Added test for hidden photos

epou · epou · commit e8f43e8d6298 · 2024-10-31T11:53:36.000+01:00
diff --git a/api/tests/conftest.py b/api/tests/conftest.py
@@ -57,6 +57,12 @@ def adult_report(app_user, dummy_image):
 def report_photo(adult_report):
     return adult_report.photos.first()
 
+@pytest.fixture
+def report_hidden_photo(report_photo):
+    report_photo.hide = True
+    report_photo.save()
+    return report_photo
+
 @pytest.fixture
 def django_live_url(live_server):
     yield live_server.url
diff --git a/api/tests/integration/photos/get.tavern.yml b/api/tests/integration/photos/get.tavern.yml
@@ -39,3 +39,27 @@ stages:
     response:
       status_code: 200
       json: !force_format_include "{response_data_validation}"
+
+
+---
+
+test_name: Hidden photos are not displayed
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - report_hidden_photo
+    - token_user_can_view
+
+stages:
+  - name: User without perm view can retrieve
+    request:
+      url: "{api_live_url}/{endpoint}/{report_hidden_photo.uuid}/"
+      method: "GET"
+      headers:
+        Authorization: "Token {token_user_can_view:s}"
+    response:
+      status_code: 404
diff --git a/api/tests/integration/reports/get.tavern.yml b/api/tests/integration/reports/get.tavern.yml
@@ -104,7 +104,7 @@ stages:
 
 ---
 
-test_name: App user can only retrieve their notifications if not published.
+test_name: App user can only retrieve their reports even if not published.
 
 includes:
   - !include schema.yml
@@ -186,3 +186,34 @@ stages:
     response:
       status_code: 404
 
+
+---
+
+test_name: Hidden photos are not displayed in reports
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - adult_report
+    - report_hidden_photo
+    - token_user_can_view
+
+stages:
+  - name: User without perm view can retrieve
+    request:
+      url: "{api_live_url}/{endpoint}/{adult_report.pk}/"
+      method: "GET"
+      headers:
+        Authorization: "Token {token_user_can_view:s}"
+    response:
+      status_code: 200
+      verify_response_with:
+        function: tavern.helpers:validate_content
+        extra_kwargs:
+          comparisons:
+            - jmespath: "photos"
+              operator: "count_eq"
+              expected: 0
