116 lines
4.7 KiB
Python
116 lines
4.7 KiB
Python
"""
|
|
Test script to debug 403 error when accessing shot detail
|
|
"""
|
|
import requests
|
|
import json
|
|
|
|
BASE_URL = "http://localhost:8000"
|
|
|
|
def test_shot_detail_access():
|
|
"""Test shot detail access with different user roles"""
|
|
|
|
# Test 1: Login as admin
|
|
print("=" * 60)
|
|
print("Test 1: Admin accessing shot detail")
|
|
print("=" * 60)
|
|
|
|
admin_login = requests.post(f"{BASE_URL}/auth/login", json={
|
|
"email": "admin@example.com",
|
|
"password": "admin123"
|
|
})
|
|
|
|
if admin_login.status_code == 200:
|
|
admin_token = admin_login.json()["access_token"]
|
|
headers = {"Authorization": f"Bearer {admin_token}"}
|
|
|
|
# Get first shot
|
|
shots_response = requests.get(f"{BASE_URL}/shots/", headers=headers)
|
|
print(f"Get shots status: {shots_response.status_code}")
|
|
|
|
if shots_response.status_code == 200:
|
|
shots = shots_response.json()
|
|
if shots:
|
|
shot_id = shots[0]["id"]
|
|
print(f"Testing with shot ID: {shot_id}")
|
|
|
|
# Get shot detail
|
|
shot_detail = requests.get(f"{BASE_URL}/shots/{shot_id}", headers=headers)
|
|
print(f"Get shot detail status: {shot_detail.status_code}")
|
|
|
|
if shot_detail.status_code == 200:
|
|
print("✓ Admin can access shot detail")
|
|
print(json.dumps(shot_detail.json(), indent=2))
|
|
else:
|
|
print(f"✗ Admin got error: {shot_detail.text}")
|
|
else:
|
|
print("No shots found")
|
|
else:
|
|
print(f"Failed to get shots: {shots_response.text}")
|
|
else:
|
|
print(f"Admin login failed: {admin_login.text}")
|
|
|
|
# Test 2: Login as artist
|
|
print("\n" + "=" * 60)
|
|
print("Test 2: Artist accessing shot detail")
|
|
print("=" * 60)
|
|
|
|
# First, get or create an artist user
|
|
artist_login = requests.post(f"{BASE_URL}/auth/login", json={
|
|
"email": "artist@example.com",
|
|
"password": "artist123"
|
|
})
|
|
|
|
if artist_login.status_code == 200:
|
|
artist_token = artist_login.json()["access_token"]
|
|
headers = {"Authorization": f"Bearer {artist_token}"}
|
|
|
|
# Get shots accessible to artist
|
|
shots_response = requests.get(f"{BASE_URL}/shots/", headers=headers)
|
|
print(f"Get shots status: {shots_response.status_code}")
|
|
|
|
if shots_response.status_code == 200:
|
|
shots = shots_response.json()
|
|
if shots:
|
|
shot_id = shots[0]["id"]
|
|
episode_id = shots[0]["episode_id"]
|
|
print(f"Testing with shot ID: {shot_id}, Episode ID: {episode_id}")
|
|
|
|
# Get shot detail
|
|
shot_detail = requests.get(f"{BASE_URL}/shots/{shot_id}", headers=headers)
|
|
print(f"Get shot detail status: {shot_detail.status_code}")
|
|
|
|
if shot_detail.status_code == 200:
|
|
print("✓ Artist can access shot detail")
|
|
print(json.dumps(shot_detail.json(), indent=2))
|
|
elif shot_detail.status_code == 403:
|
|
print("✗ Artist got 403 Forbidden")
|
|
print(f"Response: {shot_detail.text}")
|
|
|
|
# Check project membership
|
|
print("\nChecking project membership...")
|
|
# Get episode to find project
|
|
episode_response = requests.get(f"{BASE_URL}/episodes/{episode_id}", headers={"Authorization": f"Bearer {admin_token}"})
|
|
if episode_response.status_code == 200:
|
|
project_id = episode_response.json()["project_id"]
|
|
print(f"Shot belongs to project ID: {project_id}")
|
|
|
|
# Check if artist is member
|
|
project_response = requests.get(f"{BASE_URL}/projects/{project_id}", headers={"Authorization": f"Bearer {admin_token}"})
|
|
if project_response.status_code == 200:
|
|
members = project_response.json().get("members", [])
|
|
print(f"Project has {len(members)} members")
|
|
artist_is_member = any(m.get("email") == "artist@example.com" for m in members)
|
|
print(f"Artist is project member: {artist_is_member}")
|
|
else:
|
|
print(f"✗ Artist got error: {shot_detail.text}")
|
|
else:
|
|
print("No shots accessible to artist")
|
|
else:
|
|
print(f"Failed to get shots: {shots_response.text}")
|
|
else:
|
|
print(f"Artist login failed: {artist_login.text}")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
test_shot_detail_access()
|