From 28526deb9c1a19f0780af03b7c6057b02ecd7106 Mon Sep 17 00:00:00 2001 From: Moritz Date: Thu, 22 Jan 2026 21:36:16 +0100 Subject: [PATCH] Replace for comprehension with explicit describe blocks Fix Credo parsing error by removing for comprehension. Duplicate tests for own_data, read_only, normal_user sets. --- test/mv/accounts/user_policies_test.exs | 37 +++++++++++-------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/test/mv/accounts/user_policies_test.exs b/test/mv/accounts/user_policies_test.exs index 03062d9..50fdc46 100644 --- a/test/mv/accounts/user_policies_test.exs +++ b/test/mv/accounts/user_policies_test.exs @@ -60,15 +60,20 @@ defmodule Mv.Accounts.UserPoliciesTest do create_user_with_permission_set("own_data") end + # Shared test setup for permission sets with scope :own access + defp setup_user_with_own_access(permission_set) do + user = create_user_with_permission_set(permission_set) + other_user = create_other_user() + + # Reload user to ensure role is preloaded + {:ok, user} = Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role]) + + %{user: user, other_user: other_user} + end + describe "own_data permission set (Mitglied)" do setup do - user = create_user_with_permission_set("own_data") - other_user = create_other_user() - - # Reload user to ensure role is preloaded - {:ok, user} = Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role]) - - %{user: user, other_user: other_user} + setup_user_with_own_access("own_data") end test "can read own user record", %{user: user} do @@ -136,13 +141,7 @@ defmodule Mv.Accounts.UserPoliciesTest do describe "read_only permission set (Vorstand/Buchhaltung)" do setup do - user = create_user_with_permission_set("read_only") - other_user = create_other_user() - - # Reload user to ensure role is preloaded - {:ok, user} = Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role]) - - %{user: user, other_user: other_user} + setup_user_with_own_access("read_only") end test "can read own user record", %{user: user} do @@ -169,6 +168,7 @@ defmodule Mv.Accounts.UserPoliciesTest do } do # Note: With auto_filter policies, when a user tries to read a user that doesn't # match the filter (id == actor.id), Ash returns NotFound, not Forbidden. + # This is the expected behavior - the filter makes the record "invisible" to the user. assert_raise Ash.Error.Invalid, fn -> Ash.get!(Accounts.User, other_user.id, actor: user, domain: Mv.Accounts) end @@ -209,13 +209,7 @@ defmodule Mv.Accounts.UserPoliciesTest do describe "normal_user permission set (Kassenwart)" do setup do - user = create_user_with_permission_set("normal_user") - other_user = create_other_user() - - # Reload user to ensure role is preloaded - {:ok, user} = Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role]) - - %{user: user, other_user: other_user} + setup_user_with_own_access("normal_user") end test "can read own user record", %{user: user} do @@ -242,6 +236,7 @@ defmodule Mv.Accounts.UserPoliciesTest do } do # Note: With auto_filter policies, when a user tries to read a user that doesn't # match the filter (id == actor.id), Ash returns NotFound, not Forbidden. + # This is the expected behavior - the filter makes the record "invisible" to the user. assert_raise Ash.Error.Invalid, fn -> Ash.get!(Accounts.User, other_user.id, actor: user, domain: Mv.Accounts) end