terra-view/tests/test_portal_scope.py

import uuid
from datetime import datetime
from tests.conftest import make_project
from backend import portal_auth as pa
from backend.auth_passwords import hash_password
from backend.models import MonitoringLocation


def _sound_location(db_session, project):
    loc = MonitoringLocation(
        id=str(uuid.uuid4()), project_id=project.id, name="Site",
        location_type="sound", created_at=datetime.utcnow(),
        sort_order=0)
    db_session.add(loc)
    db_session.commit()
    return loc


def test_session_for_A_cannot_open_B_location(client, db_session):
    a = make_project(db_session, portal_enabled=True, portal_link_token="ta",
                     portal_password_hash=hash_password("pw"))
    b = make_project(db_session)
    b_loc = _sound_location(db_session, b)

    # Establish an A session
    r = client.post("/portal/p/ta", data={"password": "pw"}, follow_redirects=False)
    assert r.status_code == 303

    # Try to open B's location page → 404 (not 403), no leak
    r2 = client.get(f"/portal/location/{b_loc.id}")
    assert r2.status_code == 404


def test_session_can_open_its_own_location(client, db_session):
    # Positive case: proves the negative test's 404 is real scoping, not a blanket
    # "client owns nothing" failure — an A session CAN open A's own location.
    a = make_project(db_session, portal_enabled=True, portal_link_token="ta2",
                     portal_password_hash=hash_password("pw"))
    a_loc = _sound_location(db_session, a)
    r = client.post("/portal/p/ta2", data={"password": "pw"}, follow_redirects=False)
    assert r.status_code == 303
    r2 = client.get(f"/portal/location/{a_loc.id}")
    assert r2.status_code == 200