test(03-01): add Wave 0 xfail stubs and shared fixtures for Phase 3

- Add auth_user, admin_user, mock_minio_presigned, mock_minio_stat fixtures to conftest.py - Create test_quota.py with 4 xfail stubs (STORE-03, STORE-05, STORE-06, SC2 race) - Append test_migration_0003 to test_alembic.py (full pre-seed + post-migration assertions) - Append 3 classifier xfail stubs (DOC-03, DOC-05, D-15) - Append 6 document xfail stubs (D-05, STORE-04, SEC-04, D-16) - Append 4 topic xfail stubs (DOC-04, D-09, D-17) - Append test_settings_endpoint_removed stub (D-12) - All 19 new test IDs collect cleanly with xfail(strict=False)
2026-05-23 13:42:37 +02:00
parent fdc32d431d
commit 21ec9cb4c3
7 changed files with 492 additions and 0 deletions
@@ -6,6 +6,8 @@ updated to async in Plan 05 to match the new session-injected API routes.
 """
 from __future__ import annotations

+import pytest
+

 async def test_list_topics_empty(async_client):
    resp = await async_client.get("/api/topics")
@@ -88,3 +90,52 @@ async def test_delete_topic_cascades_to_documents(async_client, db_session, samp
 async def test_delete_topic_not_found(async_client):
    resp = await async_client.delete("/api/topics/nonexistent")
    assert resp.status_code == 404
+
+
+# ---------------------------------------------------------------------------
+# Wave 0 xfail stubs for Phase 3 topic namespace tests — Plan 03-03
+# ---------------------------------------------------------------------------
+
+
+@pytest.mark.xfail(strict=False, reason="implemented in plan 03-03")
+async def test_topic_namespace(async_client, auth_user, db_session):
+    """GET /api/topics returns only system topics (user_id=NULL) + auth_user-owned topics.
+
+    DOC-04: layered topic namespace — system topics (user_id=NULL) are visible to
+    all users; per-user topics (user_id=current_user.id) are visible only to that
+    user. A different user's topics must not appear (CONTEXT.md D-08, D-17).
+
+    Test setup: seed one system topic, one auth_user-owned topic, one topic owned
+    by a different user. GET /api/topics must return exactly the first two.
+    """
+    assert True  # scaffold
+
+
+@pytest.mark.xfail(strict=False, reason="implemented in plan 03-03")
+async def test_admin_create_system_topic(async_client, admin_user):
+    """POST /api/admin/topics returns 201 and creates a Topic with user_id=NULL.
+
+    D-09: only admin can create system topics via POST /api/admin/topics.
+    The created topic has user_id=NULL and is visible to all users.
+    """
+    assert True  # scaffold
+
+
+@pytest.mark.xfail(strict=False, reason="implemented in plan 03-03")
+async def test_regular_user_cannot_create_system_topic(async_client, auth_user):
+    """POST /api/admin/topics with auth_user.headers returns 403.
+
+    D-09: the admin topics endpoint requires get_current_admin; regular users
+    receive 403 Forbidden.
+    """
+    assert True  # scaffold
+
+
+@pytest.mark.xfail(strict=False, reason="implemented in plan 03-03")
+async def test_topics_require_auth(async_client):
+    """Anonymous GET /api/topics (no Authorization header) returns 401 or 403.
+
+    D-17: /api/topics/* gains get_current_user in Phase 3 — anonymous access
+    must be rejected.
+    """
+    assert True  # scaffold