Refactor test setup: use global setup and fix MembershipFees domain alias

- Remove redundant setup blocks from member_live tests
- Add build_unauthenticated_conn helper for AuthController tests
- Add global setup in conn_case.ex

test/support/conn_case.ex

@@ -99,6 +99,7 @@ defmodule MvWeb.ConnCase do
   @doc """
   Signs in a user via OIDC and returns a connection with the user authenticated.
   By default creates a user with "user@example.com" for consistency.
+  The user will have an admin role for authorization.
   """
   def conn_with_oidc_user(conn, user_attrs \\ %{}) do
     # Ensure unique email for OIDC users
@@ -109,8 +110,22 @@ defmodule MvWeb.ConnCase do
       oidc_id: "oidc_#{unique_id}"
     }
 
+    # Create user using Ash.Seed (supports oidc_id)
     user = create_test_user(Map.merge(default_attrs, user_attrs))
-    sign_in_user_via_oidc(conn, user)
+
+    # Create admin role and assign it
+    admin_role = Mv.Fixtures.role_fixture("admin")
+
+    {:ok, user} =
+      user
+      |> Ash.Changeset.for_update(:update, %{})
+      |> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
+      |> Ash.update()
+
+    # Load role for authorization
+    user_with_role = Ash.load!(user, :role, domain: Mv.Accounts)
+
+    sign_in_user_via_oidc(conn, user_with_role)
   end
 
   @doc """
@@ -122,6 +137,15 @@ defmodule MvWeb.ConnCase do
     |> AshAuthentication.Plug.Helpers.store_in_session(user)
   end
 
+  @doc """
+  Creates a connection with an authenticated user that has an admin role.
+  This is useful for tests that need full access to resources.
+  """
+  def conn_with_admin_user(conn) do
+    admin_user = Mv.Fixtures.user_with_role_fixture("admin")
+    conn_with_password_user(conn, admin_user)
+  end
+
   setup tags do
     pid = Mv.DataCase.setup_sandbox(tags)
 
@@ -130,6 +154,11 @@ defmodule MvWeb.ConnCase do
     # to share the test's database connection in async tests
     conn = Plug.Conn.put_private(conn, :ecto_sandbox, pid)
 
-    {:ok, conn: conn}
+    # Create admin user with role for all tests (unless test overrides with its own user)
+    # This ensures all tests have an authenticated user with proper authorization
+    admin_user = Mv.Fixtures.user_with_role_fixture("admin")
+    authenticated_conn = conn_with_password_user(conn, admin_user)
+
+    {:ok, conn: authenticated_conn, current_user: admin_user}
   end
 end

test/support/fixtures.ex

@@ -93,4 +93,104 @@ defmodule Mv.Fixtures do
 
     {user, member}
   end
+
+  @doc """
+  Creates a role with a specific permission set.
+
+  ## Parameters
+    - `permission_set_name` - The permission set name (e.g., "admin", "read_only", "normal_user", "own_data")
+
+  ## Returns
+    - Role struct
+
+  ## Examples
+
+      iex> role_fixture("admin")
+      %Mv.Authorization.Role{permission_set_name: "admin", ...}
+
+  """
+  def role_fixture(permission_set_name) do
+    role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
+
+    case Mv.Authorization.create_role(%{
+           name: role_name,
+           description: "Test role for #{permission_set_name}",
+           permission_set_name: permission_set_name
+         }) do
+      {:ok, role} -> role
+      {:error, error} -> raise "Failed to create role: #{inspect(error)}"
+    end
+  end
+
+  @doc """
+  Creates a user with a specific permission set (role).
+
+  ## Parameters
+    - `permission_set_name` - The permission set name (e.g., "admin", "read_only", "normal_user", "own_data")
+    - `user_attrs` - Optional user attributes
+
+  ## Returns
+    - User struct with role preloaded
+
+  ## Examples
+
+      iex> admin_user = user_with_role_fixture("admin")
+      iex> admin_user.role.permission_set_name
+      "admin"
+
+  """
+  def user_with_role_fixture(permission_set_name \\ "admin", user_attrs \\ %{}) do
+    # Create role with permission set
+    role = role_fixture(permission_set_name)
+
+    # Create user
+    {:ok, user} =
+      user_attrs
+      |> Enum.into(%{
+        email: "user#{System.unique_integer([:positive])}@example.com"
+      })
+      |> Mv.Accounts.create_user()
+
+    # Assign role to user
+    {:ok, user} =
+      user
+      |> Ash.Changeset.for_update(:update, %{})
+      |> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
+      |> Ash.update()
+
+    # Reload user with role preloaded (critical for authorization!)
+    {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts)
+    user_with_role
+  end
+
+  @doc """
+  Creates a member with an actor (for use in tests with policies).
+
+  ## Parameters
+    - `attrs` - Map or keyword list of attributes to override defaults
+    - `actor` - The actor (user) to use for authorization
+
+  ## Returns
+    - Member struct
+
+  ## Examples
+
+      iex> admin = user_with_role_fixture("admin")
+      iex> member_fixture_with_actor(%{first_name: "Alice"}, admin)
+      %Mv.Membership.Member{first_name: "Alice", ...}
+
+  """
+  def member_fixture_with_actor(attrs \\ %{}, actor) do
+    attrs
+    |> Enum.into(%{
+      first_name: "Test",
+      last_name: "Member",
+      email: "test#{System.unique_integer([:positive])}@example.com"
+    })
+    |> Mv.Membership.create_member(actor: actor)
+    |> case do
+      {:ok, member} -> member
+      {:error, error} -> raise "Failed to create member: #{inspect(error)}"
+    end
+  end
 end