test(privacy): cover avatar everyone visibility in user search

tests/test_chat_message_flow.py

@@ -972,6 +972,29 @@ async def test_avatar_privacy_contacts_in_search_visible_only_for_contacts(clien
     assert owner_after["avatar_url"] == "https://cdn.example.com/avatar-contacts-owner.png"
 
 
+async def test_avatar_privacy_everyone_in_search_visible_without_contacts(client, db_session):
+    owner = await _create_verified_user(client, db_session, "avatar_everyone_owner@example.com", "avatar_everyone_owner", "strongpass123")
+    viewer = await _create_verified_user(client, db_session, "avatar_everyone_viewer@example.com", "avatar_everyone_viewer", "strongpass123")
+
+    set_avatar_and_privacy = await client.put(
+        "/api/v1/users/profile",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"avatar_url": "https://cdn.example.com/avatar-everyone-owner.png", "privacy_avatar": "everyone"},
+    )
+    assert set_avatar_and_privacy.status_code == 200
+
+    search_response = await client.get(
+        "/api/v1/users/search",
+        params={"query": "avatar_everyone_owner", "limit": 20},
+        headers={"Authorization": f"Bearer {viewer['access_token']}"},
+    )
+    assert search_response.status_code == 200
+    rows = search_response.json()
+    owner_row = next((item for item in rows if item["username"] == "avatar_everyone_owner"), None)
+    assert owner_row is not None
+    assert owner_row["avatar_url"] == "https://cdn.example.com/avatar-everyone-owner.png"
+
+
 async def test_private_chat_everyone_privacy_reveals_avatar_and_presence_without_contacts(client, db_session):
     owner = await _create_verified_user(client, db_session, "privacy_everyone_owner@example.com", "privacy_everyone_owner", "strongpass123")
     viewer = await _create_verified_user(client, db_session, "privacy_everyone_viewer@example.com", "privacy_everyone_viewer", "strongpass123")