Merge branch 'main' into feature/export_csv

2026-02-06 08:02:05 +01:00 · 2026-02-06 08:02:05 +01:00 · 36e57b24be
commit 36e57b24be
parent 8e387d8e17 cc02748cc6
102 changed files with 5332 additions and 1219 deletions
--- a/test/mv_web/components/layouts/sidebar_test.exs
+++ b/test/mv_web/components/layouts/sidebar_test.exs
@ -22,9 +22,14 @@ defmodule MvWeb.Layouts.SidebarTest do
  # =============================================================================

  # Returns assigns for an authenticated user with all required attributes.
+  # User has admin role so can_access_page? returns true for all sidebar links.
  defp authenticated_assigns(mobile \\ false) do
    %{
-      current_user: %{id: "user-123", email: "test@example.com"},
+      current_user: %{
+        id: "user-123",
+        email: "test@example.com",
+        role: %{permission_set_name: "admin"}
+      },
      club_name: "Test Club",
      mobile: mobile
    }
@ -144,7 +149,9 @@ defmodule MvWeb.Layouts.SidebarTest do
      assert menu_item_count > 0, "Should have at least one top-level menu item"

      # Check that nested menu groups exist
-      assert html =~ ~s(<li role="none" class="expanded-menu-group">)
+      assert html =~
+               ~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
+
      assert html =~ ~s(role="group")
      assert has_class?(html, "expanded-menu-group")

@ -193,7 +200,9 @@ defmodule MvWeb.Layouts.SidebarTest do
      html = render_sidebar(authenticated_assigns())

      # Check for nested menu structure
-      assert html =~ ~s(<li role="none" class="expanded-menu-group">)
+      assert html =~
+               ~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
+
      assert html =~ ~s(role="group")
      assert html =~ ~s(aria-label="Administration")
      assert has_class?(html, "expanded-menu-group")
@ -521,7 +530,9 @@ defmodule MvWeb.Layouts.SidebarTest do
      assert html =~ ~s(role="menuitem")

      # Check that nested menus exist
-      assert html =~ ~s(<li role="none" class="expanded-menu-group">)
+      assert html =~
+               ~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
+
      assert html =~ ~s(role="group")

      # Footer section
@ -629,7 +640,9 @@ defmodule MvWeb.Layouts.SidebarTest do
      html = render_sidebar(authenticated_assigns())

      # expanded-menu-group structure present
-      assert html =~ ~s(<li role="none" class="expanded-menu-group">)
+      assert html =~
+               ~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
+
      assert html =~ ~s(role="group")
      assert html =~ ~s(aria-label="Administration")
      assert has_class?(html, "expanded-menu-group")
@ -843,7 +856,9 @@ defmodule MvWeb.Layouts.SidebarTest do

      # Expanded menu group should have correct structure
      # (CSS handles hover effects, but we verify structure)
-      assert html =~ ~s(<li role="none" class="expanded-menu-group">)
+      assert html =~
+               ~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
+
      assert html =~ ~s(role="group")
    end

--- a/test/mv_web/components/sidebar_authorization_test.exs
+++ b/test/mv_web/components/sidebar_authorization_test.exs
@ -0,0 +1,120 @@
+defmodule MvWeb.SidebarAuthorizationTest do
+  @moduledoc """
+  Tests for sidebar menu visibility based on user permissions (can_access_page?).
+  """
+  use MvWeb.ConnCase, async: false
+
+  import Phoenix.LiveViewTest
+  import MvWeb.Layouts.Sidebar
+
+  alias Mv.Fixtures
+
+  defp render_sidebar(assigns) do
+    render_component(&sidebar/1, assigns)
+  end
+
+  defp sidebar_assigns(current_user, opts \\ []) do
+    mobile = Keyword.get(opts, :mobile, false)
+    club_name = Keyword.get(opts, :club_name, "Test Club")
+
+    %{
+      current_user: current_user,
+      club_name: club_name,
+      mobile: mobile
+    }
+  end
+
+  describe "sidebar menu with admin user" do
+    test "shows Members, Fee Types and Administration with all subitems" do
+      user = Fixtures.user_with_role_fixture("admin")
+      html = render_sidebar(sidebar_assigns(user))
+
+      assert html =~ ~s(href="/members")
+      assert html =~ ~s(href="/membership_fee_types")
+      assert html =~ ~s(data-testid="sidebar-administration")
+      assert html =~ ~s(href="/users")
+      assert html =~ ~s(href="/groups")
+      assert html =~ ~s(href="/admin/roles")
+      assert html =~ ~s(href="/membership_fee_settings")
+      assert html =~ ~s(href="/settings")
+    end
+  end
+
+  describe "sidebar menu with read_only user (Vorstand/Buchhaltung)" do
+    test "shows Members and Groups (from Administration)" do
+      user = Fixtures.user_with_role_fixture("read_only")
+      html = render_sidebar(sidebar_assigns(user))
+
+      assert html =~ ~s(href="/members")
+      assert html =~ ~s(href="/groups")
+    end
+
+    test "does not show Fee Types, Users, Roles or Settings" do
+      user = Fixtures.user_with_role_fixture("read_only")
+      html = render_sidebar(sidebar_assigns(user))
+
+      refute html =~ ~s(href="/membership_fee_types")
+      refute html =~ ~s(href="/users")
+      refute html =~ ~s(href="/admin/roles")
+      refute html =~ ~s(href="/settings")
+    end
+  end
+
+  describe "sidebar menu with normal_user (Kassenwart)" do
+    test "shows Members and Groups" do
+      user = Fixtures.user_with_role_fixture("normal_user")
+      html = render_sidebar(sidebar_assigns(user))
+
+      assert html =~ ~s(href="/members")
+      assert html =~ ~s(href="/groups")
+    end
+
+    test "does not show Fee Types, Users, Roles or Settings" do
+      user = Fixtures.user_with_role_fixture("normal_user")
+      html = render_sidebar(sidebar_assigns(user))
+
+      refute html =~ ~s(href="/membership_fee_types")
+      refute html =~ ~s(href="/users")
+      refute html =~ ~s(href="/admin/roles")
+      refute html =~ ~s(href="/settings")
+    end
+  end
+
+  describe "sidebar menu with own_data user (Mitglied)" do
+    test "does not show Members link (no /members page access)" do
+      user = Fixtures.user_with_role_fixture("own_data")
+      html = render_sidebar(sidebar_assigns(user))
+
+      refute html =~ ~s(href="/members")
+    end
+
+    test "does not show Fee Types or Administration" do
+      user = Fixtures.user_with_role_fixture("own_data")
+      html = render_sidebar(sidebar_assigns(user))
+
+      refute html =~ ~s(href="/membership_fee_types")
+      refute html =~ ~s(href="/users")
+      refute html =~ ~s(data-testid="sidebar-administration")
+    end
+  end
+
+  describe "sidebar with nil current_user" do
+    test "does not render menu items (only header and footer when present)" do
+      html = render_sidebar(sidebar_assigns(nil))
+
+      refute html =~ ~s(role="menubar")
+      refute html =~ ~s(href="/members")
+    end
+  end
+
+  describe "sidebar with user without role" do
+    test "does not show any navigation links" do
+      user = %{id: "user-no-role", email: "noreply@test.com", role: nil}
+      html = render_sidebar(sidebar_assigns(user))
+
+      refute html =~ ~s(href="/members")
+      refute html =~ ~s(href="/membership_fee_types")
+      refute html =~ ~s(href="/users")
+    end
+  end
+end