Fix test helpers: Use actor parameter correctly

test/mv/accounts/user_policies_test.exs

@@ -20,14 +20,17 @@ defmodule Mv.Accounts.UserPoliciesTest do
   end
 
   # Helper to create a role with a specific permission set
-  defp create_role_with_permission_set(permission_set_name) do
+  defp create_role_with_permission_set(permission_set_name, actor) do
     role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
 
-    case Authorization.create_role(%{
+    case Authorization.create_role(
+           %{
              name: role_name,
              description: "Test role for #{permission_set_name}",
              permission_set_name: permission_set_name
-         }) do
+           },
+           actor: actor
+         ) do
       {:ok, role} -> role
       {:error, error} -> raise "Failed to create role: #{inspect(error)}"
     end
@@ -37,7 +40,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
   # Returns user with role preloaded (required for authorization)
   defp create_user_with_permission_set(permission_set_name, actor) do
     # Create role with permission set
-    role = create_role_with_permission_set(permission_set_name)
+    role = create_role_with_permission_set(permission_set_name, actor)
 
     # Create user
     {:ok, user} =
@@ -340,10 +343,10 @@ defmodule Mv.Accounts.UserPoliciesTest do
   end
 
   describe "AshAuthentication bypass" do
-    test "register_with_password works without actor" do
+    test "register_with_password works with system actor" do
-      # Registration should work without actor (AshAuthentication bypass)
+      # Registration should work (AshAuthentication bypass in production)
       # Note: When directly calling Ash actions in tests, the AshAuthentication bypass
-      # may not be active, so we use system_actor
+      # may not be active, so we use system_actor to test the functionality
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       {:ok, user} =
@@ -358,9 +361,9 @@ defmodule Mv.Accounts.UserPoliciesTest do
     end
 
     test "register_with_rauthy works with OIDC user_info" do
-      # OIDC registration should work (AshAuthentication bypass)
+      # OIDC registration should work (AshAuthentication bypass in production)
       # Note: When directly calling Ash actions in tests, the AshAuthentication bypass
-      # may not be active, so we use system_actor
+      # may not be active, so we use system_actor to test the functionality
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       user_info = %{

test/mv/membership/member_policies_test.exs

@@ -22,14 +22,17 @@ defmodule Mv.Membership.MemberPoliciesTest do
   end
 
   # Helper to create a role with a specific permission set
-  defp create_role_with_permission_set(permission_set_name, _actor) do
+  defp create_role_with_permission_set(permission_set_name, actor) do
     role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
 
-    case Authorization.create_role(%{
+    case Authorization.create_role(
+           %{
              name: role_name,
              description: "Test role for #{permission_set_name}",
              permission_set_name: permission_set_name
-         }) do
+           },
+           actor: actor
+         ) do
       {:ok, role} -> role
       {:error, error} -> raise "Failed to create role: #{inspect(error)}"
     end

test/support/fixtures.ex

@@ -178,7 +178,7 @@ defmodule Mv.Fixtures do
       |> Ash.update(actor: system_actor)
 
     # Reload user with role preloaded (critical for authorization!)
-    {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts)
+    {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: system_actor)
     user_with_role
   end