diff --git a/test/mv/membership/member_policies_test.exs b/test/mv/membership/member_policies_test.exs index 30936fe..287d0bb 100644 --- a/test/mv/membership/member_policies_test.exs +++ b/test/mv/membership/member_policies_test.exs @@ -405,10 +405,21 @@ defmodule Mv.Membership.MemberPoliciesTest do end describe "member user link - only admin may set or change user link" do - test "normal_user can create member without :user argument", %{actor: _actor} do - normal_user = Mv.Fixtures.user_with_role_fixture("normal_user") - normal_user = Mv.Authorization.Actor.ensure_loaded(normal_user) + setup %{actor: actor} do + normal_user = + Mv.Fixtures.user_with_role_fixture("normal_user") + |> Mv.Authorization.Actor.ensure_loaded() + admin = + Mv.Fixtures.user_with_role_fixture("admin") + |> Mv.Authorization.Actor.ensure_loaded() + + unlinked_member = create_unlinked_member(actor) + + %{normal_user: normal_user, admin: admin, unlinked_member: unlinked_member} + end + + test "normal_user can create member without :user argument", %{normal_user: normal_user} do {:ok, member} = Membership.create_member( %{ @@ -425,12 +436,12 @@ defmodule Mv.Membership.MemberPoliciesTest do assert is_nil(member.user) end - test "normal_user cannot create member with :user argument (forbidden)", %{actor: _actor} do - normal_user = Mv.Fixtures.user_with_role_fixture("normal_user") - normal_user = Mv.Authorization.Actor.ensure_loaded(normal_user) - # Another user to try to link to - other_user = Mv.Fixtures.user_with_role_fixture("read_only") - other_user = Mv.Authorization.Actor.ensure_loaded(other_user) + test "normal_user cannot create member with :user argument (forbidden)", %{ + normal_user: normal_user + } do + other_user = + Mv.Fixtures.user_with_role_fixture("read_only") + |> Mv.Authorization.Actor.ensure_loaded() attrs = %{ first_name: "Linked", @@ -443,11 +454,10 @@ defmodule Mv.Membership.MemberPoliciesTest do Membership.create_member(attrs, actor: normal_user) end - test "normal_user can update member without :user argument", %{actor: actor} do - normal_user = Mv.Fixtures.user_with_role_fixture("normal_user") - normal_user = Mv.Authorization.Actor.ensure_loaded(normal_user) - unlinked_member = create_unlinked_member(actor) - + test "normal_user can update member without :user argument", %{ + normal_user: normal_user, + unlinked_member: unlinked_member + } do {:ok, updated} = Membership.update_member(unlinked_member, %{first_name: "UpdatedByNormal"}, actor: normal_user @@ -456,25 +466,24 @@ defmodule Mv.Membership.MemberPoliciesTest do assert updated.first_name == "UpdatedByNormal" end - test "normal_user cannot update member with :user argument (forbidden)", %{actor: actor} do - normal_user = Mv.Fixtures.user_with_role_fixture("normal_user") - normal_user = Mv.Authorization.Actor.ensure_loaded(normal_user) - other_user = Mv.Fixtures.user_with_role_fixture("own_data") - other_user = Mv.Authorization.Actor.ensure_loaded(other_user) - unlinked_member = create_unlinked_member(actor) + test "normal_user cannot update member with :user argument (forbidden)", %{ + normal_user: normal_user, + unlinked_member: unlinked_member + } do + other_user = + Mv.Fixtures.user_with_role_fixture("own_data") + |> Mv.Authorization.Actor.ensure_loaded() - # Passing :user in params tries to link member to other_user - only admin may do that params = %{first_name: unlinked_member.first_name, user: %{id: other_user.id}} assert {:error, %Ash.Error.Forbidden{}} = Membership.update_member(unlinked_member, params, actor: normal_user) end - test "admin can create member with :user argument", %{actor: _actor} do - admin = Mv.Fixtures.user_with_role_fixture("admin") - admin = Mv.Authorization.Actor.ensure_loaded(admin) - link_target = Mv.Fixtures.user_with_role_fixture("own_data") - link_target = Mv.Authorization.Actor.ensure_loaded(link_target) + test "admin can create member with :user argument", %{admin: admin} do + link_target = + Mv.Fixtures.user_with_role_fixture("own_data") + |> Mv.Authorization.Actor.ensure_loaded() attrs = %{ first_name: "AdminLinked", @@ -486,19 +495,20 @@ defmodule Mv.Membership.MemberPoliciesTest do {:ok, member} = Membership.create_member(attrs, actor: admin) assert member.first_name == "AdminLinked" - # Reload link_target to see the new member_id set by manage_relationship + {:ok, link_target} = Ash.get(Mv.Accounts.User, link_target.id, domain: Mv.Accounts, actor: admin) assert link_target.member_id == member.id end - test "admin can update member with :user argument (link)", %{actor: actor} do - admin = Mv.Fixtures.user_with_role_fixture("admin") - admin = Mv.Authorization.Actor.ensure_loaded(admin) - unlinked_member = create_unlinked_member(actor) - link_target = Mv.Fixtures.user_with_role_fixture("read_only") - link_target = Mv.Authorization.Actor.ensure_loaded(link_target) + test "admin can update member with :user argument (link)", %{ + admin: admin, + unlinked_member: unlinked_member + } do + link_target = + Mv.Fixtures.user_with_role_fixture("read_only") + |> Mv.Authorization.Actor.ensure_loaded() {:ok, updated} = Membership.update_member( @@ -508,7 +518,7 @@ defmodule Mv.Membership.MemberPoliciesTest do ) assert updated.id == unlinked_member.id - # Member should now be linked to link_target (user.member_id points to this member) + {:ok, reloaded_user} = Ash.get(Mv.Accounts.User, link_target.id, domain: Mv.Accounts,