"""mattermost-lts — 2nd recipe-specific functional test (Phase 2 P3): multi-user message visibility. The defining behaviour of a team-chat platform is that a message one user posts is delivered to and readable by *another* user in the same channel — not just round-tripped by its own author (that is `test_create_message.py`). This exercises the real membership + post-delivery path end-to-end: 1. Bootstrap the shared system admin (user_a) → create team + open channel. 2. user_a posts a unique marker message to the channel. 3. Create a SECOND user (user_b) via the admin API; add user_b to the team + the channel. 4. user_b logs in (its own session token) and GETs the channel's posts. 5. Assert user_b sees user_a's marker message — cross-user delivery, not a self read-back. Distinct code path from the single-user post round-trip (membership, ACL, multi-session post fetch). Real assertions on delivered app state; unique marker per run so a stale/echoed response can't pass. """ from __future__ import annotations import os import sys import uuid sys.path.insert(0, os.path.dirname(__file__)) sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner")) import _mm # noqa: E402 from harness import http as harness_http # noqa: E402 def _login(base: str, login_id: str) -> str: status, _, hdrs = harness_http.post_with_headers( f"{base}/users/login", data={"login_id": login_id, "password": _mm.ADMIN_PW}, timeout=30 ) assert status == 200, f"login {login_id} failed: HTTP {status}" token = hdrs.get("Token") or hdrs.get("token") assert token, f"login {login_id} returned no Token header; headers={list(hdrs.keys())}" return token def test_second_user_reads_first_users_message(live_app): base = f"https://{live_app}/api/v4" uniq = uuid.uuid4().hex[:10] # 1) user_a = shared system admin; create team + open channel auth_a = _mm.bearer(_mm.bootstrap_admin(base)) status, team = harness_http.http_post( f"{base}/teams", data={"name": f"t{uniq}", "display_name": f"ccci {uniq}", "type": "O"}, headers=auth_a, timeout=30, ) assert status in (200, 201) and team.get("id"), f"team create HTTP {status}: {team!r}" status, chan = harness_http.http_post( f"{base}/channels", data={"team_id": team["id"], "name": f"c{uniq}", "display_name": f"chan {uniq}", "type": "O"}, headers=auth_a, timeout=30, ) assert status in (200, 201) and chan.get("id"), f"channel create HTTP {status}: {chan!r}" # 2) user_a posts a unique marker marker = f"ccci-multiuser-{uniq}" status, post = harness_http.http_post( f"{base}/posts", data={"channel_id": chan["id"], "message": marker}, headers=auth_a, timeout=30 ) assert status in (200, 201) and post.get("id"), f"post create HTTP {status}: {post!r}" # 3) create user_b (admin API — works with open-signup off) + add to team + channel email_b = f"ccci{uniq}b@ccci.example.com" status, ub = harness_http.http_post( f"{base}/users", data={"email": email_b, "username": f"ccci{uniq}b", "password": _mm.ADMIN_PW}, headers=auth_a, timeout=30, ) assert status in (200, 201) and ub.get("id"), f"user_b create HTTP {status}: {ub!r}" status, _ = harness_http.http_post( f"{base}/teams/{team['id']}/members", data={"team_id": team["id"], "user_id": ub["id"]}, headers=auth_a, timeout=30, ) assert status in (200, 201), f"add user_b to team HTTP {status}" status, _ = harness_http.http_post( f"{base}/channels/{chan['id']}/members", data={"user_id": ub["id"]}, headers=auth_a, timeout=30, ) assert status in (200, 201), f"add user_b to channel HTTP {status}" # 4) user_b logs in (own session) and reads the channel posts auth_b = _mm.bearer(_login(base, email_b)) status, posts = harness_http.http_get( f"{base}/channels/{chan['id']}/posts", headers=auth_b, timeout=30 ) assert status == 200 and isinstance(posts, dict), f"user_b get posts HTTP {status}: {posts!r}" # 5) user_b sees user_a's marker (cross-user delivery, not a self read-back) messages = [p.get("message") for p in (posts.get("posts") or {}).values()] assert marker in messages, ( f"user_b did not see user_a's message {marker!r} in the channel; saw {messages!r}" )