test(channels): validate admin global delete permissions

2026-03-08 20:03:15 +03:00
parent d6cd0e719c
commit 57b687a036
2 changed files with 37 additions and 1 deletions
--- a/docs/core-checklist-status.md
+++ b/docs/core-checklist-status.md
@@ -31,7 +31,7 @@ Legend:
 22. Text Formatting - `PARTIAL` (bold/italic/underline/spoiler/mono/links + strikethrough + quote/code block; toolbar still evolving)
 23. Groups - `PARTIAL` (create/add/remove/invite link; advanced moderation partial)
 24. Roles - `DONE` (owner/admin/member)
-25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; channel member delete now behaves as leave; integration tests cover channel read-only posting for members, remaining UX moderation tools limited)
+25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; channel member delete now behaves as leave; integration tests cover member read-only and admin full-delete behavior in channels, remaining UX moderation tools limited)
 26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; UX edge-cases still polishing)
 27. Channel Types - `DONE` (public/private)
 28. Notifications - `PARTIAL` (browser notifications + mute/settings; no mobile push infra)
--- a/tests/test_chat_message_flow.py
+++ b/tests/test_chat_message_flow.py
@@ -215,6 +215,42 @@ async def test_channel_member_is_read_only_for_posting(client, db_session):
    assert owner_post.status_code == 201
 async def test_channel_admin_can_delete_channel_for_all(client, db_session):
    owner = await _create_verified_user(client, db_session, "channel_admin_owner@example.com", "channel_admin_owner", "strongpass123")
    admin_user = await _create_verified_user(client, db_session, "channel_admin_user@example.com", "channel_admin_user", "strongpass123")
    me_admin = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {admin_user['access_token']}"})
    admin_id = me_admin.json()["id"]
    create_channel = await client.post(
        "/api/v1/chats",
        headers={"Authorization": f"Bearer {owner['access_token']}"},
        json={"type": ChatType.CHANNEL.value, "title": "Admin deletable channel", "member_ids": [admin_id]},
    )
    assert create_channel.status_code == 200
    chat_id = create_channel.json()["id"]
    promote_admin = await client.patch(
        f"/api/v1/chats/{chat_id}/members/{admin_id}/role",
        headers={"Authorization": f"Bearer {owner['access_token']}"},
        json={"role": "admin"},
    )
    assert promote_admin.status_code == 200
    delete_by_admin = await client.delete(
        f"/api/v1/chats/{chat_id}",
        headers={"Authorization": f"Bearer {admin_user['access_token']}"},
    )
    assert delete_by_admin.status_code == 204
    owner_chats = await client.get(
        "/api/v1/chats",
        headers={"Authorization": f"Bearer {owner['access_token']}"},
    )
    assert owner_chats.status_code == 200
    assert all(chat["id"] != chat_id for chat in owner_chats.json())
 async def test_group_invite_privacy_contacts_only(client, db_session):
    inviter = await _create_verified_user(client, db_session, "invite_u1@example.com", "invite_u1", "strongpass123")
    target = await _create_verified_user(client, db_session, "invite_u2@example.com", "invite_u2", "strongpass123")