From b9d68a3417636e8f418c570981626354efb98841 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Sat, 24 Jan 2026 01:42:18 +0100
Subject: [PATCH] Fix test helpers: Use actor parameter correctly

---
 test/mv/accounts/user_policies_test.exs     | 27 ++++++++++++---------
 test/mv/membership/member_policies_test.exs | 15 +++++++-----
 test/support/fixtures.ex                    |  2 +-
 3 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/test/mv/accounts/user_policies_test.exs b/test/mv/accounts/user_policies_test.exs
index 3bbf54b..b7a0910 100644
--- a/test/mv/accounts/user_policies_test.exs
+++ b/test/mv/accounts/user_policies_test.exs
@@ -20,14 +20,17 @@ defmodule Mv.Accounts.UserPoliciesTest do
   end
 
   # Helper to create a role with a specific permission set
-  defp create_role_with_permission_set(permission_set_name) do
+  defp create_role_with_permission_set(permission_set_name, actor) do
     role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
 
-    case Authorization.create_role(%{
-           name: role_name,
-           description: "Test role for #{permission_set_name}",
-           permission_set_name: permission_set_name
-         }) do
+    case Authorization.create_role(
+           %{
+             name: role_name,
+             description: "Test role for #{permission_set_name}",
+             permission_set_name: permission_set_name
+           },
+           actor: actor
+         ) do
       {:ok, role} -> role
       {:error, error} -> raise "Failed to create role: #{inspect(error)}"
     end
@@ -37,7 +40,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
   # Returns user with role preloaded (required for authorization)
   defp create_user_with_permission_set(permission_set_name, actor) do
     # Create role with permission set
-    role = create_role_with_permission_set(permission_set_name)
+    role = create_role_with_permission_set(permission_set_name, actor)
 
     # Create user
     {:ok, user} =
@@ -340,10 +343,10 @@ defmodule Mv.Accounts.UserPoliciesTest do
   end
 
   describe "AshAuthentication bypass" do
-    test "register_with_password works without actor" do
-      # Registration should work without actor (AshAuthentication bypass)
+    test "register_with_password works with system actor" do
+      # Registration should work (AshAuthentication bypass in production)
       # Note: When directly calling Ash actions in tests, the AshAuthentication bypass
-      # may not be active, so we use system_actor
+      # may not be active, so we use system_actor to test the functionality
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       {:ok, user} =
@@ -358,9 +361,9 @@ defmodule Mv.Accounts.UserPoliciesTest do
     end
 
     test "register_with_rauthy works with OIDC user_info" do
-      # OIDC registration should work (AshAuthentication bypass)
+      # OIDC registration should work (AshAuthentication bypass in production)
       # Note: When directly calling Ash actions in tests, the AshAuthentication bypass
-      # may not be active, so we use system_actor
+      # may not be active, so we use system_actor to test the functionality
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       user_info = %{
diff --git a/test/mv/membership/member_policies_test.exs b/test/mv/membership/member_policies_test.exs
index cee8d97..0bbe1c1 100644
--- a/test/mv/membership/member_policies_test.exs
+++ b/test/mv/membership/member_policies_test.exs
@@ -22,14 +22,17 @@ defmodule Mv.Membership.MemberPoliciesTest do
   end
 
   # Helper to create a role with a specific permission set
-  defp create_role_with_permission_set(permission_set_name, _actor) do
+  defp create_role_with_permission_set(permission_set_name, actor) do
     role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
 
-    case Authorization.create_role(%{
-           name: role_name,
-           description: "Test role for #{permission_set_name}",
-           permission_set_name: permission_set_name
-         }) do
+    case Authorization.create_role(
+           %{
+             name: role_name,
+             description: "Test role for #{permission_set_name}",
+             permission_set_name: permission_set_name
+           },
+           actor: actor
+         ) do
       {:ok, role} -> role
       {:error, error} -> raise "Failed to create role: #{inspect(error)}"
     end
diff --git a/test/support/fixtures.ex b/test/support/fixtures.ex
index af67ffa..29726ef 100644
--- a/test/support/fixtures.ex
+++ b/test/support/fixtures.ex
@@ -178,7 +178,7 @@ defmodule Mv.Fixtures do
       |> Ash.update(actor: system_actor)
 
     # Reload user with role preloaded (critical for authorization!)
-    {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts)
+    {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: system_actor)
     user_with_role
   end