benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(channels): cover invite-link permissions for member and admin
Some checks failed
CI / test (push) Failing after 2m19s
Details

Browse Source
This commit is contained in:
Alex
2026-03-08 21:23:25 +03:00
parent 6e24c559aa
commit 2f6aa86cc9
2 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/core-checklist-status.md
View File

@@ -32,7 +32,7 @@ Legend:
23. Groups - `PARTIAL` (create/add/remove/invite link; join-by-invite and invite permissions covered by integration tests; members API now returns profile fields (`username/name/avatar_url`) for richer moderation UI; advanced moderation still partial) 23. Groups - `PARTIAL` (create/add/remove/invite link; join-by-invite and invite permissions covered by integration tests; members API now returns profile fields (`username/name/avatar_url`) for richer moderation UI; advanced moderation still partial)
24. Roles - `DONE` (owner/admin/member) 24. Roles - `DONE` (owner/admin/member)
25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban APIs for groups/channels including ban list endpoint; integration tests cover channel member read-only, channel admin full-delete, channel message delete-for-all permissions, group profile edit permissions, owner-only role management rules, and admin-visible/member-forbidden ban-list access; remaining UX moderation tools limited) 25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban APIs for groups/channels including ban list endpoint; integration tests cover channel member read-only, channel admin full-delete, channel message delete-for-all permissions, group profile edit permissions, owner-only role management rules, and admin-visible/member-forbidden ban-list access; remaining UX moderation tools limited)
26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; UX edge-cases still polishing) 26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; integration tests now also cover invite-link permissions (member forbidden, admin allowed); UX edge-cases still polishing)
27. Channel Types - `DONE` (public/private) 27. Channel Types - `DONE` (public/private)
28. Notifications - `PARTIAL` (browser notifications + mute/settings; chat mute is propagated in chat list payload, honored by web realtime notifications with mention override, and mute toggle now syncs instantly in chat store; backend now emits `chat_updated` after notification mute/unmute for cross-tab consistency; no mobile push infra) 28. Notifications - `PARTIAL` (browser notifications + mute/settings; chat mute is propagated in chat list payload, honored by web realtime notifications with mention override, and mute toggle now syncs instantly in chat store; backend now emits `chat_updated` after notification mute/unmute for cross-tab consistency; no mobile push infra)
29. Archive - `DONE` 29. Archive - `DONE`

52
tests/test_chat_message_flow.py
View File

@@ -917,6 +917,58 @@ async def test_group_member_cannot_create_invite_link(client, db_session):
assert member_invite_link.status_code == 403 assert member_invite_link.status_code == 403
async def test_channel_member_cannot_create_invite_link(client, db_session):
owner = await _create_verified_user(client, db_session, "channel_invite_owner@example.com", "channel_invite_owner", "strongpass123")
member = await _create_verified_user(client, db_session, "channel_invite_member@example.com", "channel_invite_member", "strongpass123")
me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"})
member_id = me_member.json()["id"]
create_channel = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {owner['access_token']}"},
json={"type": ChatType.CHANNEL.value, "title": "Channel invite rights", "member_ids": [member_id]},
)
assert create_channel.status_code == 200
chat_id = create_channel.json()["id"]
member_invite_link = await client.post(
f"/api/v1/chats/{chat_id}/invite-link",
headers={"Authorization": f"Bearer {member['access_token']}"},
)
assert member_invite_link.status_code == 403
async def test_channel_admin_can_create_invite_link(client, db_session):
owner = await _create_verified_user(client, db_session, "channel_invite_owner2@example.com", "channel_invite_owner2", "strongpass123")
admin = await _create_verified_user(client, db_session, "channel_invite_admin@example.com", "channel_invite_admin", "strongpass123")
me_admin = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {admin['access_token']}"})
admin_id = me_admin.json()["id"]
create_channel = await client.post(
"/api/v1/chats",
headers={"Authorization": f"Bearer {owner['access_token']}"},
json={"type": ChatType.CHANNEL.value, "title": "Channel invite admin", "member_ids": [admin_id]},
)
assert create_channel.status_code == 200
chat_id = create_channel.json()["id"]
promote_admin = await client.patch(
f"/api/v1/chats/{chat_id}/members/{admin_id}/role",
headers={"Authorization": f"Bearer {owner['access_token']}"},
json={"role": "admin"},
)
assert promote_admin.status_code == 200
admin_invite_link = await client.post(
f"/api/v1/chats/{chat_id}/invite-link",
headers={"Authorization": f"Bearer {admin['access_token']}"},
)
assert admin_invite_link.status_code == 200
assert isinstance(admin_invite_link.json().get("token"), str)
async def test_join_by_invite_with_invalid_token_returns_not_found(client, db_session): async def test_join_by_invite_with_invalid_token_returns_not_found(client, db_session):
user = await _create_verified_user(client, db_session, "invite_invalid_user@example.com", "invite_invalid_user", "strongpass123") user = await _create_verified_user(client, db_session, "invite_invalid_user@example.com", "invite_invalid_user", "strongpass123")