From ecdeffb63d1f2cf3e69058e3f083d93132a025c0 Mon Sep 17 00:00:00 2001
From: curo1305 <curo1305@proton.me>
Date: Sun, 31 May 2026 11:54:52 +0200
Subject: [PATCH] test(06.2-01): add xfail stubs for SHARE-03 permission tests
 (Task 1)

- test_share_create_with_permission: POST /api/shares permission field (SHARE-03, D-08, D-10)
- test_share_patch_permission: PATCH /api/shares/{id} permission change (SHARE-03, D-09)
- test_share_patch_idor: PATCH by non-owner returns 404 IDOR protection (SHARE-03, T-IDOR)
---
 backend/tests/test_shares.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/backend/tests/test_shares.py b/backend/tests/test_shares.py
index c0f1f38..f33c4d5 100644
--- a/backend/tests/test_shares.py
+++ b/backend/tests/test_shares.py
@@ -343,3 +343,23 @@ async def test_share_indicator_in_owner_list(async_client, auth_user, second_aut
     assert post_match[0]["is_shared"] is True, (
         f"Expected is_shared=True after sharing, got {post_match[0].get('is_shared')!r}"
     )
+
+
+# ---------------------------------------------------------------------------
+# Phase 6.2 Wave 0 xfail stubs — SHARE-03 permission field
+# ---------------------------------------------------------------------------
+
+
+async def test_share_create_with_permission(async_client, auth_user, second_auth_user, db_session):
+    """POST /api/shares respects permission field from request body (SHARE-03, D-08, D-10)"""
+    pytest.xfail("Phase 6.2 — not implemented yet")
+
+
+async def test_share_patch_permission(async_client, auth_user, second_auth_user, db_session):
+    """PATCH /api/shares/{id} changes permission to edit (SHARE-03, D-09)"""
+    pytest.xfail("Phase 6.2 — not implemented yet")
+
+
+async def test_share_patch_idor(async_client, auth_user, second_auth_user, db_session):
+    """PATCH /api/shares/{id} by non-owner returns 404 — IDOR protection (SHARE-03, D-09, T-IDOR)"""
+    pytest.xfail("Phase 6.2 — not implemented yet")