diff --git a/lib/mv_web/live/membership_fee_settings_live.ex b/lib/mv_web/live/membership_fee_settings_live.ex index a98ccdb..2b79c4e 100644 --- a/lib/mv_web/live/membership_fee_settings_live.ex +++ b/lib/mv_web/live/membership_fee_settings_live.ex @@ -8,17 +8,20 @@ defmodule MvWeb.MembershipFeeSettingsLive do """ use MvWeb, :live_view + import MvWeb.LiveHelpers, only: [current_actor: 1] + alias Mv.Membership alias Mv.MembershipFees.MembershipFeeType @impl true def mount(_params, _session, socket) do + actor = current_actor(socket) {:ok, settings} = Membership.get_settings() membership_fee_types = MembershipFeeType |> Ash.Query.sort(name: :asc) - |> Ash.read!() + |> Ash.read!(domain: Mv.MembershipFees, actor: actor) {:ok, socket diff --git a/lib/mv_web/live/membership_fee_type_live/form.ex b/lib/mv_web/live/membership_fee_type_live/form.ex index fc9ee65..6fe80a8 100644 --- a/lib/mv_web/live/membership_fee_type_live/form.ex +++ b/lib/mv_web/live/membership_fee_type_live/form.ex @@ -200,10 +200,12 @@ defmodule MvWeb.MembershipFeeTypeLive.Form do @impl true def mount(params, _session, socket) do + actor = current_actor(socket) + membership_fee_type = case params["id"] do nil -> nil - id -> Ash.get!(MembershipFeeType, id, domain: MembershipFees) + id -> Ash.get!(MembershipFeeType, id, domain: MembershipFees, actor: actor) end page_title = diff --git a/test/mv_web/live/membership_fee_type_live/form_test.exs b/test/mv_web/live/membership_fee_type_live/form_test.exs index f0a21c7..71edbba 100644 --- a/test/mv_web/live/membership_fee_type_live/form_test.exs +++ b/test/mv_web/live/membership_fee_type_live/form_test.exs @@ -50,7 +50,7 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do end describe "create form" do - test "creates new membership fee type", %{conn: conn} do + test "creates new membership fee type", %{conn: conn, user: user} do {:ok, view, _html} = live(conn, "/membership_fee_types/new") form_data = %{ @@ -67,12 +67,13 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do assert to == "/membership_fee_types" - # Verify type was created + # Verify type was created (use actor so read is authorized) type = MembershipFeeType |> Ash.Query.filter(name == "New Type") - |> Ash.read_one!() + |> Ash.read_one!(domain: Mv.MembershipFees, actor: user) + assert type != nil, "Expected membership fee type to be created" assert type.amount == Decimal.new("75.00") assert type.interval == :yearly end @@ -140,7 +141,7 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do assert html =~ "3" || html =~ "members" || html =~ "Mitglieder" end - test "amount change can be confirmed", %{conn: conn} do + test "amount change can be confirmed", %{conn: conn, user: user} do fee_type = create_fee_type(%{amount: Decimal.new("50.00")}) {:ok, view, _html} = live(conn, "/membership_fee_types/#{fee_type.id}/edit") @@ -159,12 +160,17 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do |> form("#membership-fee-type-form", %{"membership_fee_type[amount]" => "75.00"}) |> render_submit() - # Amount should be updated - updated_type = Ash.read_one!(MembershipFeeType |> Ash.Query.filter(id == ^fee_type.id)) + # Amount should be updated (use actor so read is authorized) + updated_type = + MembershipFeeType + |> Ash.Query.filter(id == ^fee_type.id) + |> Ash.read_one!(domain: Mv.MembershipFees, actor: user) + + assert updated_type != nil assert updated_type.amount == Decimal.new("75.00") end - test "amount change can be cancelled", %{conn: conn} do + test "amount change can be cancelled", %{conn: conn, user: user} do fee_type = create_fee_type(%{amount: Decimal.new("50.00")}) {:ok, view, _html} = live(conn, "/membership_fee_types/#{fee_type.id}/edit") @@ -178,8 +184,13 @@ defmodule MvWeb.MembershipFeeTypeLive.FormTest do |> element("button[phx-click='cancel_amount_change']") |> render_click() - # Amount should remain unchanged - updated_type = Ash.read_one!(MembershipFeeType |> Ash.Query.filter(id == ^fee_type.id)) + # Amount should remain unchanged (use actor so read is authorized) + updated_type = + MembershipFeeType + |> Ash.Query.filter(id == ^fee_type.id) + |> Ash.read_one!(domain: Mv.MembershipFees, actor: user) + + assert updated_type != nil assert updated_type.amount == Decimal.new("50.00") end diff --git a/test/mv_web/plugs/check_page_permission_test.exs b/test/mv_web/plugs/check_page_permission_test.exs index 4b2217c..2e33474 100644 --- a/test/mv_web/plugs/check_page_permission_test.exs +++ b/test/mv_web/plugs/check_page_permission_test.exs @@ -742,6 +742,18 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do assert conn.status == 200 end + @tag role: :normal_user + test "GET /groups/new returns 200", %{conn: conn} do + conn = get(conn, "/groups/new") + assert conn.status == 200 + end + + @tag role: :normal_user + test "GET /groups/:slug/edit returns 200", %{conn: conn, group_slug: slug} do + conn = get(conn, "/groups/#{slug}/edit") + assert conn.status == 200 + end + @tag role: :normal_user test "GET /members/:id/show/edit returns 200", %{conn: conn, member_id: id} do conn = get(conn, "/members/#{id}/show/edit") @@ -830,22 +842,6 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do assert redirected_to(conn) == "/users/#{user.id}" end - @tag role: :normal_user - test "GET /groups/new redirects to user profile", %{conn: conn, current_user: user} do - conn = get(conn, "/groups/new") - assert redirected_to(conn) == "/users/#{user.id}" - end - - @tag role: :normal_user - test "GET /groups/:slug/edit redirects to user profile", %{ - conn: conn, - current_user: user, - group_slug: slug - } do - conn = get(conn, "/groups/#{slug}/edit") - assert redirected_to(conn) == "/users/#{user.id}" - end - @tag role: :normal_user test "GET /admin/roles redirects to user profile", %{conn: conn, current_user: user} do conn = get(conn, "/admin/roles")