update?algorithm={algorithm}"
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json)
            .to_request();
        self.call(req).await
@@ -277,7 +280,7 @@ impl ApiVersion for ApiV3 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> CommonVersion {
        let resp = self
            .get_update_from_hash(hash, algorithm, loaders, game_versions, version_types, pat)
@@ -297,7 +300,7 @@ impl ApiVersion for ApiV3 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let mut json = json!({
            "algorithm": algorithm,
@@ -317,7 +320,7 @@ impl ApiVersion for ApiV3 {

        let req = test::TestRequest::post()
            .uri("/v3/version_files/update")
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .set_json(json)
            .to_request();
        self.call(req).await
@@ -330,7 +333,7 @@ impl ApiVersion for ApiV3 {
        loaders: Option<Vec<String>>,
        game_versions: Option<Vec<String>>,
        version_types: Option<Vec<String>>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> HashMap<String, CommonVersion> {
        let resp = self
            .update_files(
@@ -361,7 +364,7 @@ impl ApiVersion for ApiV3 {
        version_type: Option<VersionType>,
        limit: Option<usize>,
        offset: Option<usize>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let mut query_string = String::new();
        if let Some(game_versions) = game_versions {
@@ -396,7 +399,7 @@ impl ApiVersion for ApiV3 {
                "/v3/project/{project_id_slug}/version?{}",
                query_string.trim_start_matches('&')
            ))
-            .append_header(("Authorization", pat))
+            .append_pat(pat)
            .to_request();
        self.call(req).await
    }
@@ -411,7 +414,7 @@ impl ApiVersion for ApiV3 {
        version_type: Option<VersionType>,
        limit: Option<usize>,
        offset: Option<usize>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonVersion> {
        let resp = self
            .get_project_versions(
@@ -438,7 +441,7 @@ impl ApiVersion for ApiV3 {
        &self,
        version_id: &str,
        ordering: Option<i32>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> ServiceResponse {
        let request = test::TestRequest::patch()
            .uri(&format!("/v3/version/{version_id}"))
@@ -447,16 +450,16 @@ impl ApiVersion for ApiV3 {
                    "ordering": ordering
                }
            ))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        self.call(request).await
    }

-    async fn get_versions(&self, version_ids: Vec<String>, pat: &str) -> ServiceResponse {
+    async fn get_versions(&self, version_ids: Vec<String>, pat: Option<&str>) -> ServiceResponse {
        let ids = url_encode_json_serialized_vec(&version_ids);
        let request = test::TestRequest::get()
            .uri(&format!("/v3/versions?ids={}", ids))
-            .append_header((AUTHORIZATION, pat))
+            .append_pat(pat)
            .to_request();
        self.call(request).await
    }
@@ -464,7 +467,7 @@ impl ApiVersion for ApiV3 {
    async fn get_versions_deserialized_common(
        &self,
        version_ids: Vec<String>,
-        pat: &str,
+        pat: Option<&str>,
    ) -> Vec<CommonVersion> {
        let resp = self.get_versions(version_ids, pat).await;
        assert_status(&resp, StatusCode::OK);
@@ -474,4 +477,46 @@ impl ApiVersion for ApiV3 {
        let value = serde_json::to_value(v).unwrap();
        serde_json::from_value(value).unwrap()
    }
+
+    async fn upload_file_to_version(
+        &self,
+        version_id: &str,
+        file: &TestFile,
+        pat: Option<&str>,
+    ) -> ServiceResponse {
+        let m = request_data::get_public_creation_data_multipart(
+            &json!({
+                "file_parts": [file.filename()]
+            }),
+            Some(file),
+        );
+        let request = test::TestRequest::post()
+            .uri(&format!(
+                "/v3/version/{version_id}/file",
+                version_id = version_id
+            ))
+            .append_pat(pat)
+            .set_multipart(m)
+            .to_request();
+        self.call(request).await
+    }
+
+    async fn remove_version(&self, version_id: &str, pat: Option<&str>) -> ServiceResponse {
+        let request = test::TestRequest::delete()
+            .uri(&format!(
+                "/v3/version/{version_id}",
+                version_id = version_id
+            ))
+            .append_pat(pat)
+            .to_request();
+        self.call(request).await
+    }
+
+    async fn remove_version_file(&self, hash: &str, pat: Option<&str>) -> ServiceResponse {
+        let request = test::TestRequest::delete()
+            .uri(&format!("/v3/version_file/{hash}"))
+            .append_pat(pat)
+            .to_request();
+        self.call(request).await
+    }
 }
--- a/tests/common/database.rs
+++ b/tests/common/database.rs
@@ -27,11 +27,11 @@ pub const FRIEND_USER_ID_PARSED: i64 = 4;
 pub const ENEMY_USER_ID_PARSED: i64 = 5;

 // These are full-scoped PATs- as if the user was logged in (including illegal scopes).
-pub const ADMIN_USER_PAT: &str = "mrp_patadmin";
-pub const MOD_USER_PAT: &str = "mrp_patmoderator";
-pub const USER_USER_PAT: &str = "mrp_patuser";
-pub const FRIEND_USER_PAT: &str = "mrp_patfriend";
-pub const ENEMY_USER_PAT: &str = "mrp_patenemy";
+pub const ADMIN_USER_PAT: Option<&str> = Some("mrp_patadmin");
+pub const MOD_USER_PAT: Option<&str> = Some("mrp_patmoderator");
+pub const USER_USER_PAT: Option<&str> = Some("mrp_patuser");
+pub const FRIEND_USER_PAT: Option<&str> = Some("mrp_patfriend");
+pub const ENEMY_USER_PAT: Option<&str> = Some("mrp_patenemy");

 const TEMPLATE_DATABASE_NAME: &str = "labrinth_tests_template";

--- a/tests/common/dummy_data.rs
+++ b/tests/common/dummy_data.rs
@@ -16,7 +16,11 @@ use zip::{write::FileOptions, CompressionMethod, ZipWriter};
 use crate::common::{api_common::Api, database::USER_USER_PAT};
 use labrinth::util::actix::{AppendsMultipart, MultipartSegment, MultipartSegmentData};

-use super::{api_common::ApiProject, api_v3::ApiV3, database::TemporaryDatabase};
+use super::{
+    api_common::{request_data::ImageData, ApiProject, AppendsOptionalPat},
+    api_v3::ApiV3,
+    database::TemporaryDatabase,
+};

 use super::{asserts::assert_status, database::USER_USER_ID, get_json_val_str};

@@ -36,9 +40,11 @@ pub const DUMMY_CATEGORIES: &[&str] = &[
 pub const DUMMY_OAUTH_CLIENT_ALPHA_SECRET: &str = "abcdefghijklmnopqrstuvwxyz";

 #[allow(dead_code)]
+#[derive(Clone)]
 pub enum TestFile {
    DummyProjectAlpha,
    DummyProjectBeta,
+    BasicZip,
    BasicMod,
    BasicModDifferent,
    // Randomly generates a valid .jar with a random hash.
@@ -380,7 +386,7 @@ pub async fn add_project_beta(api: &ApiV3) -> (Project, Version) {
    // Add a project.
    let req = TestRequest::post()
        .uri("/v3/project")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .set_multipart(vec![json_segment.clone(), file_segment.clone()])
        .to_request();
    let resp = api.call(req).await;
@@ -393,7 +399,7 @@ pub async fn add_organization_zeta(api: &ApiV3) -> Organization {
    // Add an organzation.
    let req = TestRequest::post()
        .uri("/v3/organization")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .set_json(json!({
            "name": "zeta",
            "description": "A dummy organization for testing with."
@@ -410,7 +416,7 @@ pub async fn get_project_alpha(api: &ApiV3) -> (Project, Version) {
    // Get project
    let req = TestRequest::get()
        .uri("/v3/project/alpha")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .to_request();
    let resp = api.call(req).await;
    let project: Project = test::read_body_json(resp).await;
@@ -418,7 +424,7 @@ pub async fn get_project_alpha(api: &ApiV3) -> (Project, Version) {
    // Get project's versions
    let req = TestRequest::get()
        .uri("/v3/project/alpha/version")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .to_request();
    let resp = api.call(req).await;
    let versions: Vec<Version> = test::read_body_json(resp).await;
@@ -431,7 +437,7 @@ pub async fn get_project_beta(api: &ApiV3) -> (Project, Version) {
    // Get project
    let req = TestRequest::get()
        .uri("/v3/project/beta")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .to_request();
    let resp = api.call(req).await;
    assert_status(&resp, StatusCode::OK);
@@ -441,7 +447,7 @@ pub async fn get_project_beta(api: &ApiV3) -> (Project, Version) {
    // Get project's versions
    let req = TestRequest::get()
        .uri("/v3/project/beta/version")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .to_request();
    let resp = api.call(req).await;
    assert_status(&resp, StatusCode::OK);
@@ -455,7 +461,7 @@ pub async fn get_organization_zeta(api: &ApiV3) -> Organization {
    // Get organization
    let req = TestRequest::get()
        .uri("/v3/organization/zeta")
-        .append_header(("Authorization", USER_USER_PAT))
+        .append_pat(USER_USER_PAT)
        .to_request();
    let resp = api.call(req).await;
    let organization: Organization = test::read_body_json(resp).await;
@@ -475,6 +481,7 @@ impl TestFile {
        match self {
            TestFile::DummyProjectAlpha => "dummy-project-alpha.jar",
            TestFile::DummyProjectBeta => "dummy-project-beta.jar",
+            TestFile::BasicZip => "simple-zip.zip",
            TestFile::BasicMod => "basic-mod.jar",
            TestFile::BasicModDifferent => "basic-mod-different.jar",
            TestFile::BasicModRandom { filename, .. } => filename,
@@ -492,6 +499,7 @@ impl TestFile {
                include_bytes!("../../tests/files/dummy-project-beta.jar").to_vec()
            }
            TestFile::BasicMod => include_bytes!("../../tests/files/basic-mod.jar").to_vec(),
+            TestFile::BasicZip => include_bytes!("../../tests/files/simple-zip.zip").to_vec(),
            TestFile::BasicModDifferent => {
                include_bytes!("../../tests/files/basic-mod-different.jar").to_vec()
            }
@@ -508,10 +516,27 @@ impl TestFile {
            TestFile::BasicModDifferent => "mod",
            TestFile::BasicModRandom { .. } => "mod",

+            TestFile::BasicZip => "resourcepack",
+
            TestFile::BasicModpackRandom { .. } => "modpack",
        }
        .to_string()
    }
+
+    pub fn content_type(&self) -> Option<String> {
+        match self {
+            TestFile::DummyProjectAlpha => Some("application/java-archive"),
+            TestFile::DummyProjectBeta => Some("application/java-archive"),
+            TestFile::BasicMod => Some("application/java-archive"),
+            TestFile::BasicModDifferent => Some("application/java-archive"),
+            TestFile::BasicModRandom { .. } => Some("application/java-archive"),
+
+            TestFile::BasicZip => Some("application/zip"),
+
+            TestFile::BasicModpackRandom { .. } => Some("application/x-modrinth-modpack+zip"),
+        }
+        .map(|s| s.to_string())
+    }
 }

 impl DummyImage {
@@ -534,4 +559,12 @@ impl DummyImage {
            DummyImage::SmallIcon => include_bytes!("../../tests/files/200x200.png").to_vec(),
        }
    }
+
+    pub fn get_icon_data(&self) -> ImageData {
+        ImageData {
+            filename: self.filename(),
+            extension: self.extension(),
+            icon: self.bytes(),
+        }
+    }
 }
--- a/tests/common/environment.rs
+++ b/tests/common/environment.rs
@@ -122,7 +122,7 @@ impl<A: Api> TestEnvironment<A> {
    pub async fn assert_read_notifications_status(
        &self,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
        status_code: StatusCode,
    ) {
        let resp = self.api.get_user_notifications(user_id, pat).await;
@@ -133,7 +133,7 @@ impl<A: Api> TestEnvironment<A> {
    pub async fn assert_read_user_projects_status(
        &self,
        user_id: &str,
-        pat: &str,
+        pat: Option<&str>,
        status_code: StatusCode,
    ) {
        let resp = self.api.get_user_projects(user_id, pat).await;
--- a/tests/common/permissions.rs
+++ b/tests/common/permissions.rs
@@ -1,6 +1,7 @@
 #![allow(dead_code)]
 use actix_http::StatusCode;
-use actix_web::test::{self, TestRequest};
+use actix_web::{dev::ServiceResponse, test};
+use futures::Future;
 use itertools::Itertools;
 use labrinth::models::teams::{OrganizationPermissions, ProjectPermissions};
 use serde_json::json;
@@ -32,7 +33,7 @@ pub struct PermissionsTest<'a, A: Api> {

    // User ID to use for the test user, and their PAT
    user_id: &'a str,
-    user_pat: &'a str,
+    user_pat: Option<&'a str>,

    // Whether or not the user ID should be removed from the project/organization team after the test
    // (This is mostly reelvant if you are also using an existing project/organization, and want to do
@@ -58,15 +59,14 @@ pub struct PermissionsTest<'a, A: Api> {
    failure_json_check: Option<JsonCheck>,
    success_json_check: Option<JsonCheck>,
 }
-
-pub struct PermissionsTestContext<'a> {
-    // pub test_env: &'a TestEnvironment<A>,
-    pub user_id: &'a str,
-    pub user_pat: &'a str,
-    pub project_id: Option<&'a str>,
-    pub team_id: Option<&'a str>,
-    pub organization_id: Option<&'a str>,
-    pub organization_team_id: Option<&'a str>,
+#[derive(Clone, Debug)]
+pub struct PermissionsTestContext {
+    pub test_pat: Option<String>,
+    pub user_id: String,
+    pub project_id: Option<String>,
+    pub team_id: Option<String>,
+    pub organization_id: Option<String>,
+    pub organization_team_id: Option<String>,
 }

 impl<'a, A: Api> PermissionsTest<'a, A> {
@@ -118,7 +118,12 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
    // Set the user ID to use
    // (eg: a moderator, or friend)
    // remove_user: Whether or not the user ID should be removed from the project/organization team after the test
-    pub fn with_user(mut self, user_id: &'a str, user_pat: &'a str, remove_user: bool) -> Self {
+    pub fn with_user(
+        mut self,
+        user_id: &'a str,
+        user_pat: Option<&'a str>,
+        remove_user: bool,
+    ) -> Self {
        self.user_id = user_id;
        self.user_pat = user_pat;
        self.remove_user = remove_user;
@@ -149,21 +154,22 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        self
    }

-    pub async fn simple_project_permissions_test<T>(
+    pub async fn simple_project_permissions_test<T, Fut>(
        &self,
        success_permissions: ProjectPermissions,
        req_gen: T,
    ) -> Result<(), String>
    where
-        T: Fn(&PermissionsTestContext) -> TestRequest,
+        T: Fn(PermissionsTestContext) -> Fut,
+        Fut: Future<Output = ServiceResponse>, // Ensure Fut is Send and 'static
    {
        let test_env = self.test_env;
        let failure_project_permissions = self
            .failure_project_permissions
            .unwrap_or(ProjectPermissions::all() ^ success_permissions);
        let test_context = PermissionsTestContext {
-            user_id: self.user_id,
-            user_pat: self.user_pat,
+            test_pat: None,
+            user_id: self.user_id.to_string(),
            project_id: None,
            team_id: None,
            organization_id: None,
@@ -190,14 +196,12 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        .await;

        // Failure test- not logged in
-        let request = req_gen(&PermissionsTestContext {
-            project_id: Some(&project_id),
-            team_id: Some(&team_id),
-            ..test_context
+        let resp = req_gen(PermissionsTestContext {
+            project_id: Some(project_id.clone()),
+            team_id: Some(team_id.clone()),
+            ..test_context.clone()
        })
-        .to_request();
-
-        let resp = test_env.call(request).await;
+        .await;
        if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
            return Err(format!(
                "Failure permissions test failed. Expected failure codes {} got {}",
@@ -215,15 +219,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        }

        // Failure test- logged in on a non-team user
-        let request = req_gen(&PermissionsTestContext {
-            project_id: Some(&project_id),
-            team_id: Some(&team_id),
-            ..test_context
+        let resp = req_gen(PermissionsTestContext {
+            test_pat: ENEMY_USER_PAT.map(|s| s.to_string()),
+            project_id: Some(project_id.clone()),
+            team_id: Some(team_id.clone()),
+            ..test_context.clone()
        })
-        .append_header(("Authorization", ENEMY_USER_PAT))
-        .to_request();
-
-        let resp = test_env.call(request).await;
+        .await;
        if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
            return Err(format!(
                "Failure permissions test failed. Expected failure codes {} got {}",
@@ -241,15 +243,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        }

        // Failure test- logged in with EVERY non-relevant permission
-        let request = req_gen(&PermissionsTestContext {
-            project_id: Some(&project_id),
-            team_id: Some(&team_id),
-            ..test_context
+        let resp: ServiceResponse = req_gen(PermissionsTestContext {
+            test_pat: self.user_pat.map(|s| s.to_string()),
+            project_id: Some(project_id.clone()),
+            team_id: Some(team_id.clone()),
+            ..test_context.clone()
        })
-        .append_header(("Authorization", self.user_pat))
-        .to_request();
-
-        let resp = test_env.call(request).await;
+        .await;
        if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
            return Err(format!(
                "Failure permissions test failed. Expected failure codes {} got {}",
@@ -277,15 +277,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        .await;

        // Successful test
-        let request = req_gen(&PermissionsTestContext {
-            project_id: Some(&project_id),
-            team_id: Some(&team_id),
-            ..test_context
+        let resp = req_gen(PermissionsTestContext {
+            test_pat: self.user_pat.map(|s| s.to_string()),
+            project_id: Some(project_id.clone()),
+            team_id: Some(team_id.clone()),
+            ..test_context.clone()
        })
-        .append_header(("Authorization", self.user_pat))
-        .to_request();
-
-        let resp = test_env.call(request).await;
+        .await;
        if !resp.status().is_success() {
            return Err(format!(
                "Success permissions test failed. Expected success, got {}",
@@ -306,21 +304,22 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        Ok(())
    }

-    pub async fn simple_organization_permissions_test<T>(
+    pub async fn simple_organization_permissions_test<T, Fut>(
        &self,
        success_permissions: OrganizationPermissions,
        req_gen: T,
    ) -> Result<(), String>
    where
-        T: Fn(&PermissionsTestContext) -> TestRequest,
+        T: Fn(PermissionsTestContext) -> Fut,
+        Fut: Future<Output = ServiceResponse>,
    {
        let test_env = self.test_env;
        let failure_organization_permissions = self
            .failure_organization_permissions
            .unwrap_or(OrganizationPermissions::all() ^ success_permissions);
        let test_context = PermissionsTestContext {
-            user_id: self.user_id,
-            user_pat: self.user_pat,
+            test_pat: None,
+            user_id: self.user_id.to_string(),
            project_id: None,
            team_id: None,
            organization_id: None,
@@ -348,15 +347,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        .await;

        // Failure test
-        let request = req_gen(&PermissionsTestContext {
-            organization_id: Some(&organization_id),
-            team_id: Some(&team_id),
-            ..test_context
+        let resp = req_gen(PermissionsTestContext {
+            test_pat: self.user_pat.map(|s| s.to_string()),
+            organization_id: Some(organization_id.clone()),
+            team_id: Some(team_id.clone()),
+            ..test_context.clone()
        })
-        .append_header(("Authorization", self.user_pat))
-        .to_request();
-
-        let resp = test_env.call(request).await;
+        .await;
        if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
            return Err(format!(
                "Failure permissions test failed. Expected failure codes {} got {}",
@@ -379,15 +376,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        .await;

        // Successful test
-        let request = req_gen(&PermissionsTestContext {
-            organization_id: Some(&organization_id),
-            team_id: Some(&team_id),
-            ..test_context
+        let resp = req_gen(PermissionsTestContext {
+            test_pat: self.user_pat.map(|s| s.to_string()),
+            organization_id: Some(organization_id.clone()),
+            team_id: Some(team_id.clone()),
+            ..test_context.clone()
        })
-        .append_header(("Authorization", self.user_pat))
-        .to_request();
-
-        let resp = test_env.call(request).await;
+        .await;
        if !resp.status().is_success() {
            return Err(format!(
                "Success permissions test failed. Expected success, got {}",
@@ -403,21 +398,22 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        Ok(())
    }

-    pub async fn full_project_permissions_test<T>(
+    pub async fn full_project_permissions_test<T, Fut>(
        &self,
        success_permissions: ProjectPermissions,
        req_gen: T,
    ) -> Result<(), String>
    where
-        T: Fn(&PermissionsTestContext) -> TestRequest,
+        T: Fn(PermissionsTestContext) -> Fut,
+        Fut: Future<Output = ServiceResponse>,
    {
        let test_env = self.test_env;
        let failure_project_permissions = self
            .failure_project_permissions
            .unwrap_or(ProjectPermissions::all() ^ success_permissions);
        let test_context = PermissionsTestContext {
-            user_id: self.user_id,
-            user_pat: self.user_pat,
+            test_pat: None,
+            user_id: self.user_id.to_string(),
            project_id: None,
            team_id: None,
            organization_id: None,
@@ -430,14 +426,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        let test_1 = async {
            let (project_id, team_id) = create_dummy_project(&test_env.setup_api).await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: None,
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 1 failed. Expected failure codes {} got {}",
@@ -471,14 +466,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        let test_2 = async {
            let (project_id, team_id) = create_dummy_project(&test_env.setup_api).await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 2 failed. Expected failure codes {} got {}",
@@ -521,15 +515,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 3 failed. Expected failure codes {} got {}",
@@ -572,15 +564,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !resp.status().is_success() {
                return Err(format!(
                    "Test 4 failed. Expected success, got {}",
@@ -623,15 +613,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 5 failed. Expected failure codes {} got {}",
@@ -678,15 +666,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !resp.status().is_success() {
                return Err(format!(
                    "Test 6 failed. Expected success, got {}",
@@ -739,15 +725,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 7 failed. Expected failure codes {} got {}",
@@ -804,15 +788,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                project_id: Some(&project_id),
-                team_id: Some(&team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                project_id: Some(project_id.clone()),
+                team_id: Some(team_id.clone()),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;

            if !resp.status().is_success() {
                return Err(format!(
@@ -844,21 +826,22 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
        Ok(())
    }

-    pub async fn full_organization_permissions_tests<T>(
+    pub async fn full_organization_permissions_tests<T, Fut>(
        &self,
        success_permissions: OrganizationPermissions,
        req_gen: T,
    ) -> Result<(), String>
    where
-        T: Fn(&PermissionsTestContext) -> TestRequest,
+        T: Fn(PermissionsTestContext) -> Fut,
+        Fut: Future<Output = ServiceResponse>,
    {
        let test_env = self.test_env;
        let failure_organization_permissions = self
            .failure_organization_permissions
            .unwrap_or(OrganizationPermissions::all() ^ success_permissions);
        let test_context = PermissionsTestContext {
-            user_id: self.user_id,
-            user_pat: self.user_pat,
+            test_pat: None,
+            user_id: self.user_id.to_string(),
            project_id: None, // Will be overwritten on each test
            team_id: None,    // Will be overwritten on each test
            organization_id: None,
@@ -871,14 +854,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            let (organization_id, organization_team_id) =
                create_dummy_org(&test_env.setup_api).await;

-            let request = req_gen(&PermissionsTestContext {
-                organization_id: Some(&organization_id),
-                organization_team_id: Some(&organization_team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                organization_id: Some(organization_id.clone()),
+                organization_team_id: Some(organization_team_id),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 1 failed. Expected failure codes {} got {}",
@@ -921,15 +903,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                organization_id: Some(&organization_id),
-                organization_team_id: Some(&organization_team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                organization_id: Some(organization_id.clone()),
+                organization_team_id: Some(organization_team_id),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !self.allowed_failure_codes.contains(&resp.status().as_u16()) {
                return Err(format!(
                    "Test 2 failed. Expected failure codes {} got {}",
@@ -972,15 +952,13 @@ impl<'a, A: Api> PermissionsTest<'a, A> {
            )
            .await;

-            let request = req_gen(&PermissionsTestContext {
-                organization_id: Some(&organization_id),
-                organization_team_id: Some(&organization_team_id),
-                ..test_context
+            let resp = req_gen(PermissionsTestContext {
+                test_pat: self.user_pat.map(|s| s.to_string()),
+                organization_id: Some(organization_id.clone()),
+                organization_team_id: Some(organization_team_id),
+                ..test_context.clone()
            })
-            .append_header(("Authorization", self.user_pat))
-            .to_request();
-
-            let resp = test_env.call(request).await;
+            .await;
            if !resp.status().is_success() {
                return Err(format!(
                    "Test 3 failed. Expected success, got {}",
@@ -1054,7 +1032,7 @@ async fn add_project_to_org(setup_api: &ApiV3, project_id: &str, organization_id

 async fn add_user_to_team(
    user_id: &str,
-    user_pat: &str,
+    user_pat: Option<&str>,
    team_id: &str,
    project_permissions: Option<ProjectPermissions>,
    organization_permissions: Option<OrganizationPermissions>,
@@ -1109,7 +1087,7 @@ async fn remove_user_from_team(user_id: &str, team_id: &str, setup_api: &ApiV3)

 async fn get_project_permissions(
    user_id: &str,
-    user_pat: &str,
+    user_pat: Option<&str>,
    project_id: &str,
    setup_api: &ApiV3,
 ) -> ProjectPermissions {
@@ -1132,7 +1110,7 @@ async fn get_project_permissions(

 async fn get_organization_permissions(
    user_id: &str,
-    user_pat: &str,
+    user_pat: Option<&str>,
    organization_id: &str,
    setup_api: &ApiV3,
 ) -> OrganizationPermissions {
--- a/tests/common/search.rs
+++ b/tests/common/search.rs
@@ -21,7 +21,10 @@ pub async fn setup_search_projects(test_env: &TestEnvironment<ApiV3>) -> Arc<Has
    let mut project_creation_futures = vec![];

    let create_async_future =
-        |id: u64, pat: &'static str, is_modpack: bool, modify_json: Option<json_patch::Patch>| {
+        |id: u64,
+         pat: Option<&'static str>,
+         is_modpack: bool,
+         modify_json: Option<json_patch::Patch>| {
            let slug = format!("{test_name}-searchable-project-{id}");

            let jar = if is_modpack {