Add regression tests: escrow refunds, permission classes, hub subfield, user serializer edge cases

[cursor]

Risky behavior now covered

• Escrow.refund() — Core financial logic for bounty/fundraise refunds had zero direct tests. Now covered: zero-amount early return, overspend rejection, balance record creation, sequential refunds, status transitions (cancelled/expired), and paid-status protection.
• Permission classes (HasEditingPermission, HasOrgEditingPermission, HasAdminPermission, HasAccessPermission) — Widely used document-level permission classes had no unit tests. Now covered: admin/editor/viewer/outsider/anonymous access paths, NO_ACCESS denial, missing unified_document error, and perm=False org-path behavior.
• Hub.get_from_subfield() — Documents current behavior with duplicate hubs (MultipleObjectsReturned), journal namespace exclusion, and subfield_id fallback matching.
• DynamicUserSerializer.get_author_profile — Missing author_profile gracefully returns {} instead of crashing (high-traffic serializer, ~640 Sentry events/day from this path).
• create_feed_entry task — Documents current behavior when item is deleted before feed entry creation.

Test files added/updated

File	Tests added
src/reputation/tests/test_escrow.py (new)	10
src/researchhub_access_group/tests/test_document_permissions.py (new)	22
src/hub/tests/test_models.py	4
src/user/tests/test_serializers.py	1
src/feed/tests/test_tasks.py	1
Total	38

Why these tests materially reduce regression risk

1. Financial safety — Escrow.refund() handles real money flows. The 10 new tests catch regressions in amount validation, balance updates, and status transitions that could cause fund loss or double-refunds.
2. Access control — The 4 permission classes gate editing/viewing of documents across Notes, Posts, and Papers. Without tests, refactors could silently open or break access.
3. Sentry error prevention — The hub duplicate and user serializer tests cover code paths responsible for ~3,700 Sentry events/day in production. These tests will catch regressions if the guard logic is modified.
4. Feed reliability — The feed task test documents that deleted items currently crash the task, providing a baseline for the pending Sentry fix.

  

[sonarqubecloud]

Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.57%. Comparing base (bf1c5ba) to head (2d685be).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3206      +/-   ##
==========================================
+ Coverage   78.53%   78.57%   +0.03%     
==========================================
  Files         612      612              
  Lines       34284    34284              
==========================================
+ Hits        26926    26937      +11     
+ Misses       7358     7347      -11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.