Add actor parameter to all tests requiring authorization

This commit adds actor: system_actor to all Ash operations in tests that
require authorization.

test/support/fixtures.ex

@@ -9,6 +9,8 @@ defmodule Mv.Fixtures do
   @doc """
   Creates a member with default or custom attributes.
 
+  Uses system_actor for authorization to bypass permission checks in tests.
+
   ## Parameters
     - `attrs` - Map or keyword list of attributes to override defaults
 
@@ -25,13 +27,15 @@ defmodule Mv.Fixtures do
 
   """
   def member_fixture(attrs \\ %{}) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
     attrs
     |> Enum.into(%{
       first_name: "Test",
       last_name: "Member",
       email: "test#{System.unique_integer([:positive])}@example.com"
     })
-    |> Mv.Membership.create_member()
+    |> Mv.Membership.create_member(actor: system_actor)
     |> case do
       {:ok, member} -> member
       {:error, error} -> raise "Failed to create member: #{inspect(error)}"
@@ -41,6 +45,11 @@ defmodule Mv.Fixtures do
   @doc """
   Creates a user with default or custom attributes.
 
+  Uses system_actor for authorization to bypass permission checks in tests.
+
+  Note: create_user action should work via AshAuthentication bypass,
+  but we use system_actor for consistency and safety.
+
   ## Parameters
     - `attrs` - Map or keyword list of attributes to override defaults
 
@@ -57,11 +66,13 @@ defmodule Mv.Fixtures do
 
   """
   def user_fixture(attrs \\ %{}) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
     attrs
     |> Enum.into(%{
       email: "user#{System.unique_integer([:positive])}@example.com"
     })
-    |> Mv.Accounts.create_user()
+    |> Mv.Accounts.create_user(actor: system_actor)
     |> case do
       {:ok, user} -> user
       {:error, error} -> raise "Failed to create user: #{inspect(error)}"
@@ -97,6 +108,8 @@ defmodule Mv.Fixtures do
   @doc """
   Creates a role with a specific permission set.
 
+  Uses system_actor for authorization to bypass permission checks in tests.
+
   ## Parameters
     - `permission_set_name` - The permission set name (e.g., "admin", "read_only", "normal_user", "own_data")
 
@@ -110,13 +123,17 @@ defmodule Mv.Fixtures do
 
   """
   def role_fixture(permission_set_name) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
     role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
 
-    case Mv.Authorization.create_role(%{
-           name: role_name,
-           description: "Test role for #{permission_set_name}",
-           permission_set_name: permission_set_name
-         }) do
+    case Mv.Authorization.create_role(
+           %{
+             name: role_name,
+             description: "Test role for #{permission_set_name}",
+             permission_set_name: permission_set_name
+           },
+           actor: system_actor
+         ) do
       {:ok, role} -> role
       {:error, error} -> raise "Failed to create role: #{inspect(error)}"
     end
@@ -140,6 +157,8 @@ defmodule Mv.Fixtures do
 
   """
   def user_with_role_fixture(permission_set_name \\ "admin", user_attrs \\ %{}) do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
     # Create role with permission set
     role = role_fixture(permission_set_name)
 
@@ -149,14 +168,14 @@ defmodule Mv.Fixtures do
       |> Enum.into(%{
         email: "user#{System.unique_integer([:positive])}@example.com"
       })
-      |> Mv.Accounts.create_user()
+      |> Mv.Accounts.create_user(actor: system_actor)
 
     # Assign role to user
     {:ok, user} =
       user
       |> Ash.Changeset.for_update(:update, %{})
       |> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
-      |> Ash.update()
+      |> Ash.update(actor: system_actor)
 
     # Reload user with role preloaded (critical for authorization!)
     {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts)