operating-room-monitor-server/backend/tests/test_host_log_permissions.py

import os
from pathlib import Path

from app.host_log_permissions import ensure_bind_mount_readable


def test_chown_when_app_uid_set(tmp_path: Path, monkeypatch) -> None:
    target = tmp_path / "slice_0000.mp4"
    target.write_bytes(b"mp4")
    monkeypatch.setenv("APP_UID", str(os.getuid()))
    monkeypatch.setenv("APP_GID", str(os.getgid()))

    ensure_bind_mount_readable(target)

    assert target.stat().st_mode & 0o777 == 0o664
    assert target.stat().st_uid == os.getuid()


def test_mode_only_without_app_uid(tmp_path: Path, monkeypatch) -> None:
    target = tmp_path / "slice_0001.mp4"
    target.write_bytes(b"mp4")
    monkeypatch.delenv("APP_UID", raising=False)
    monkeypatch.delenv("APP_GID", raising=False)

    ensure_bind_mount_readable(target)

    assert target.stat().st_mode & 0o777 == 0o664