Allow same-team clip reads in gameday

2026-04-24 10:16:02 -05:00
parent 6e93a03b0f
commit 867090ac05
2 changed files with 73 additions and 1 deletions
--- a/backend/tests/test_api.py
+++ b/backend/tests/test_api.py
@@ -690,6 +690,58 @@ def test_hidden_clips_are_removed_from_gameday_views_but_remain_pinnable() -> No
    assert [item["clip_id"] for item in pins.json()] == [clip.id]


+def test_same_team_player_can_read_another_players_clips() -> None:
+    db = SessionLocal()
+    owner_session = UserSession(
+        session_token="owner-library-session",
+        provider="teamsnap",
+        external_team_id="team-share",
+        external_player_id="player-owner",
+    )
+    viewer_session = UserSession(
+        session_token="viewer-library-session",
+        provider="teamsnap",
+        external_team_id="team-share",
+        external_player_id="player-viewer",
+    )
+    db.add_all([owner_session, viewer_session])
+    db.flush()
+
+    asset = AudioAsset(
+        external_team_id="team-share",
+        owner_external_player_id="player-owner",
+        uploaded_by_session_id=owner_session.id,
+        title="Shared song",
+        original_filename="shared-song.mp3",
+        mime_type="audio/mpeg",
+        size_bytes=123,
+        storage_path="uploads/shared-song.mp3",
+    )
+    db.add(asset)
+    db.flush()
+    clip = AudioClip(
+        asset_id=asset.id,
+        label="Shared clip",
+        start_ms=0,
+        end_ms=10000,
+        normalization_status="ready",
+        normalized_path="normalized/shared-clip.mp3",
+    )
+    db.add(clip)
+    db.commit()
+    db.close()
+
+    client.cookies.set(settings.session_cookie_name, "viewer-library-session")
+    response = client.get(
+        "/media/clips",
+        params={"external_team_id": "team-share", "owner_external_player_id": "player-owner"},
+    )
+
+    assert response.status_code == 200
+    assert [item["id"] for item in response.json()] == [clip.id]
+    assert response.json()[0]["owner_external_player_id"] == "player-owner"
+
+
 def test_clip_updates_can_use_player_scoped_authorization() -> None:
    uploader_session = UserSession(session_token="uploader-session", provider="teamsnap")
    editor_session = UserSession(