"""
Test script to verify attachment access permissions are working correctly.
"""

import requests
import json

BASE_URL = "http://localhost:8000"

def test_attachment_access():
    """Test that project members can access task attachments."""
    
    # Login as an artist user
    login_response = requests.post(
        f"{BASE_URL}/auth/login",
        data={
            "username": "artist@example.com",
            "password": "password123"
        }
    )
    
    if login_response.status_code != 200:
        print(f"❌ Login failed: {login_response.status_code}")
        print(login_response.text)
        return
    
    token = login_response.json()["access_token"]
    headers = {"Authorization": f"Bearer {token}"}
    
    print("✅ Login successful")
    
    # Try to access an attachment (replace with actual attachment ID)
    attachment_id = 1
    
    attachment_response = requests.get(
        f"{BASE_URL}/files/attachments/{attachment_id}",
        headers=headers
    )
    
    print(f"\n📎 Attachment access test:")
    print(f"   Status: {attachment_response.status_code}")
    
    if attachment_response.status_code == 200:
        print("   ✅ Successfully accessed attachment")
        print(f"   Content-Type: {attachment_response.headers.get('content-type')}")
    elif attachment_response.status_code == 403:
        print("   ❌ Access denied (403 Forbidden)")
        print(f"   Response: {attachment_response.text}")
    elif attachment_response.status_code == 404:
        print("   ⚠️  Attachment not found (404)")
    else:
        print(f"   ❌ Unexpected status: {attachment_response.status_code}")
        print(f"   Response: {attachment_response.text}")

if __name__ == "__main__":
    print("Testing attachment access permissions...\n")
    test_attachment_access()