chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: persist account ownership for script templates and generations

Browse Source
This commit is contained in:
chihlasm
2026-04-09 17:18:38 +00:00
parent 478205c208
commit 8bcf08ae06
3 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/app/api/endpoints/scripts.py
View File

@@ -197,6 +197,7 @@ async def create_template(
template = ScriptTemplate( template = ScriptTemplate(
category_id=data.category_id, category_id=data.category_id,
team_id=current_user.team_id, team_id=current_user.team_id,
account_id=current_user.account_id,
created_by=current_user.id, created_by=current_user.id,
name=data.name, name=data.name,
slug=slug, slug=slug,
@@ -364,6 +365,7 @@ async def generate_script(
generation = ScriptGeneration( generation = ScriptGeneration(
template_id=template.id, template_id=template.id,
user_id=current_user.id, user_id=current_user.id,
account_id=current_user.account_id,
team_id=current_user.team_id, team_id=current_user.team_id,
session_id=data.session_id, session_id=data.session_id,
ai_session_id=data.ai_session_id, ai_session_id=data.ai_session_id,

5
backend/tests/test_script_templates.py
View File

@@ -1,4 +1,6 @@
"""Integration tests for Script Template Editor permissions and share endpoint.""" """Integration tests for Script Template Editor permissions and share endpoint."""
from uuid import UUID as PyUUID
import pytest import pytest
from httpx import AsyncClient from httpx import AsyncClient
from sqlalchemy import select from sqlalchemy import select
@@ -65,6 +67,9 @@ class TestScriptTemplatePermissions:
data = resp.json() data = resp.json()
assert data["name"] == "Test Template" assert data["name"] == "Test Template"
assert data["created_by"] is not None assert data["created_by"] is not None
result = await test_db.execute(select(ScriptTemplate).where(ScriptTemplate.id == PyUUID(data["id"])))
template = result.scalar_one()
assert template.account_id is not None
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_engineer_can_edit_own_template(self, client, auth_headers, test_db): async def test_engineer_can_edit_own_template(self, client, auth_headers, test_db):

21
backend/tests/test_scripts.py
View File

@@ -6,14 +6,18 @@ from datetime import datetime, timezone
import pytest import pytest
import sqlalchemy as sa import sqlalchemy as sa
from app.models.script_template import ScriptGeneration
from app.models.user import User
# ── Fixtures ────────────────────────────────────────────────────────────── # ── Fixtures ──────────────────────────────────────────────────────────────
@pytest.fixture @pytest.fixture
async def seed_script_data(test_db): async def seed_script_data(test_db, test_user):
"""Seed script categories and templates into the test database.""" """Seed script categories and templates into the test database."""
now = datetime.now(timezone.utc) now = datetime.now(timezone.utc)
cat_id = uuid.UUID("00000000-0000-0000-0000-000000000001") cat_id = uuid.UUID("00000000-0000-0000-0000-000000000001")
user_result = await test_db.execute(sa.select(User).where(User.email == test_user["email"]))
user = user_result.scalar_one()
# Insert category # Insert category
await test_db.execute( await test_db.execute(
@@ -142,20 +146,20 @@ async def seed_script_data(test_db):
await test_db.execute( await test_db.execute(
sa.text(""" sa.text("""
INSERT INTO script_templates ( INSERT INTO script_templates (
id, category_id, name, slug, description, id, category_id, account_id, name, slug, description,
script_body, parameters_schema, default_values, validation_rules, script_body, parameters_schema, default_values, validation_rules,
tags, complexity, estimated_runtime, requires_elevation, tags, complexity, estimated_runtime, requires_elevation,
requires_modules, version, is_verified, is_active, usage_count, requires_modules, version, is_verified, is_active, usage_count,
created_at, updated_at created_at, updated_at
) VALUES ( ) VALUES (
:id, :category_id, :name, :slug, :description, :id, :category_id, :account_id, :name, :slug, :description,
:script_body, CAST(:parameters_schema AS jsonb), '{}'::jsonb, '{}'::jsonb, :script_body, CAST(:parameters_schema AS jsonb), '{}'::jsonb, '{}'::jsonb,
CAST(:tags AS jsonb), :complexity, :estimated_runtime, :requires_elevation, CAST(:tags AS jsonb), :complexity, :estimated_runtime, :requires_elevation,
'[]'::jsonb, 1, true, true, 0, '[]'::jsonb, 1, true, true, 0,
:now, :now :now, :now
) )
"""), """),
{**tmpl, "category_id": cat_id, "now": now}, {**tmpl, "category_id": cat_id, "account_id": user.account_id, "now": now},
) )
await test_db.commit() await test_db.commit()
@@ -245,7 +249,7 @@ async def test_get_template_detail_not_found(client, auth_headers):
# ── Generate ────────────────────────────────────────────────────────────── # ── Generate ──────────────────────────────────────────────────────────────
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_generate_script_success(client, auth_headers, seed_script_data): async def test_generate_script_success(client, auth_headers, seed_script_data, test_db, test_user):
list_resp = await client.get( list_resp = await client.get(
"/api/v1/scripts/templates?search=unlock", "/api/v1/scripts/templates?search=unlock",
headers=auth_headers, headers=auth_headers,
@@ -265,6 +269,13 @@ async def test_generate_script_success(client, auth_headers, seed_script_data):
assert "script" in data assert "script" in data
assert "jsmith" in data["script"] assert "jsmith" in data["script"]
assert "id" in data assert "id" in data
generation_result = await test_db.execute(
sa.select(ScriptGeneration).where(ScriptGeneration.id == uuid.UUID(data["id"]))
)
generation = generation_result.scalar_one()
user_result = await test_db.execute(sa.select(User).where(User.email == test_user["email"]))
user = user_result.scalar_one()
assert generation.account_id == user.account_id
@pytest.mark.asyncio @pytest.mark.asyncio