Add actor parameter to all tests requiring authorization

This commit adds actor: system_actor to all Ash operations in tests that require authorization.
2026-01-23 20:00:24 +01:00 · 2026-01-23 20:00:24 +01:00 · 0f48a9b15a
commit 0f48a9b15a
parent 686f69c9e9
75 changed files with 4686 additions and 2859 deletions
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@ -115,15 +115,16 @@ defmodule MvWeb.ConnCase do

    # Create admin role and assign it
    admin_role = Mv.Fixtures.role_fixture("admin")
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()

    {:ok, user} =
      user
      |> Ash.Changeset.for_update(:update, %{})
      |> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
-      |> Ash.update()
+      |> Ash.update(actor: system_actor)

    # Load role for authorization
-    user_with_role = Ash.load!(user, :role, domain: Mv.Accounts)
+    user_with_role = Ash.load!(user, :role, domain: Mv.Accounts, actor: system_actor)

    sign_in_user_via_oidc(conn, user_with_role)
  end
--- a/test/support/fixtures.ex
+++ b/test/support/fixtures.ex
@ -9,6 +9,8 @@ defmodule Mv.Fixtures do
  @doc """
  Creates a member with default or custom attributes.

+  Uses system_actor for authorization to bypass permission checks in tests.
+
  ## Parameters
    - `attrs` - Map or keyword list of attributes to override defaults

@ -25,13 +27,15 @@ defmodule Mv.Fixtures do

  """
  def member_fixture(attrs \\ %{}) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
    attrs
    |> Enum.into(%{
      first_name: "Test",
      last_name: "Member",
      email: "test#{System.unique_integer([:positive])}@example.com"
    })
-    |> Mv.Membership.create_member()
+    |> Mv.Membership.create_member(actor: system_actor)
    |> case do
      {:ok, member} -> member
      {:error, error} -> raise "Failed to create member: #{inspect(error)}"
@ -41,6 +45,11 @@ defmodule Mv.Fixtures do
  @doc """
  Creates a user with default or custom attributes.

+  Uses system_actor for authorization to bypass permission checks in tests.
+
+  Note: create_user action should work via AshAuthentication bypass,
+  but we use system_actor for consistency and safety.
+
  ## Parameters
    - `attrs` - Map or keyword list of attributes to override defaults

@ -57,11 +66,13 @@ defmodule Mv.Fixtures do

  """
  def user_fixture(attrs \\ %{}) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
    attrs
    |> Enum.into(%{
      email: "user#{System.unique_integer([:positive])}@example.com"
    })
-    |> Mv.Accounts.create_user()
+    |> Mv.Accounts.create_user(actor: system_actor)
    |> case do
      {:ok, user} -> user
      {:error, error} -> raise "Failed to create user: #{inspect(error)}"
@ -97,6 +108,8 @@ defmodule Mv.Fixtures do
  @doc """
  Creates a role with a specific permission set.

+  Uses system_actor for authorization to bypass permission checks in tests.
+
  ## Parameters
    - `permission_set_name` - The permission set name (e.g., "admin", "read_only", "normal_user", "own_data")

@ -110,13 +123,17 @@ defmodule Mv.Fixtures do

  """
  def role_fixture(permission_set_name) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
    role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"

-    case Mv.Authorization.create_role(%{
-           name: role_name,
-           description: "Test role for #{permission_set_name}",
-           permission_set_name: permission_set_name
-         }) do
+    case Mv.Authorization.create_role(
+           %{
+             name: role_name,
+             description: "Test role for #{permission_set_name}",
+             permission_set_name: permission_set_name
+           },
+           actor: system_actor
+         ) do
      {:ok, role} -> role
      {:error, error} -> raise "Failed to create role: #{inspect(error)}"
    end
@ -140,6 +157,8 @@ defmodule Mv.Fixtures do

  """
  def user_with_role_fixture(permission_set_name \\ "admin", user_attrs \\ %{}) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
    # Create role with permission set
    role = role_fixture(permission_set_name)

@ -149,14 +168,14 @@ defmodule Mv.Fixtures do
      |> Enum.into(%{
        email: "user#{System.unique_integer([:positive])}@example.com"
      })
-      |> Mv.Accounts.create_user()
+      |> Mv.Accounts.create_user(actor: system_actor)

    # Assign role to user
    {:ok, user} =
      user
      |> Ash.Changeset.for_update(:update, %{})
      |> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
-      |> Ash.update()
+      |> Ash.update(actor: system_actor)

    # Reload user with role preloaded (critical for authorization!)
    {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts)