local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

MembershipFeeCycle: own_data read :linked via bypass and HasPermission scope

Browse source 
- own_data gets read scope :linked; apply_scope in HasPermission; bypass check for own_data.
- PermissionSetsTest expects own_data :linked, others :all for MFC read.
This commit is contained in:
Moritz 2026-02-04 09:20:10 +01:00
parent 890a4d3752
commit 178f5a01c7
6 changed files with 140 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
test/mv/authorization/permission_sets_test.exs
View file

@ -680,7 +680,7 @@ defmodule Mv.Authorization.PermissionSetsTest do
end
describe "get_permissions/1 - MembershipFeeCycle resource" do
test "all permission sets have MembershipFeeCycle read with scope :all" do
test "all permission sets have MembershipFeeCycle read; own_data uses :linked, others :all" do
for set <- PermissionSets.all_permission_sets() do
permissions = PermissionSets.get_permissions(set)
@ -690,8 +690,12 @@ defmodule Mv.Authorization.PermissionSetsTest do
end)
assert mfc_read != nil, "Permission set #{set} should have MembershipFeeCycle read"
assert mfc_read.scope == :all
assert mfc_read.granted == true
expected_scope = if set == :own_data, do: :linked, else: :all
assert mfc_read.scope == expected_scope,
"Permission set #{set} should have MembershipFeeCycle read scope #{expected_scope}, got #{mfc_read.scope}"
end
end