fix(auth): clean up rename and null-owner ownership (#4340)

2026-06-23 21:25:33 -04:00 · 2026-06-16 05:33:02 +03:00
parent 745c10e0d7
commit 4d10c16d02
14 changed files with 557 additions and 14 deletions
@@ -25,6 +25,7 @@ import routes.document_routes as droutes
 from core.database import Document
 from core.database import Session as DbSession
 from routes.document_helpers import DocumentPatch
+from routes.document_helpers import _owner_session_filter

 _TMPDB = tempfile.NamedTemporaryFile(suffix=".db", delete=False)
 _ENGINE = create_engine(
@@ -141,3 +142,18 @@ async def test_list_documents_filters_foreign_docs_in_visible_session():
        assert bob_doc not in ids
    finally:
        droutes.SessionLocal = previous_session_local
+
+
+def test_owner_session_filter_noops_for_auth_disabled_single_user(monkeypatch):
+    monkeypatch.setenv("AUTH_ENABLED", "false")
+    previous_session_local = _bind_test_db()
+    try:
+        _alice_session, _bob_session, alice_doc, _bob_doc, _legacy_doc = _seed()
+        db = _TS()
+        try:
+            q = db.query(Document).filter(Document.id == alice_doc)
+            assert _owner_session_filter(q, None).first().id == alice_doc
+        finally:
+            db.close()
+    finally:
+        droutes.SessionLocal = previous_session_local