104 lines
2.9 KiB
Python
104 lines
2.9 KiB
Python
from types import SimpleNamespace
|
|
|
|
import pytest
|
|
|
|
import routers.database.files.files as files_router
|
|
import routers.database.files.files_simplified as files_simplified_router
|
|
|
|
|
|
ROUTERS = [files_router, files_simplified_router]
|
|
|
|
USER_A = "00000000-0000-0000-0000-000000000001"
|
|
USER_B = "00000000-0000-0000-0000-000000000002"
|
|
CAB_A = "10000000-0000-0000-0000-000000000001"
|
|
CAB_B = "10000000-0000-0000-0000-000000000002"
|
|
|
|
|
|
class FakeQuery:
|
|
def __init__(self, rows):
|
|
self.rows = list(rows)
|
|
|
|
def select(self, *_args, **_kwargs):
|
|
return self
|
|
|
|
def eq(self, key, value):
|
|
self.rows = [row for row in self.rows if row.get(key) == value]
|
|
return self
|
|
|
|
def limit(self, _n):
|
|
return self
|
|
|
|
def execute(self):
|
|
return SimpleNamespace(data=self.rows)
|
|
|
|
|
|
class FakeSupabase:
|
|
def __init__(self, store):
|
|
self.store = store
|
|
|
|
def table(self, name):
|
|
return FakeQuery(self.store.get(name, []))
|
|
|
|
|
|
class FakeServiceRoleClient:
|
|
def __init__(self, store):
|
|
self.supabase = FakeSupabase(store)
|
|
|
|
|
|
@pytest.mark.parametrize("router_module", ROUTERS)
|
|
def test_list_files_hides_unowned_unshared_cabinet(monkeypatch, router_module):
|
|
store = {
|
|
"file_cabinets": [
|
|
{"id": CAB_A, "user_id": USER_A},
|
|
{"id": CAB_B, "user_id": USER_B},
|
|
],
|
|
"cabinet_memberships": [],
|
|
"files": [
|
|
{"id": "file-a", "cabinet_id": CAB_A, "uploaded_by": USER_A},
|
|
{"id": "file-b", "cabinet_id": CAB_B, "uploaded_by": USER_B},
|
|
],
|
|
}
|
|
monkeypatch.setattr(
|
|
router_module,
|
|
"SupabaseServiceRoleClient",
|
|
lambda: FakeServiceRoleClient(store),
|
|
)
|
|
|
|
assert router_module.list_files(CAB_B, {"sub": USER_A}) == []
|
|
|
|
|
|
@pytest.mark.parametrize("router_module", ROUTERS)
|
|
def test_list_files_allows_own_cabinet(monkeypatch, router_module):
|
|
store = {
|
|
"file_cabinets": [{"id": CAB_A, "user_id": USER_A}],
|
|
"cabinet_memberships": [],
|
|
"files": [{"id": "file-a", "cabinet_id": CAB_A, "uploaded_by": USER_A}],
|
|
}
|
|
monkeypatch.setattr(
|
|
router_module,
|
|
"SupabaseServiceRoleClient",
|
|
lambda: FakeServiceRoleClient(store),
|
|
)
|
|
|
|
assert router_module.list_files(CAB_A, {"sub": USER_A}) == [
|
|
{"id": "file-a", "cabinet_id": CAB_A, "uploaded_by": USER_A}
|
|
]
|
|
|
|
|
|
@pytest.mark.parametrize("router_module", ROUTERS)
|
|
def test_list_files_denies_non_owner_even_with_cabinet_membership(monkeypatch, router_module):
|
|
store = {
|
|
"file_cabinets": [{"id": CAB_B, "user_id": USER_B}],
|
|
"cabinet_memberships": [
|
|
{"cabinet_id": CAB_B, "profile_id": USER_A, "role": "viewer"}
|
|
],
|
|
"files": [{"id": "file-b", "cabinet_id": CAB_B, "uploaded_by": USER_B}],
|
|
}
|
|
monkeypatch.setattr(
|
|
router_module,
|
|
"SupabaseServiceRoleClient",
|
|
lambda: FakeServiceRoleClient(store),
|
|
)
|
|
|
|
assert router_module.list_files(CAB_B, {"sub": USER_A}) == []
|