fix: module_ids as integers in response, add 403 test for POST /audio/combined

api/router.py

@@ -269,8 +269,9 @@ async def create_combined_source(body: dict, user: dict = Depends(current_user))
         os.path.expanduser("~/.config/tueit-transcriber/pipewire-modules.json")
     )
     state_path.parent.mkdir(parents=True, exist_ok=True)
-    state_path.write_text(json.dumps({"ids": [int(sink_id), int(mic_id), int(mon_id)]}))
+    ids = [int(sink_id), int(mic_id), int(mon_id)]
-    return {"device": "transkriptor-combined.monitor", "module_ids": [sink_id, mic_id, mon_id]}
+    state_path.write_text(json.dumps({"ids": ids}))
+    return {"device": "transkriptor-combined.monitor", "module_ids": ids}
 
 
 @router.websocket("/ws")

tests/test_api.py

@@ -130,3 +130,17 @@ def test_audio_devices_forbidden_for_non_admin():
         assert r.status_code == 403
     finally:
         app.dependency_overrides.pop(current_user, None)
+
+
+def test_audio_combined_forbidden_for_non_admin():
+    from main import app
+    from api.router import current_user
+    app.dependency_overrides[current_user] = lambda: {"username": "u", "output_dir": "/tmp", "is_admin": False}
+    try:
+        from fastapi.testclient import TestClient
+        client = TestClient(app)
+        r = client.post("/audio/combined", json={"mic": "x", "monitor": "y"},
+                        headers={"Authorization": "Bearer fake"})
+        assert r.status_code == 403
+    finally:
+        app.dependency_overrides.pop(current_user, None)