Add Member LiveView authorization tests

Covers read_only, normal_user, admin, own_data for Index and Show.
Asserts New Member / Edit / Delete visibility and redirect for Mitglied.

test/mv_web/live/member_live_authorization_test.exs

@@ -0,0 +1,106 @@
+defmodule MvWeb.MemberLiveAuthorizationTest do
+  @moduledoc """
+  Tests for UI authorization on Member LiveViews (Index and Show).
+  """
+  use MvWeb.ConnCase, async: false
+
+  import Phoenix.LiveViewTest
+
+  alias Mv.Fixtures
+
+  # Use literal strings for button/link text (matches default Gettext locale)
+  @new_member_text "New Member"
+  @edit_member_text "Edit Member"
+
+  describe "Member Index - Vorstand (read_only)" do
+    @tag role: :read_only
+    test "sees member list but not New Member button", %{conn: conn} do
+      _member = Fixtures.member_fixture()
+
+      {:ok, _view, html} = live(conn, "/members")
+
+      refute html =~ @new_member_text
+    end
+
+    @tag role: :read_only
+    test "does not see Edit or Delete buttons in table", %{conn: conn} do
+      member = Fixtures.member_fixture()
+
+      {:ok, view, _html} = live(conn, "/members")
+
+      refute has_element?(view, "a[href=\"/members/#{member.id}/edit\"]")
+      refute has_element?(view, "a[phx-click*='delete']")
+    end
+  end
+
+  describe "Member Index - Kassenwart (normal_user)" do
+    @tag role: :normal_user
+    test "sees New Member and Edit buttons", %{conn: conn} do
+      member = Fixtures.member_fixture()
+
+      {:ok, view, html} = live(conn, "/members")
+
+      assert html =~ @new_member_text
+      assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]")
+    end
+
+    @tag role: :normal_user
+    test "does not see Delete button", %{conn: conn} do
+      _member = Fixtures.member_fixture()
+
+      {:ok, view, _html} = live(conn, "/members")
+
+      refute has_element?(view, "a[phx-click*='delete']")
+    end
+  end
+
+  describe "Member Index - Admin" do
+    @tag role: :admin
+    test "sees New Member, Edit and Delete buttons", %{conn: conn} do
+      member = Fixtures.member_fixture()
+
+      {:ok, view, html} = live(conn, "/members")
+
+      assert html =~ @new_member_text
+      assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]")
+      assert has_element?(view, "a[phx-click*='delete']")
+    end
+  end
+
+  describe "Member Index - Mitglied (own_data)" do
+    @tag role: :member
+    test "is redirected when accessing /members", %{conn: conn, current_user: user} do
+      assert {:error, {:redirect, %{to: to}}} = live(conn, "/members")
+      assert to == "/users/#{user.id}"
+    end
+  end
+
+  describe "Member Show - Edit button visibility" do
+    @tag role: :admin
+    test "admin sees Edit button", %{conn: conn} do
+      member = Fixtures.member_fixture()
+
+      {:ok, _view, html} = live(conn, "/members/#{member.id}")
+
+      assert html =~ @edit_member_text
+    end
+
+    @tag role: :read_only
+    test "read_only does not see Edit button", %{conn: conn} do
+      member = Fixtures.member_fixture()
+
+      {:ok, _view, html} = live(conn, "/members/#{member.id}")
+
+      refute html =~ @edit_member_text
+    end
+
+    @tag role: :normal_user
+    test "normal_user sees Edit button", %{conn: conn} do
+      member = Fixtures.member_fixture()
+
+      {:ok, _view, html} = live(conn, "/members/#{member.id}")
+
+      assert html =~ @edit_member_text
+    end
+  end
+end