Fee settings and fee type form: pass actor for MembershipFeeType read

- membership_fee_settings_live: current_actor(socket), Ash.read! with actor
- membership_fee_type_live/form: Ash.get! with actor in mount
- check_page_permission_test: normal_user /groups/new and /groups/:slug/edit allowed
- membership_fee_type_live form_test: actor for Ash.read_one!/get!

lib/mv_web/live/membership_fee_settings_live.ex

@@ -8,17 +8,20 @@ defmodule MvWeb.MembershipFeeSettingsLive do
   """
   use MvWeb, :live_view
 
+  import MvWeb.LiveHelpers, only: [current_actor: 1]
+
   alias Mv.Membership
   alias Mv.MembershipFees.MembershipFeeType
 
   @impl true
   def mount(_params, _session, socket) do
+    actor = current_actor(socket)
     {:ok, settings} = Membership.get_settings()
 
     membership_fee_types =
       MembershipFeeType
       |> Ash.Query.sort(name: :asc)
-      |> Ash.read!()
+      |> Ash.read!(domain: Mv.MembershipFees, actor: actor)
 
     {:ok,
      socket

lib/mv_web/live/membership_fee_type_live/form.ex

@@ -200,10 +200,12 @@ defmodule MvWeb.MembershipFeeTypeLive.Form do
 
   @impl true
   def mount(params, _session, socket) do
+    actor = current_actor(socket)
+
     membership_fee_type =
       case params["id"] do
         nil -> nil
-        id -> Ash.get!(MembershipFeeType, id, domain: MembershipFees)
+        id -> Ash.get!(MembershipFeeType, id, domain: MembershipFees, actor: actor)
       end
 
     page_title =

test/mv_web/live/membership_fee_type_live/form_test.exs

@@ -50,7 +50,7 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do
   end
 
   describe "create form" do
-    test "creates new membership fee type", %{conn: conn} do
+    test "creates new membership fee type", %{conn: conn, user: user} do
       {:ok, view, _html} = live(conn, "/membership_fee_types/new")
 
       form_data = %{
@@ -67,12 +67,13 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do
 
       assert to == "/membership_fee_types"
 
-      # Verify type was created
+      # Verify type was created (use actor so read is authorized)
       type =
         MembershipFeeType
         |> Ash.Query.filter(name == "New Type")
-        |> Ash.read_one!()
+        |> Ash.read_one!(domain: Mv.MembershipFees, actor: user)
 
+      assert type != nil, "Expected membership fee type to be created"
       assert type.amount == Decimal.new("75.00")
       assert type.interval == :yearly
     end
@@ -140,7 +141,7 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do
       assert html =~ "3" || html =~ "members" || html =~ "Mitglieder"
     end
 
-    test "amount change can be confirmed", %{conn: conn} do
+    test "amount change can be confirmed", %{conn: conn, user: user} do
       fee_type = create_fee_type(%{amount: Decimal.new("50.00")})
 
       {:ok, view, _html} = live(conn, "/membership_fee_types/#{fee_type.id}/edit")
@@ -159,12 +160,17 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do
       |> form("#membership-fee-type-form", %{"membership_fee_type[amount]" => "75.00"})
       |> render_submit()
 
-      # Amount should be updated
-      updated_type = Ash.read_one!(MembershipFeeType |> Ash.Query.filter(id == ^fee_type.id))
+      # Amount should be updated (use actor so read is authorized)
+      updated_type =
+        MembershipFeeType
+        |> Ash.Query.filter(id == ^fee_type.id)
+        |> Ash.read_one!(domain: Mv.MembershipFees, actor: user)
+
+      assert updated_type != nil
       assert updated_type.amount == Decimal.new("75.00")
     end
 
-    test "amount change can be cancelled", %{conn: conn} do
+    test "amount change can be cancelled", %{conn: conn, user: user} do
       fee_type = create_fee_type(%{amount: Decimal.new("50.00")})
 
       {:ok, view, _html} = live(conn, "/membership_fee_types/#{fee_type.id}/edit")
@@ -178,8 +184,13 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do
       |> element("button[phx-click='cancel_amount_change']")
       |> render_click()
 
-      # Amount should remain unchanged
-      updated_type = Ash.read_one!(MembershipFeeType |> Ash.Query.filter(id == ^fee_type.id))
+      # Amount should remain unchanged (use actor so read is authorized)
+      updated_type =
+        MembershipFeeType
+        |> Ash.Query.filter(id == ^fee_type.id)
+        |> Ash.read_one!(domain: Mv.MembershipFees, actor: user)
+
+      assert updated_type != nil
       assert updated_type.amount == Decimal.new("50.00")
     end
 

test/mv_web/plugs/check_page_permission_test.exs

@@ -742,6 +742,18 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
       assert conn.status == 200
     end
 
+    @tag role: :normal_user
+    test "GET /groups/new returns 200", %{conn: conn} do
+      conn = get(conn, "/groups/new")
+      assert conn.status == 200
+    end
+
+    @tag role: :normal_user
+    test "GET /groups/:slug/edit returns 200", %{conn: conn, group_slug: slug} do
+      conn = get(conn, "/groups/#{slug}/edit")
+      assert conn.status == 200
+    end
+
     @tag role: :normal_user
     test "GET /members/:id/show/edit returns 200", %{conn: conn, member_id: id} do
       conn = get(conn, "/members/#{id}/show/edit")
@@ -830,22 +842,6 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
       assert redirected_to(conn) == "/users/#{user.id}"
     end
 
-    @tag role: :normal_user
-    test "GET /groups/new redirects to user profile", %{conn: conn, current_user: user} do
-      conn = get(conn, "/groups/new")
-      assert redirected_to(conn) == "/users/#{user.id}"
-    end
-
-    @tag role: :normal_user
-    test "GET /groups/:slug/edit redirects to user profile", %{
-      conn: conn,
-      current_user: user,
-      group_slug: slug
-    } do
-      conn = get(conn, "/groups/#{slug}/edit")
-      assert redirected_to(conn) == "/users/#{user.id}"
-    end
-
     @tag role: :normal_user
     test "GET /admin/roles redirects to user profile", %{conn: conn, current_user: user} do
       conn = get(conn, "/admin/roles")