58 lines
1.8 KiB
Python
58 lines
1.8 KiB
Python
"""
|
|
Test script to verify attachment access permissions are working correctly.
|
|
"""
|
|
|
|
import requests
|
|
import json
|
|
|
|
BASE_URL = "http://localhost:8000"
|
|
|
|
def test_attachment_access():
|
|
"""Test that project members can access task attachments."""
|
|
|
|
# Login as an artist user
|
|
login_response = requests.post(
|
|
f"{BASE_URL}/auth/login",
|
|
data={
|
|
"username": "artist@example.com",
|
|
"password": "password123"
|
|
}
|
|
)
|
|
|
|
if login_response.status_code != 200:
|
|
print(f"❌ Login failed: {login_response.status_code}")
|
|
print(login_response.text)
|
|
return
|
|
|
|
token = login_response.json()["access_token"]
|
|
headers = {"Authorization": f"Bearer {token}"}
|
|
|
|
print("✅ Login successful")
|
|
|
|
# Try to access an attachment (replace with actual attachment ID)
|
|
attachment_id = 1
|
|
|
|
attachment_response = requests.get(
|
|
f"{BASE_URL}/files/attachments/{attachment_id}",
|
|
headers=headers
|
|
)
|
|
|
|
print(f"\n📎 Attachment access test:")
|
|
print(f" Status: {attachment_response.status_code}")
|
|
|
|
if attachment_response.status_code == 200:
|
|
print(" ✅ Successfully accessed attachment")
|
|
print(f" Content-Type: {attachment_response.headers.get('content-type')}")
|
|
elif attachment_response.status_code == 403:
|
|
print(" ❌ Access denied (403 Forbidden)")
|
|
print(f" Response: {attachment_response.text}")
|
|
elif attachment_response.status_code == 404:
|
|
print(" ⚠️ Attachment not found (404)")
|
|
else:
|
|
print(f" ❌ Unexpected status: {attachment_response.status_code}")
|
|
print(f" Response: {attachment_response.text}")
|
|
|
|
if __name__ == "__main__":
|
|
print("Testing attachment access permissions...\n")
|
|
test_attachment_access()
|