fix: change creation of admin user
This commit is contained in:
parent
584442076e
commit
bc4bcd0089
GPG key ID:
40E7A58C4AA1EDB2
3 changed files with 69 additions and 20 deletions
|
|
@ -775,7 +775,7 @@ end
|
|||
### Test Data Management
|
||||
|
||||
**Seed Data:**
|
||||
- Admin user: `admin@mv.local` / `testpassword`
|
||||
- Admin user: `admin@localhost` / `testpassword` (configurable via `ADMIN_EMAIL` env var)
|
||||
- Sample members: Hans Müller, Greta Schmidt, Friedrich Wagner
|
||||
- Linked accounts: Maria Weber, Thomas Klein
|
||||
- CustomFieldValue types: String, Date, Boolean, Email
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ alias Mv.Authorization
|
|||
alias Mv.MembershipFees.MembershipFeeType
|
||||
alias Mv.MembershipFees.CycleGenerator
|
||||
|
||||
require Ash.Query
|
||||
|
||||
# Create example membership fee types
|
||||
for fee_type_attrs <- [
|
||||
%{
|
||||
|
|
@ -124,13 +126,10 @@ for attrs <- [
|
|||
)
|
||||
end
|
||||
|
||||
# Create admin user for testing
|
||||
admin_user =
|
||||
Accounts.create_user!(%{email: "admin@mv.local"}, upsert?: true, upsert_identity: :unique_email)
|
||||
|> Ash.Changeset.for_update(:admin_set_password, %{password: "testpassword"})
|
||||
|> Ash.update!()
|
||||
# Get admin email from environment variable or use default
|
||||
admin_email = System.get_env("ADMIN_EMAIL") || "admin@localhost"
|
||||
|
||||
# Create admin role and assign it to admin user
|
||||
# Create admin role (used for assigning to admin users)
|
||||
admin_role =
|
||||
case Authorization.list_roles() do
|
||||
{:ok, roles} ->
|
||||
|
|
@ -154,23 +153,53 @@ admin_role =
|
|||
nil
|
||||
end
|
||||
|
||||
# Assign admin role to admin user if role was created/found
|
||||
if admin_role do
|
||||
admin_user
|
||||
if is_nil(admin_role) do
|
||||
raise "Failed to create or find admin role. Cannot proceed with member seeding."
|
||||
end
|
||||
|
||||
# Assign admin role to user with ADMIN_EMAIL (if user exists)
|
||||
# This handles both existing users (e.g., from OIDC) and newly created users
|
||||
case Accounts.User
|
||||
|> Ash.Query.filter(email == ^admin_email)
|
||||
|> Ash.read_one(domain: Mv.Accounts) do
|
||||
{:ok, existing_admin_user} when not is_nil(existing_admin_user) ->
|
||||
# User already exists (e.g., via OIDC) - assign admin role
|
||||
existing_admin_user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :append_and_remove)
|
||||
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :replace)
|
||||
|> Ash.update!()
|
||||
|
||||
{:ok, nil} ->
|
||||
# User doesn't exist - create admin user with password
|
||||
Accounts.create_user!(%{email: admin_email}, upsert?: true, upsert_identity: :unique_email)
|
||||
|> Ash.Changeset.for_update(:admin_set_password, %{password: "testpassword"})
|
||||
|> Ash.update!()
|
||||
|> then(fn user ->
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, admin_role, type: :replace)
|
||||
|> Ash.update!()
|
||||
end)
|
||||
|
||||
{:error, error} ->
|
||||
raise "Failed to check for existing admin user: #{inspect(error)}"
|
||||
end
|
||||
|
||||
# Load admin user with role for use as actor in member operations
|
||||
# This ensures all member operations have proper authorization
|
||||
# If admin role creation failed, we cannot proceed with member operations
|
||||
admin_user_with_role =
|
||||
if admin_role do
|
||||
admin_user
|
||||
case Accounts.User
|
||||
|> Ash.Query.filter(email == ^admin_email)
|
||||
|> Ash.read_one(domain: Mv.Accounts) do
|
||||
{:ok, user} when not is_nil(user) ->
|
||||
user
|
||||
|> Ash.load!(:role)
|
||||
else
|
||||
raise "Failed to create or find admin role. Cannot proceed with member seeding."
|
||||
|
||||
{:ok, nil} ->
|
||||
raise "Admin user not found after creation/assignment"
|
||||
|
||||
{:error, error} ->
|
||||
raise "Failed to load admin user: #{inspect(error)}"
|
||||
end
|
||||
|
||||
# Load all membership fee types for assignment
|
||||
|
|
@ -598,7 +627,7 @@ IO.puts("📝 Created sample data:")
|
|||
IO.puts(" - Global settings: club_name = #{default_club_name}")
|
||||
IO.puts(" - Membership fee types: 4 types (Yearly, Half-yearly, Quarterly, Monthly)")
|
||||
IO.puts(" - Custom fields: 12 fields (String, Date, Boolean, Email, + 8 realistic fields)")
|
||||
IO.puts(" - Admin user: admin@mv.local (password: testpassword)")
|
||||
IO.puts(" - Admin user: #{admin_email} (password: testpassword)")
|
||||
IO.puts(" - Sample members: Hans, Greta, Friedrich")
|
||||
|
||||
IO.puts(
|
||||
|
|
|
|||
|
|
@ -73,6 +73,26 @@ defmodule Mv.Membership.MemberTest do
|
|||
end
|
||||
end
|
||||
|
||||
describe "Authorization" do
|
||||
@valid_attrs %{
|
||||
first_name: "John",
|
||||
last_name: "Doe",
|
||||
email: "john@example.com"
|
||||
}
|
||||
|
||||
test "user without role cannot create member" do
|
||||
# Create a user without a role
|
||||
user = Mv.Fixtures.user_fixture()
|
||||
# Ensure user has no role (nil role)
|
||||
user_without_role = %{user | role: nil}
|
||||
|
||||
# Attempt to create a member with user without role as actor
|
||||
# This should fail with Ash.Error.Forbidden containing a Policy error
|
||||
assert {:error, %Ash.Error.Forbidden{errors: [%Ash.Error.Forbidden.Policy{}]}} =
|
||||
Membership.create_member(@valid_attrs, actor: user_without_role)
|
||||
end
|
||||
end
|
||||
|
||||
# Helper function for error evaluation
|
||||
defp error_message(errors, field) do
|
||||
errors
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue