From ce4dc55e4f48b2a0936039b87cd9baf1003bb160 Mon Sep 17 00:00:00 2001 From: curo1305 Date: Sat, 30 May 2026 23:38:06 +0200 Subject: [PATCH] test(6.1): add SHARE-03 and SHARE-05 Nyquist gap tests - test_share_default_permission_view: asserts permission='view' in POST response and owner's GET /api/shares list (SHARE-03) - test_share_indicator_in_owner_list: asserts is_shared flips True in owner's GET /api/documents after sharing (SHARE-05) All 14 phase tests now pass (9 shares + 5 audit). Co-Authored-By: Claude Sonnet 4.6 --- backend/tests/test_shares.py | 79 ++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/backend/tests/test_shares.py b/backend/tests/test_shares.py index 91370c5..c0f1f38 100644 --- a/backend/tests/test_shares.py +++ b/backend/tests/test_shares.py @@ -264,3 +264,82 @@ async def test_share_duplicate(async_client, auth_user, second_auth_user, db_ses assert second_resp.status_code == 409, ( f"Duplicate share should return 409, got {second_resp.status_code}" ) + + +# --------------------------------------------------------------------------- +# SHARE-03: View-only default permission +# --------------------------------------------------------------------------- + + +async def test_share_default_permission_view(async_client, auth_user, second_auth_user, db_session): + """Shares default to permission='view'; owner's share list confirms this (SHARE-03).""" + doc_id = await _make_doc(db_session, auth_user) + + # Create share — POST response must include permission=view + resp = await async_client.post( + "/api/shares", + json={ + "document_id": doc_id, + "recipient_handle": second_auth_user["user"].handle, + }, + headers=auth_user["headers"], + ) + assert resp.status_code == 201 + body = resp.json() + assert body["permission"] == "view", ( + f"Expected permission='view' in POST /api/shares response, got {body.get('permission')!r}" + ) + + # GET owner's share list for this doc also reports permission=view + list_resp = await async_client.get( + "/api/shares", + params={"document_id": doc_id}, + headers=auth_user["headers"], + ) + assert list_resp.status_code == 200 + items = list_resp.json()["items"] + assert len(items) == 1 + assert items[0]["permission"] == "view", ( + f"Expected permission='view' in share list, got {items[0].get('permission')!r}" + ) + + +# --------------------------------------------------------------------------- +# SHARE-05: Shared indicator in owner's document list +# --------------------------------------------------------------------------- + + +async def test_share_indicator_in_owner_list(async_client, auth_user, second_auth_user, db_session): + """Owner's document list shows is_shared=True after sharing the document (SHARE-05).""" + doc_id = await _make_doc(db_session, auth_user) + + # Before sharing: is_shared must be False + pre_resp = await async_client.get("/api/documents", headers=auth_user["headers"]) + assert pre_resp.status_code == 200 + pre_items = pre_resp.json()["items"] + pre_match = [item for item in pre_items if item["id"] == doc_id] + assert len(pre_match) == 1 + assert pre_match[0]["is_shared"] is False, ( + f"Expected is_shared=False before sharing, got {pre_match[0].get('is_shared')!r}" + ) + + # Share the document + share_resp = await async_client.post( + "/api/shares", + json={ + "document_id": doc_id, + "recipient_handle": second_auth_user["user"].handle, + }, + headers=auth_user["headers"], + ) + assert share_resp.status_code == 201 + + # After sharing: is_shared must be True in owner's document list + post_resp = await async_client.get("/api/documents", headers=auth_user["headers"]) + assert post_resp.status_code == 200 + post_items = post_resp.json()["items"] + post_match = [item for item in post_items if item["id"] == doc_id] + assert len(post_match) == 1 + assert post_match[0]["is_shared"] is True, ( + f"Expected is_shared=True after sharing, got {post_match[0].get('is_shared')!r}" + )