Skip to content

Add admin-only camera access tests for picture handler #3247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 8 commits into
base: dev
Choose a base branch
from
Draft

Add admin-only camera access tests for picture handler #3247

Copilot wants to merge 8 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 19, 2025
edited
Loading

Added coverage for the new admin_only camera flag to verify admin vs normal user access over the HTTP API.

  • New handler tests: Exercised /picture/<id>/current with admin_only enabled/disabled to assert 200 for admins (signature-auth) and 403 for normal users.
  • Test scaffolding: Stubbed handler response and injected minimal config/cache state for deterministic access-control checks.

Example:

# admin-only camera allows admin via signed request, blocks normal user
path = '/picture/1/current?_username=admin'
url = f'{path}&_signature={compute_signature("GET", path, b"", "adm1n")}'
resp = self.fetch(url)          # 200
resp_user = self.fetch('/picture/1/current')  # 403 when @admin_only = True
Original prompt

Please add tests for the new admin_only flag added in #3245. Open the pull requests against the HEAD branch of #3245.

The tests shall cover access with the users admin and user, which are hardcoded in motionEye, with and without the admin-only flag. Apart of unit tests, additional tests with the web API on a locally running motionEye daemon would be a great addition.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Marijn0 added 3 commits December 17, 2025 20:33
Add admin-only camera access control
91d5a68 
Add an admin_only flag to camera configuration and enforce it across the UI and handlers.

Admin-only cameras are hidden from non-admin users in camera listings and are blocked
from accessing pictures, movies, actions, and live frames. The flag is synced for remote
cameras, configurable via the UI, and is disabled by default.
Format code with Black
96a757c
Apply suggestions
efbcd8e
Copilot AI self-assigned this Dec 19, 2025
@MichaIng MichaIng mentioned this pull request Dec 19, 2025
Open
Copilot AI changed the title [WIP] Add tests for admin_only flag functionality Add admin-only camera access tests for picture handler Dec 19, 2025
Copilot AI requested a review from MichaIng December 19, 2025 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MichaIng MichaIng Awaiting requested review from MichaIng

At least 1 approving review is required to merge this pull request.

Assignees

@MichaIng MichaIng

Copilot code review Copilot

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MichaIng