Currently we have some tests that all basically do the same thing e.g checking if a root key with a given permission can access this endpoint or if a missing bearer returns an error.

Best case we would have a single function that runs all these tests and we just pass in which permissions to test for. So we can save ourselves the boilerplate