test: update role tests for is_system_role API change
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Use Ash.Changeset.force_change_attribute to set is_system_role in tests since it's no longer settable via public API. Remove unused nil clause from error_message helper.
This commit is contained in:
parent
5f13901ca5
commit
3265468bd6
1 changed files with 10 additions and 14 deletions
|
|
@ -43,12 +43,16 @@ defmodule Mv.Authorization.RoleTest do
|
||||||
|
|
||||||
describe "system role deletion protection" do
|
describe "system role deletion protection" do
|
||||||
test "prevents deletion of system roles" do
|
test "prevents deletion of system roles" do
|
||||||
{:ok, system_role} =
|
# is_system_role is not settable via public API, so we use Ash.Changeset directly
|
||||||
Authorization.create_role(%{
|
changeset =
|
||||||
|
Mv.Authorization.Role
|
||||||
|
|> Ash.Changeset.for_create(:create_role, %{
|
||||||
name: "System Role",
|
name: "System Role",
|
||||||
permission_set_name: "own_data",
|
permission_set_name: "own_data"
|
||||||
is_system_role: true
|
|
||||||
})
|
})
|
||||||
|
|> Ash.Changeset.force_change_attribute(:is_system_role, true)
|
||||||
|
|
||||||
|
{:ok, system_role} = Ash.create(changeset)
|
||||||
|
|
||||||
assert {:error, %Ash.Error.Invalid{errors: errors}} =
|
assert {:error, %Ash.Error.Invalid{errors: errors}} =
|
||||||
Authorization.destroy_role(system_role)
|
Authorization.destroy_role(system_role)
|
||||||
|
|
@ -58,11 +62,11 @@ defmodule Mv.Authorization.RoleTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "allows deletion of non-system roles" do
|
test "allows deletion of non-system roles" do
|
||||||
|
# is_system_role defaults to false, so regular create works
|
||||||
{:ok, regular_role} =
|
{:ok, regular_role} =
|
||||||
Authorization.create_role(%{
|
Authorization.create_role(%{
|
||||||
name: "Regular Role",
|
name: "Regular Role",
|
||||||
permission_set_name: "read_only",
|
permission_set_name: "read_only"
|
||||||
is_system_role: false
|
|
||||||
})
|
})
|
||||||
|
|
||||||
assert :ok = Authorization.destroy_role(regular_role)
|
assert :ok = Authorization.destroy_role(regular_role)
|
||||||
|
|
@ -84,14 +88,6 @@ defmodule Mv.Authorization.RoleTest do
|
||||||
end
|
end
|
||||||
|
|
||||||
# Helper function for error evaluation
|
# Helper function for error evaluation
|
||||||
# When field is nil, returns first error message for errors without specific field
|
|
||||||
defp error_message(errors, nil) do
|
|
||||||
errors
|
|
||||||
|> Enum.reject(fn err -> Map.has_key?(err, :field) end)
|
|
||||||
|> Enum.map(&Map.get(&1, :message, ""))
|
|
||||||
|> List.first() || ""
|
|
||||||
end
|
|
||||||
|
|
||||||
defp error_message(errors, field) when is_atom(field) do
|
defp error_message(errors, field) when is_atom(field) do
|
||||||
errors
|
errors
|
||||||
|> Enum.filter(fn err -> Map.get(err, :field) == field end)
|
|> Enum.filter(fn err -> Map.get(err, :field) == field end)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue