Merge branch 'main' into feature/308-web-form
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
commit
28f97184b3
7 changed files with 44 additions and 141 deletions
|
|
@ -544,88 +544,9 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
|
|||
assert conn.status == 200
|
||||
end
|
||||
|
||||
# Full-router test: session may not preserve member_id; plug logic covered by unit test
|
||||
# "own_data user with linked member can access /members/:id/edit (plug direct call)".
|
||||
@tag role: :member
|
||||
@tag :skip
|
||||
test "GET /members/:id/edit (linked member edit) returns 200 when user has linked member", %{
|
||||
conn: conn,
|
||||
current_user: user
|
||||
} do
|
||||
member = Mv.Fixtures.member_fixture()
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
{:ok, user_after_update} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.force_set_argument(:member, %{id: member.id})
|
||||
|> Ash.update(actor: system_actor)
|
||||
|
||||
user_with_member =
|
||||
user_after_update
|
||||
|> Ash.load!([:role], domain: Mv.Accounts)
|
||||
|> Mv.Authorization.Actor.ensure_loaded()
|
||||
|> Map.put(:member_id, member.id)
|
||||
|
||||
conn = conn_with_password_user(conn, user_with_member)
|
||||
|
||||
conn = get(conn, "/members/#{member.id}/edit")
|
||||
assert conn.status == 200
|
||||
end
|
||||
|
||||
@tag role: :member
|
||||
@tag :skip
|
||||
test "GET /members/:id/show/edit (linked member show edit) returns 200 when user has linked member",
|
||||
%{
|
||||
conn: conn,
|
||||
current_user: user
|
||||
} do
|
||||
member = Mv.Fixtures.member_fixture()
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
{:ok, user_after_update} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.force_set_argument(:member, %{id: member.id})
|
||||
|> Ash.update(actor: system_actor)
|
||||
|
||||
user_with_member =
|
||||
user_after_update
|
||||
|> Ash.load!([:role], domain: Mv.Accounts)
|
||||
|> Mv.Authorization.Actor.ensure_loaded()
|
||||
|> Map.put(:member_id, member.id)
|
||||
|
||||
conn = conn_with_password_user(conn, user_with_member)
|
||||
|
||||
conn = get(conn, "/members/#{member.id}/show/edit")
|
||||
assert conn.status == 200
|
||||
end
|
||||
|
||||
# Skipped: MemberLive.Show requires membership fee cycle data; plug allows access
|
||||
# (page loads then LiveView may error).
|
||||
@tag role: :member
|
||||
@tag :skip
|
||||
test "GET /members/:id for linked member returns 200", %{conn: conn, current_user: user} do
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
member = Mv.Fixtures.member_fixture()
|
||||
|
||||
user =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update_user, %{})
|
||||
|> Ash.Changeset.force_set_argument(:member, %{id: member.id})
|
||||
|> Ash.update(actor: system_actor)
|
||||
|> case do
|
||||
{:ok, u} -> Ash.load!(u, :role, domain: Mv.Accounts, actor: system_actor)
|
||||
{:error, _} -> user
|
||||
end
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> MvWeb.ConnCase.conn_with_password_user(user)
|
||||
|> get("/members/#{member.id}")
|
||||
|
||||
assert conn.status == 200
|
||||
end
|
||||
# Linked-member access to /members/:id and edit routes: full-router tests are not feasible
|
||||
# (session does not preserve member_id after auth). Plug behavior is covered by the unit
|
||||
# tests "own_data user with linked member can access ... (plug direct call)" above.
|
||||
end
|
||||
|
||||
# read_only (Vorstand/Buchhaltung): allowed /, /members, /members/:id, /groups, /groups/:slug
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue