local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Add actor parameter to all tests requiring authorization

Browse source 
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
This commit is contained in:
Moritz 2026-01-23 20:00:24 +01:00
parent 686f69c9e9
commit 0f48a9b15a
Signed by: moritz
GPG key ID: 1020A035E5DD0824
75 changed files with 4686 additions and 2859 deletions
Download patch file Download diff file Expand all files Collapse all files

88
test/mv/helpers/system_actor_test.exs
View file

@ -43,51 +43,55 @@ defmodule Mv.Helpers.SystemActorTest do
# Helper function to ensure system user exists with admin role
defp ensure_system_user(admin_role) do
# Use authorize?: false for bootstrap operations
case Accounts.User
|> Ash.Query.filter(email == ^"system@mila.local")
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, authorize?: false) do
{:ok, user} when not is_nil(user) ->
user
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
|> Ash.update!()
|> Ash.load!(:role, domain: Mv.Accounts)
|> Ash.update!(authorize?: false)
|> Ash.load!(:role, domain: Mv.Accounts, authorize?: false)
_ ->
Accounts.create_user!(%{email: "system@mila.local"},
upsert?: true,
upsert_identity: :unique_email
upsert_identity: :unique_email,
authorize?: false
)
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
|> Ash.update!()
|> Ash.load!(:role, domain: Mv.Accounts)
|> Ash.update!(authorize?: false)
|> Ash.load!(:role, domain: Mv.Accounts, authorize?: false)
end
end
# Helper function to ensure admin user exists with admin role
defp ensure_admin_user(admin_role) do
# Use authorize?: false for bootstrap operations
admin_email = System.get_env("ADMIN_EMAIL") || "admin@localhost"
case Accounts.User
|> Ash.Query.filter(email == ^admin_email)
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, authorize?: false) do
{:ok, user} when not is_nil(user) ->
user
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
|> Ash.update!()
|> Ash.load!(:role, domain: Mv.Accounts)
|> Ash.update!(authorize?: false)
|> Ash.load!(:role, domain: Mv.Accounts, authorize?: false)
_ ->
Accounts.create_user!(%{email: admin_email},
upsert?: true,
upsert_identity: :unique_email
upsert_identity: :unique_email,
authorize?: false
)
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
|> Ash.update!()
|> Ash.load!(:role, domain: Mv.Accounts)
|> Ash.update!(authorize?: false)
|> Ash.load!(:role, domain: Mv.Accounts, authorize?: false)
end
end
@ -114,11 +118,13 @@ defmodule Mv.Helpers.SystemActorTest do
test "falls back to admin user if system user doesn't exist", %{admin_user: _admin_user} do
# Delete system user if it exists
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^"system@mila.local")
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -151,11 +157,13 @@ defmodule Mv.Helpers.SystemActorTest do
test "creates system user in test environment if none exists", %{admin_role: _admin_role} do
# In test environment, system actor should auto-create if missing
# Delete all users to test auto-creation
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^"system@mila.local")
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -163,11 +171,13 @@ defmodule Mv.Helpers.SystemActorTest do
admin_email = System.get_env("ADMIN_EMAIL") || "admin@localhost"
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^admin_email)
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -211,11 +221,13 @@ defmodule Mv.Helpers.SystemActorTest do
test "returns error tuple when system actor cannot be loaded" do
# Delete all users to force error
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^"system@mila.local")
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -223,11 +235,13 @@ defmodule Mv.Helpers.SystemActorTest do
admin_email = System.get_env("ADMIN_EMAIL") || "admin@localhost"
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^admin_email)
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -252,18 +266,22 @@ defmodule Mv.Helpers.SystemActorTest do
describe "edge cases" do
test "raises error if admin user has no role", %{admin_user: admin_user} do
system_actor = SystemActor.get_system_actor()
# Remove role from admin user
admin_user
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, nil, type: :append_and_remove)
|> Ash.update!()
|> Ash.update!(actor: system_actor)
# Delete system user to force fallback
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^"system@mila.local")
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -279,11 +297,13 @@ defmodule Mv.Helpers.SystemActorTest do
test "handles concurrent calls without race conditions" do
# Delete system user and admin user to force creation
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^"system@mila.local")
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -291,11 +311,13 @@ defmodule Mv.Helpers.SystemActorTest do
admin_email = System.get_env("ADMIN_EMAIL") || "admin@localhost"
system_actor = SystemActor.get_system_actor()
case Accounts.User
|> Ash.Query.filter(email == ^admin_email)
|> Ash.read_one(domain: Mv.Accounts) do
|> Ash.read_one(domain: Mv.Accounts, actor: system_actor) do
{:ok, user} when not is_nil(user) ->
Ash.destroy!(user, domain: Mv.Accounts)
Ash.destroy!(user, domain: Mv.Accounts, actor: system_actor)
_ ->
:ok
@ -330,11 +352,13 @@ defmodule Mv.Helpers.SystemActorTest do
permission_set_name: "read_only"
})
system_actor = SystemActor.get_system_actor()
# Assign wrong role to system user
system_user
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, read_only_role, type: :append_and_remove)
|> Ash.update!()
|> Ash.update!(actor: system_actor)
SystemActor.invalidate_cache()
@ -345,11 +369,13 @@ defmodule Mv.Helpers.SystemActorTest do
end
test "raises error if system user has no role", %{system_user: system_user} do
system_actor = SystemActor.get_system_actor()
# Remove role from system user
system_user
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, nil, type: :append_and_remove)
|> Ash.update!()
|> Ash.update!(actor: system_actor)
SystemActor.invalidate_cache()