From 451fff1e4de6b609d635ae6723b5c0e89f1ed094 Mon Sep 17 00:00:00 2001
From: curo1305 <curo1305@proton.me>
Date: Sat, 30 May 2026 23:30:05 +0200
Subject: [PATCH] test(6.1): add audit filter behavioral test (ADMIN-06 SC3)

Verifies event_type filter returns only matching entries.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/tests/test_audit.py | 42 +++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/backend/tests/test_audit.py b/backend/tests/test_audit.py
index 87d02cc..b860055 100644
--- a/backend/tests/test_audit.py
+++ b/backend/tests/test_audit.py
@@ -104,6 +104,48 @@ async def test_audit_log_no_doc_content(async_client, admin_user, db_session):
                 )
 
 
+async def test_audit_log_filter_by_event_type(async_client, admin_user, db_session):
+    """GET /api/admin/audit-log?event_type=X returns only matching entries (ADMIN-06, SC3)."""
+    from services.audit import write_audit_log
+
+    # Seed two entries with distinct event types
+    await write_audit_log(
+        session=db_session,
+        event_type="document.uploaded",
+        user_id=admin_user["user"].id,
+        actor_id=admin_user["user"].id,
+        resource_id=None,
+        ip_address=None,
+        metadata_={"size_bytes": 100},
+    )
+    await write_audit_log(
+        session=db_session,
+        event_type="share.granted",
+        user_id=admin_user["user"].id,
+        actor_id=admin_user["user"].id,
+        resource_id=None,
+        ip_address=None,
+        metadata_={"recipient_id": "test"},
+    )
+    await db_session.commit()
+
+    response = await async_client.get(
+        "/api/admin/audit-log",
+        params={"event_type": "document.uploaded"},
+        headers=admin_user["headers"],
+    )
+
+    assert response.status_code == 200
+    body = response.json()
+    assert body["total"] >= 1, "expected at least one filtered result"
+
+    # Every returned item must match the filter
+    for item in body["items"]:
+        assert item["event_type"] == "document.uploaded", (
+            f"filter returned unexpected event_type: {item['event_type']}"
+        )
+
+
 async def test_audit_log_regular_user_403(async_client, auth_user):
     """GET /api/admin/audit-log with a regular user token must return 403."""
     response = await async_client.get(