test(privacy): verify contacts-only avatar and presence visibility

2026-03-08 20:01:36 +03:00
parent f369083b6a
commit 9bc695ca58
2 changed files with 56 additions and 1 deletions
--- a/tests/test_chat_message_flow.py
+++ b/tests/test_chat_message_flow.py
@@ -312,3 +312,58 @@ async def test_private_chat_hides_counterpart_presence_and_avatar_by_privacy(cli
    assert row["counterpart_avatar_url"] is None
    assert row["counterpart_is_online"] is None
    assert row["counterpart_last_seen_at"] is None
+
+
+async def test_private_chat_contacts_privacy_reveals_avatar_and_presence_for_allowed_viewer(client, db_session):
+    owner = await _create_verified_user(client, db_session, "privacy_contacts_owner@example.com", "privacy_contacts_owner", "strongpass123")
+    viewer = await _create_verified_user(client, db_session, "privacy_contacts_viewer@example.com", "privacy_contacts_viewer", "strongpass123")
+
+    me_owner = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {owner['access_token']}"})
+    me_viewer = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {viewer['access_token']}"})
+    owner_id = me_owner.json()["id"]
+    viewer_id = me_viewer.json()["id"]
+
+    set_privacy = await client.put(
+        "/api/v1/users/profile",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={
+            "avatar_url": "https://cdn.example.com/privacy-contacts-owner.png",
+            "privacy_avatar": "contacts",
+            "privacy_last_seen": "contacts",
+        },
+    )
+    assert set_privacy.status_code == 200
+
+    create_chat = await client.post(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {viewer['access_token']}"},
+        json={"type": ChatType.PRIVATE.value, "title": None, "member_ids": [owner_id]},
+    )
+    assert create_chat.status_code == 200
+    chat_id = create_chat.json()["id"]
+
+    viewer_chats_before = await client.get(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {viewer['access_token']}"},
+    )
+    assert viewer_chats_before.status_code == 200
+    row_before = next((chat for chat in viewer_chats_before.json() if chat["id"] == chat_id), None)
+    assert row_before is not None
+    assert row_before["counterpart_avatar_url"] is None
+    assert row_before["counterpart_is_online"] is None
+
+    add_contact = await client.post(
+        f"/api/v1/users/{viewer_id}/contacts",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+    )
+    assert add_contact.status_code == 204
+
+    viewer_chats_after = await client.get(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {viewer['access_token']}"},
+    )
+    assert viewer_chats_after.status_code == 200
+    row_after = next((chat for chat in viewer_chats_after.json() if chat["id"] == chat_id), None)
+    assert row_after is not None
+    assert row_after["counterpart_avatar_url"] == "https://cdn.example.com/privacy-contacts-owner.png"
+    assert row_after["counterpart_is_online"] is not None