From 56fc6d853d50af788e5426764cc45bc5b6cc3d54 Mon Sep 17 00:00:00 2001
From: Lars <Lars@stommer.de>
Date: Mon, 11 May 2026 22:25:23 +0200
Subject: [PATCH] fix(P-13): repair 3 failing CI pytest tests for
 content_reports

- Add early 403 in set_legal_hold_from_report for plain admin (before DB
  call), fixing test_legal_hold_from_report_requires_superadmin
- Update test_list_inbox_requires_platform_admin to mock DB COUNT query
  (returns cnt=0) so it exercises the club_admin code path correctly
- Extend test_patch_report_under_review mock row with target_type,
  target_id, resolution_note fields now required by the audit-log path

version: 0.8.94
module:  content_reports 1.5.1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/routers/content_reports.py        |  7 +++++++
 backend/tests/test_p13_content_reports.py | 25 +++++++++++++++++++----
 backend/version.py                        | 12 +++++++++--
 frontend/src/version.js                   |  2 +-
 4 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/backend/routers/content_reports.py b/backend/routers/content_reports.py
index 55733c7..f0bcfca 100644
--- a/backend/routers/content_reports.py
+++ b/backend/routers/content_reports.py
@@ -867,6 +867,13 @@ def set_legal_hold_from_report(
     pid = tenant.profile_id
     role = tenant.global_role
 
+    # Plattform-Admin ohne Superadmin hat keine Legal-Hold-Rechte (fruehzeitig ablehnen)
+    if is_platform_admin(role) and not is_superadmin(role):
+        raise HTTPException(
+            status_code=403,
+            detail="Legal Hold erfordert Superadmin oder Vereinsadmin-Rechte",
+        )
+
     with get_db() as conn:
         cur = get_cursor(conn)
         cur.execute(
diff --git a/backend/tests/test_p13_content_reports.py b/backend/tests/test_p13_content_reports.py
index 3bc0dc4..eee82a2 100644
--- a/backend/tests/test_p13_content_reports.py
+++ b/backend/tests/test_p13_content_reports.py
@@ -208,8 +208,22 @@ def test_list_inbox_requires_platform_admin():
     from routers.content_reports import list_inbox_content_reports
     tenant = MagicMock()
     tenant.global_role = "trainer"
-    with pytest.raises(HTTPException) as exc:
-        list_inbox_content_reports(tenant=tenant)
+    tenant.profile_id = 99
+
+    # COUNT-Abfrage fuer Club-Admin-Rollen → 0 → 403
+    cnt_row = _row({"cnt": 0})
+    mock_cur = MagicMock()
+    mock_cur.fetchone.return_value = cnt_row
+
+    mock_conn = MagicMock()
+    mock_conn_ctx = MagicMock()
+    mock_conn_ctx.__enter__ = MagicMock(return_value=mock_conn)
+    mock_conn_ctx.__exit__ = MagicMock(return_value=False)
+
+    with patch("routers.content_reports.get_db", return_value=mock_conn_ctx), \
+         patch("routers.content_reports.get_cursor", return_value=mock_cur):
+        with pytest.raises(HTTPException) as exc:
+            list_inbox_content_reports(tenant=tenant)
     assert exc.value.status_code == 403
 
 
@@ -252,8 +266,11 @@ def test_patch_report_under_review():
     body = ContentReportPatch(status="under_review")
 
     existing_row = MagicMock()
-    existing_row.__getitem__ = lambda s, k: {"id": 5, "status": "submitted"}[k]
-    existing_row.keys = lambda: ["id", "status"]
+    existing_row.__getitem__ = lambda s, k: {
+        "id": 5, "status": "submitted",
+        "target_type": "media_asset", "target_id": 42, "resolution_note": None,
+    }[k]
+    existing_row.keys = lambda: ["id", "status", "target_type", "target_id", "resolution_note"]
 
     updated_row = MagicMock()
     updated_row.__getitem__ = lambda s, k: {"id": 5, "status": "under_review"}[k]
diff --git a/backend/version.py b/backend/version.py
index 126bac1..bee357d 100644
--- a/backend/version.py
+++ b/backend/version.py
@@ -1,6 +1,6 @@
 # Shinkan Jinkendo Version Information
 
-APP_VERSION = "0.8.93"
+APP_VERSION = "0.8.94"
 BUILD_DATE = "2026-05-11"
 DB_SCHEMA_VERSION = "20260511053"
 
@@ -30,10 +30,18 @@ MODULE_VERSIONS = {
     "membership": "1.0.0",
     "catalogs": "1.5.0",  # Updated: Trainer Contexts API (Migration 012)
     "maturity_models": "1.4.0",  # matrix_stack_bundle: vollständiger Katalog+Modelle+Bindings Export/Import
-    "content_reports": "1.5.0",  # P-13: Club-Admin Bearbeitung + Legal Hold (Vereinsebene), Archiv-Trennung
+    "content_reports": "1.5.1",  # P-13: Fruehzeitige 403 fuer plain Admin in set_legal_hold_from_report (CI-Fix)
 }
 
 CHANGELOG = [
+    {
+        "version": "0.8.94",
+        "date": "2026-05-11",
+        "changes": [
+            "Fix P-13: set_legal_hold_from_report wirft 403 fuer plain Admin vor DB-Zugriff (CI-Testkonsistenz).",
+            "Fix P-13: Tests test_list_inbox_requires_platform_admin und test_patch_report_under_review repariert.",
+        ],
+    },
     {
         "version": "0.8.93",
         "date": "2026-05-11",
diff --git a/frontend/src/version.js b/frontend/src/version.js
index cb40418..365be55 100644
--- a/frontend/src/version.js
+++ b/frontend/src/version.js
@@ -1,6 +1,6 @@
 // Shinkan Jinkendo Frontend Version
 
-export const APP_VERSION = "0.8.93"
+export const APP_VERSION = "0.8.94"
 export const BUILD_DATE = "2026-05-11"
 
 export const PAGE_VERSIONS = {