""" Test script to debug 403 error when accessing shot detail """ import requests import json BASE_URL = "http://localhost:8000" def test_shot_detail_access(): """Test shot detail access with different user roles""" # Test 1: Login as admin print("=" * 60) print("Test 1: Admin accessing shot detail") print("=" * 60) admin_login = requests.post(f"{BASE_URL}/auth/login", json={ "email": "admin@example.com", "password": "admin123" }) if admin_login.status_code == 200: admin_token = admin_login.json()["access_token"] headers = {"Authorization": f"Bearer {admin_token}"} # Get first shot shots_response = requests.get(f"{BASE_URL}/shots/", headers=headers) print(f"Get shots status: {shots_response.status_code}") if shots_response.status_code == 200: shots = shots_response.json() if shots: shot_id = shots[0]["id"] print(f"Testing with shot ID: {shot_id}") # Get shot detail shot_detail = requests.get(f"{BASE_URL}/shots/{shot_id}", headers=headers) print(f"Get shot detail status: {shot_detail.status_code}") if shot_detail.status_code == 200: print("✓ Admin can access shot detail") print(json.dumps(shot_detail.json(), indent=2)) else: print(f"✗ Admin got error: {shot_detail.text}") else: print("No shots found") else: print(f"Failed to get shots: {shots_response.text}") else: print(f"Admin login failed: {admin_login.text}") # Test 2: Login as artist print("\n" + "=" * 60) print("Test 2: Artist accessing shot detail") print("=" * 60) # First, get or create an artist user artist_login = requests.post(f"{BASE_URL}/auth/login", json={ "email": "artist@example.com", "password": "artist123" }) if artist_login.status_code == 200: artist_token = artist_login.json()["access_token"] headers = {"Authorization": f"Bearer {artist_token}"} # Get shots accessible to artist shots_response = requests.get(f"{BASE_URL}/shots/", headers=headers) print(f"Get shots status: {shots_response.status_code}") if shots_response.status_code == 200: shots = shots_response.json() if shots: shot_id = shots[0]["id"] episode_id = shots[0]["episode_id"] print(f"Testing with shot ID: {shot_id}, Episode ID: {episode_id}") # Get shot detail shot_detail = requests.get(f"{BASE_URL}/shots/{shot_id}", headers=headers) print(f"Get shot detail status: {shot_detail.status_code}") if shot_detail.status_code == 200: print("✓ Artist can access shot detail") print(json.dumps(shot_detail.json(), indent=2)) elif shot_detail.status_code == 403: print("✗ Artist got 403 Forbidden") print(f"Response: {shot_detail.text}") # Check project membership print("\nChecking project membership...") # Get episode to find project episode_response = requests.get(f"{BASE_URL}/episodes/{episode_id}", headers={"Authorization": f"Bearer {admin_token}"}) if episode_response.status_code == 200: project_id = episode_response.json()["project_id"] print(f"Shot belongs to project ID: {project_id}") # Check if artist is member project_response = requests.get(f"{BASE_URL}/projects/{project_id}", headers={"Authorization": f"Bearer {admin_token}"}) if project_response.status_code == 200: members = project_response.json().get("members", []) print(f"Project has {len(members)} members") artist_is_member = any(m.get("email") == "artist@example.com" for m in members) print(f"Artist is project member: {artist_is_member}") else: print(f"✗ Artist got error: {shot_detail.text}") else: print("No shots accessible to artist") else: print(f"Failed to get shots: {shots_response.text}") else: print(f"Artist login failed: {artist_login.text}") if __name__ == "__main__": test_shot_detail_access()