diff --git a/test/mv/accounts/user_policies_test.exs b/test/mv/accounts/user_policies_test.exs index 7676403..736b336 100644 --- a/test/mv/accounts/user_policies_test.exs +++ b/test/mv/accounts/user_policies_test.exs @@ -95,9 +95,10 @@ defmodule Mv.Accounts.UserPoliciesTest do test "can update own email", %{user: user} do new_email = "updated#{System.unique_integer([:positive])}@example.com" + # Non-admins use :update (email only); :update_user is admin-only (member link/unlink). {:ok, updated_user} = user - |> Ash.Changeset.for_update(:update_user, %{email: new_email}) + |> Ash.Changeset.for_update(:update, %{email: new_email}) |> Ash.update(actor: user) assert updated_user.email == Ash.CiString.new(new_email) @@ -118,7 +119,7 @@ defmodule Mv.Accounts.UserPoliciesTest do test "cannot update other users (returns forbidden)", %{user: user, other_user: other_user} do assert_raise Ash.Error.Forbidden, fn -> other_user - |> Ash.Changeset.for_update(:update_user, %{email: "hacked@example.com"}) + |> Ash.Changeset.for_update(:update, %{email: "hacked@example.com"}) |> Ash.update!(actor: user) end end @@ -163,9 +164,10 @@ defmodule Mv.Accounts.UserPoliciesTest do test "can update own email", %{user: user} do new_email = "updated#{System.unique_integer([:positive])}@example.com" + # Non-admins use :update (email only); :update_user is admin-only (member link/unlink). {:ok, updated_user} = user - |> Ash.Changeset.for_update(:update_user, %{email: new_email}) + |> Ash.Changeset.for_update(:update, %{email: new_email}) |> Ash.update(actor: user) assert updated_user.email == Ash.CiString.new(new_email) @@ -186,7 +188,7 @@ defmodule Mv.Accounts.UserPoliciesTest do test "cannot update other users (returns forbidden)", %{user: user, other_user: other_user} do assert_raise Ash.Error.Forbidden, fn -> other_user - |> Ash.Changeset.for_update(:update_user, %{email: "hacked@example.com"}) + |> Ash.Changeset.for_update(:update, %{email: "hacked@example.com"}) |> Ash.update!(actor: user) end end @@ -231,9 +233,10 @@ defmodule Mv.Accounts.UserPoliciesTest do test "can update own email", %{user: user} do new_email = "updated#{System.unique_integer([:positive])}@example.com" + # Non-admins use :update (email only); :update_user is admin-only (member link/unlink). {:ok, updated_user} = user - |> Ash.Changeset.for_update(:update_user, %{email: new_email}) + |> Ash.Changeset.for_update(:update, %{email: new_email}) |> Ash.update(actor: user) assert updated_user.email == Ash.CiString.new(new_email) @@ -254,7 +257,7 @@ defmodule Mv.Accounts.UserPoliciesTest do test "cannot update other users (returns forbidden)", %{user: user, other_user: other_user} do assert_raise Ash.Error.Forbidden, fn -> other_user - |> Ash.Changeset.for_update(:update_user, %{email: "hacked@example.com"}) + |> Ash.Changeset.for_update(:update, %{email: "hacked@example.com"}) |> Ash.update!(actor: user) end end