Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 01:35:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(gallery): fail closed for null-user owner scope (#3613)

Browse Source
This commit is contained in:
RaresKeY
2026-06-09 21:20:21 +03:00
committed by GitHub
parent cdfda4bd16
commit 5d33393a28
6 changed files with 201 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_null_owner_gates.py
+11 -2
View File
@@ -153,11 +153,20 @@ def test_document_owner_filter_applies_owner_clause():
# gallery._owner_filter
# ---------------------------------------------------------------------------
def test_gallery_owner_filter_allows_single_user_mode():
def test_gallery_owner_filter_blocks_anonymous(monkeypatch):
monkeypatch.setenv("AUTH_ENABLED", "true")
from routes.gallery_routes import _owner_filter
fake_q = MagicMock()
out = _owner_filter(fake_q, user=None)
fake_q.filter.assert_called_once_with(False)
assert out is fake_q.filter.return_value
def test_gallery_owner_filter_allows_single_user_mode(monkeypatch):
monkeypatch.setenv("AUTH_ENABLED", "false")
from routes.gallery_routes import _owner_filter
fake_q = MagicMock()
out = _owner_filter(fake_q, user=None)
# user=None means single-user/auth-disabled mode: return q unchanged, no filter.
fake_q.filter.assert_not_called()
assert out is fake_q