test(6.1): add audit filter behavioral test (ADMIN-06 SC3)

Verifies event_type filter returns only matching entries. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-30 23:30:05 +02:00
parent 57784f9f80
commit 451fff1e4d
1 changed files with 42 additions and 0 deletions
@@ -104,6 +104,48 @@ async def test_audit_log_no_doc_content(async_client, admin_user, db_session):
                )
 async def test_audit_log_filter_by_event_type(async_client, admin_user, db_session):
    """GET /api/admin/audit-log?event_type=X returns only matching entries (ADMIN-06, SC3)."""
    from services.audit import write_audit_log
    # Seed two entries with distinct event types
    await write_audit_log(
        session=db_session,
        event_type="document.uploaded",
        user_id=admin_user["user"].id,
        actor_id=admin_user["user"].id,
        resource_id=None,
        ip_address=None,
        metadata_={"size_bytes": 100},
    )
    await write_audit_log(
        session=db_session,
        event_type="share.granted",
        user_id=admin_user["user"].id,
        actor_id=admin_user["user"].id,
        resource_id=None,
        ip_address=None,
        metadata_={"recipient_id": "test"},
    )
    await db_session.commit()
    response = await async_client.get(
        "/api/admin/audit-log",
        params={"event_type": "document.uploaded"},
        headers=admin_user["headers"],
    )
    assert response.status_code == 200
    body = response.json()
    assert body["total"] >= 1, "expected at least one filtered result"
    # Every returned item must match the filter
    for item in body["items"]:
        assert item["event_type"] == "document.uploaded", (
            f"filter returned unexpected event_type: {item['event_type']}"
        )
 async def test_audit_log_regular_user_403(async_client, auth_user):
    """GET /api/admin/audit-log with a regular user token must return 403."""
    response = await async_client.get(