From 5e361ba4006f2d9cf776eb9ab7992a68b211fdc6 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:30 +0100 Subject: [PATCH] Add Member LiveView authorization tests Covers read_only, normal_user, admin, own_data for Index and Show. Asserts New Member / Edit / Delete visibility and redirect for Mitglied. --- .../live/member_live_authorization_test.exs | 106 ++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 test/mv_web/live/member_live_authorization_test.exs diff --git a/test/mv_web/live/member_live_authorization_test.exs b/test/mv_web/live/member_live_authorization_test.exs new file mode 100644 index 0000000..c8d02b8 --- /dev/null +++ b/test/mv_web/live/member_live_authorization_test.exs @@ -0,0 +1,106 @@ +defmodule MvWeb.MemberLiveAuthorizationTest do + @moduledoc """ + Tests for UI authorization on Member LiveViews (Index and Show). + """ + use MvWeb.ConnCase, async: false + + import Phoenix.LiveViewTest + + alias Mv.Fixtures + + # Use literal strings for button/link text (matches default Gettext locale) + @new_member_text "New Member" + @edit_member_text "Edit Member" + + describe "Member Index - Vorstand (read_only)" do + @tag role: :read_only + test "sees member list but not New Member button", %{conn: conn} do + _member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members") + + refute html =~ @new_member_text + end + + @tag role: :read_only + test "does not see Edit or Delete buttons in table", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, view, _html} = live(conn, "/members") + + refute has_element?(view, "a[href=\"/members/#{member.id}/edit\"]") + refute has_element?(view, "a[phx-click*='delete']") + end + end + + describe "Member Index - Kassenwart (normal_user)" do + @tag role: :normal_user + test "sees New Member and Edit buttons", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, view, html} = live(conn, "/members") + + assert html =~ @new_member_text + assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]") + end + + @tag role: :normal_user + test "does not see Delete button", %{conn: conn} do + _member = Fixtures.member_fixture() + + {:ok, view, _html} = live(conn, "/members") + + refute has_element?(view, "a[phx-click*='delete']") + end + end + + describe "Member Index - Admin" do + @tag role: :admin + test "sees New Member, Edit and Delete buttons", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, view, html} = live(conn, "/members") + + assert html =~ @new_member_text + assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]") + assert has_element?(view, "a[phx-click*='delete']") + end + end + + describe "Member Index - Mitglied (own_data)" do + @tag role: :member + test "is redirected when accessing /members", %{conn: conn, current_user: user} do + assert {:error, {:redirect, %{to: to}}} = live(conn, "/members") + assert to == "/users/#{user.id}" + end + end + + describe "Member Show - Edit button visibility" do + @tag role: :admin + test "admin sees Edit button", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members/#{member.id}") + + assert html =~ @edit_member_text + end + + @tag role: :read_only + test "read_only does not see Edit button", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members/#{member.id}") + + refute html =~ @edit_member_text + end + + @tag role: :normal_user + test "normal_user sees Edit button", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members/#{member.id}") + + assert html =~ @edit_member_text + end + end +end