From 93e966bc6b2640d057ca8c8a546f162ccf8ffc51 Mon Sep 17 00:00:00 2001 From: Moritz Date: Sun, 25 Jan 2026 13:39:18 +0100 Subject: [PATCH] test: adapt tests for attribute-level default solution --- test/mv/accounts/user_policies_test.exs | 7 +++++- test/mv/helpers/system_actor_test.exs | 30 +++++++++++++++---------- test/seeds_test.exs | 14 +++++++----- test/support/data_case.ex | 6 +++-- 4 files changed, 37 insertions(+), 20 deletions(-) diff --git a/test/mv/accounts/user_policies_test.exs b/test/mv/accounts/user_policies_test.exs index e04213a..7676403 100644 --- a/test/mv/accounts/user_policies_test.exs +++ b/test/mv/accounts/user_policies_test.exs @@ -354,9 +354,14 @@ defmodule Mv.Accounts.UserPoliciesTest do }) |> Ash.Changeset.set_context(%{private: %{ash_authentication?: true}}) - {:ok, user} = Ash.create(changeset) + {:ok, user} = Ash.create(changeset, domain: Mv.Accounts) assert user.email + + # Verify that default "Mitglied" role was assigned + {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, authorize?: false) + assert user_with_role.role != nil + assert user_with_role.role.name == "Mitglied" end test "register_with_rauthy works without actor via AshAuthentication bypass" do diff --git a/test/mv/helpers/system_actor_test.exs b/test/mv/helpers/system_actor_test.exs index 77596f6..48e63f7 100644 --- a/test/mv/helpers/system_actor_test.exs +++ b/test/mv/helpers/system_actor_test.exs @@ -4,6 +4,8 @@ defmodule Mv.Helpers.SystemActorTest do """ use Mv.DataCase, async: false + import Ecto.Query + alias Mv.Helpers.SystemActor alias Mv.Authorization alias Mv.Accounts @@ -266,13 +268,15 @@ defmodule Mv.Helpers.SystemActorTest do describe "edge cases" do test "raises error if admin user has no role", %{admin_user: admin_user} do - system_actor = SystemActor.get_system_actor() + # Remove role from admin user by directly setting role_id to NULL in database + # (We can't use Ash because allow_nil? false prevents setting role_id to nil) + # Convert UUID to binary format for Postgrex + admin_user_id = Ecto.UUID.cast!(admin_user.id) - # Remove role from admin user - admin_user - |> Ash.Changeset.for_update(:update, %{}) - |> Ash.Changeset.manage_relationship(:role, nil, type: :append_and_remove) - |> Ash.update!(actor: system_actor) + Mv.Repo.update_all( + from(u in "users", where: u.id == type(^admin_user_id, :binary_id)), + set: [role_id: nil] + ) # Delete system user to force fallback system_actor = SystemActor.get_system_actor() @@ -369,13 +373,15 @@ defmodule Mv.Helpers.SystemActorTest do end test "raises error if system user has no role", %{system_user: system_user} do - system_actor = SystemActor.get_system_actor() + # Remove role from system user by directly setting role_id to NULL in database + # (We can't use Ash because allow_nil? false prevents setting role_id to nil) + # Convert UUID to binary format for Postgrex + system_user_id = Ecto.UUID.cast!(system_user.id) - # Remove role from system user - system_user - |> Ash.Changeset.for_update(:update, %{}) - |> Ash.Changeset.manage_relationship(:role, nil, type: :append_and_remove) - |> Ash.update!(actor: system_actor) + Mv.Repo.update_all( + from(u in "users", where: u.id == type(^system_user_id, :binary_id)), + set: [role_id: nil] + ) SystemActor.invalidate_cache() diff --git a/test/seeds_test.exs b/test/seeds_test.exs index 932f793..67b376e 100644 --- a/test/seeds_test.exs +++ b/test/seeds_test.exs @@ -126,7 +126,7 @@ defmodule Mv.SeedsTest do test "creates all 5 authorization roles with correct permission sets" do # Run seeds once for this test Code.eval_file("priv/repo/seeds.exs") - {:ok, roles} = Ash.read(Mv.Authorization.Role) + {:ok, roles} = Ash.read(Mv.Authorization.Role, domain: Mv.Authorization, authorize?: false) assert length(roles) >= 5, "Should have at least 5 roles" @@ -153,7 +153,7 @@ defmodule Mv.SeedsTest do {:ok, mitglied} = Mv.Authorization.Role |> Ash.Query.filter(name == "Mitglied") - |> Ash.read_one() + |> Ash.read_one(domain: Mv.Authorization, authorize?: false) assert mitglied.is_system_role == true end @@ -161,7 +161,7 @@ defmodule Mv.SeedsTest do test "all roles have valid permission_set_names" do Code.eval_file("priv/repo/seeds.exs") - {:ok, roles} = Ash.read(Mv.Authorization.Role) + {:ok, roles} = Ash.read(Mv.Authorization.Role, domain: Mv.Authorization, authorize?: false) valid_sets = Mv.Authorization.PermissionSets.all_permission_sets() @@ -238,10 +238,14 @@ defmodule Mv.SeedsTest do test "role creation is idempotent" do Code.eval_file("priv/repo/seeds.exs") - {:ok, roles_1} = Ash.read(Mv.Authorization.Role) + + {:ok, roles_1} = + Ash.read(Mv.Authorization.Role, domain: Mv.Authorization, authorize?: false) Code.eval_file("priv/repo/seeds.exs") - {:ok, roles_2} = Ash.read(Mv.Authorization.Role) + + {:ok, roles_2} = + Ash.read(Mv.Authorization.Role, domain: Mv.Authorization, authorize?: false) assert length(roles_1) == length(roles_2), "Role count should remain same after re-running seeds" diff --git a/test/support/data_case.ex b/test/support/data_case.ex index e39568b..630125c 100644 --- a/test/support/data_case.ex +++ b/test/support/data_case.ex @@ -31,7 +31,9 @@ defmodule Mv.DataCase do setup tags do Mv.DataCase.setup_sandbox(tags) - # Ensure "Mitglied" role exists for AssignDefaultRole to work in tests + # Ensure "Mitglied" role exists for default role assignment to work in tests + # Note: This runs in every test because each test runs in a sandboxed database. + # The check is fast (single query) and idempotent (skips if role exists). Mv.DataCase.ensure_default_role() :ok end @@ -49,7 +51,7 @@ defmodule Mv.DataCase do @doc """ Ensures the default "Mitglied" role exists in the test database. - This is necessary because AssignDefaultRole expects this role to exist. + This is necessary because the role_id attribute's default function expects this role to exist. Tests run in sandbox mode, so the role needs to be created for each test. """ def ensure_default_role do