local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Add actor parameter to all tests requiring authorization

Browse source 
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
This commit is contained in:
Moritz 2026-01-23 20:00:24 +01:00
parent 686f69c9e9
commit 0f48a9b15a
Signed by: moritz
GPG key ID: 1020A035E5DD0824
75 changed files with 4686 additions and 2859 deletions
Download patch file Download diff file Expand all files Collapse all files

68
test/mv_web/live/role_live_test.exs
View file

@ -26,7 +26,7 @@ defmodule MvWeb.RoleLiveTest do
end
# Helper to create admin user with admin role
defp create_admin_user(conn) do
defp create_admin_user(conn, actor) do
# Create admin role
admin_role =
case Authorization.list_roles() do
@ -60,14 +60,14 @@ defmodule MvWeb.RoleLiveTest do
email: "admin#{System.unique_integer([:positive])}@mv.local",
password: "testpassword123"
})
|> Ash.create()
|> Ash.create(actor: actor)
# Assign admin role using manage_relationship
{:ok, user} =
user
|> Ash.Changeset.for_update(:update, %{})
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
|> Ash.update()
|> Ash.update(actor: actor)
# Load role for authorization checks (must be loaded for can?/3 to work)
user_with_role = Ash.load!(user, :role, domain: Mv.Accounts)
@ -78,14 +78,14 @@ defmodule MvWeb.RoleLiveTest do
end
# Helper to create non-admin user
defp create_non_admin_user(conn) do
defp create_non_admin_user(conn, actor) do
{:ok, user} =
Mv.Accounts.User
|> Ash.Changeset.for_create(:register_with_password, %{
email: "user#{System.unique_integer([:positive])}@mv.local",
password: "testpassword123"
})
|> Ash.create()
|> Ash.create(actor: actor)
conn = conn_with_password_user(conn, user)
{conn, user}
@ -93,8 +93,9 @@ defmodule MvWeb.RoleLiveTest do
describe "index page" do
setup %{conn: conn} do
{conn, user, _admin_role} = create_admin_user(conn)
%{conn: conn, user: user}
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{conn, user, _admin_role} = create_admin_user(conn, system_actor)
%{conn: conn, actor: system_actor, user: user}
end
test "mounts successfully", %{conn: conn} do
@ -121,7 +122,7 @@ defmodule MvWeb.RoleLiveTest do
assert html =~ role.permission_set_name
end
test "shows system role badge", %{conn: conn} do
test "shows system role badge", %{conn: conn, actor: actor} do
_system_role =
Role
|> Ash.Changeset.for_create(:create_role, %{
@ -129,14 +130,14 @@ defmodule MvWeb.RoleLiveTest do
permission_set_name: "own_data"
})
|> Ash.Changeset.force_change_attribute(:is_system_role, true)
|> Ash.create!()
|> Ash.create!(actor: actor)
{:ok, _view, html} = live(conn, "/admin/roles")
assert html =~ "System Role" || html =~ "system"
end
test "delete button disabled for system roles", %{conn: conn} do
test "delete button disabled for system roles", %{conn: conn, actor: actor} do
system_role =
Role
|> Ash.Changeset.for_create(:create_role, %{
@ -144,7 +145,7 @@ defmodule MvWeb.RoleLiveTest do
permission_set_name: "own_data"
})
|> Ash.Changeset.force_change_attribute(:is_system_role, true)
|> Ash.create!()
|> Ash.create!(actor: actor)
{:ok, view, _html} = live(conn, "/admin/roles")
@ -191,8 +192,9 @@ defmodule MvWeb.RoleLiveTest do
describe "show page" do
setup %{conn: conn} do
{conn, user, _admin_role} = create_admin_user(conn)
%{conn: conn, user: user}
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{conn, user, _admin_role} = create_admin_user(conn, system_actor)
%{conn: conn, actor: system_actor, user: user}
end
test "mounts with valid role ID", %{conn: conn} do
@ -215,7 +217,7 @@ defmodule MvWeb.RoleLiveTest do
assert match?({:error, {:redirect, %{to: "/admin/roles"}}}, result)
end
test "shows system role badge if is_system_role is true", %{conn: conn} do
test "shows system role badge if is_system_role is true", %{conn: conn, actor: actor} do
system_role =
Role
|> Ash.Changeset.for_create(:create_role, %{
@ -223,7 +225,7 @@ defmodule MvWeb.RoleLiveTest do
permission_set_name: "own_data"
})
|> Ash.Changeset.force_change_attribute(:is_system_role, true)
|> Ash.create!()
|> Ash.create!(actor: actor)
{:ok, _view, html} = live(conn, "/admin/roles/#{system_role.id}")
@ -233,8 +235,9 @@ defmodule MvWeb.RoleLiveTest do
describe "form - create" do
setup %{conn: conn} do
{conn, user, _admin_role} = create_admin_user(conn)
%{conn: conn, user: user}
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{conn, user, _admin_role} = create_admin_user(conn, system_actor)
%{conn: conn, actor: system_actor, user: user}
end
test "mounts successfully", %{conn: conn} do
@ -306,9 +309,10 @@ defmodule MvWeb.RoleLiveTest do
describe "form - edit" do
setup %{conn: conn} do
{conn, user, _admin_role} = create_admin_user(conn)
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{conn, user, _admin_role} = create_admin_user(conn, system_actor)
role = create_role()
%{conn: conn, user: user, role: role}
%{conn: conn, actor: system_actor, user: user, role: role}
end
test "mounts with valid role ID", %{conn: conn, role: role} do
@ -347,7 +351,7 @@ defmodule MvWeb.RoleLiveTest do
assert updated_role.name == "Updated Role Name"
end
test "updates system role's permission_set_name", %{conn: conn} do
test "updates system role's permission_set_name", %{conn: conn, actor: actor} do
system_role =
Role
|> Ash.Changeset.for_create(:create_role, %{
@ -355,7 +359,7 @@ defmodule MvWeb.RoleLiveTest do
permission_set_name: "own_data"
})
|> Ash.Changeset.force_change_attribute(:is_system_role, true)
|> Ash.create!()
|> Ash.create!(actor: actor)
{:ok, view, _html} = live(conn, "/admin/roles/#{system_role.id}/edit?return_to=show")
@ -379,8 +383,9 @@ defmodule MvWeb.RoleLiveTest do
describe "delete functionality" do
setup %{conn: conn} do
{conn, user, _admin_role} = create_admin_user(conn)
%{conn: conn, user: user}
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{conn, user, _admin_role} = create_admin_user(conn, system_actor)
%{conn: conn, actor: system_actor, user: user}
end
test "deletes non-system role", %{conn: conn} do
@ -400,7 +405,7 @@ defmodule MvWeb.RoleLiveTest do
Authorization.get_role(role.id)
end
test "fails to delete system role with error message", %{conn: conn} do
test "fails to delete system role with error message", %{conn: conn, actor: actor} do
system_role =
Role
|> Ash.Changeset.for_create(:create_role, %{
@ -408,7 +413,7 @@ defmodule MvWeb.RoleLiveTest do
permission_set_name: "own_data"
})
|> Ash.Changeset.force_change_attribute(:is_system_role, true)
|> Ash.create!()
|> Ash.create!(actor: actor)
{:ok, view, html} = live(conn, "/admin/roles")
@ -428,8 +433,13 @@ defmodule MvWeb.RoleLiveTest do
end
describe "authorization" do
test "only admin can access /admin/roles", %{conn: conn} do
{conn, _user} = create_non_admin_user(conn)
setup do
system_actor = Mv.Helpers.SystemActor.get_system_actor()
%{actor: system_actor}
end
test "only admin can access /admin/roles", %{conn: conn, actor: actor} do
{conn, _user} = create_non_admin_user(conn, actor)
# Non-admin should be redirected or see error
# Note: Authorization is checked via can_access_page? which returns false
@ -443,8 +453,8 @@ defmodule MvWeb.RoleLiveTest do
assert html =~ "Listing Roles" || html =~ "Roles"
end
test "admin can access /admin/roles", %{conn: conn} do
{conn, _user, _admin_role} = create_admin_user(conn)
test "admin can access /admin/roles", %{conn: conn, actor: actor} do
{conn, _user, _admin_role} = create_admin_user(conn, actor)
{:ok, _view, _html} = live(conn, "/admin/roles")
end