local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Add Member LiveView authorization tests

Browse source 
Covers read_only, normal_user, admin, own_data for Index and Show.
Asserts New Member / Edit / Delete visibility and redirect for Mitglied.
This commit is contained in:
Moritz 2026-02-03 16:35:30 +01:00
parent f30ef4c145
commit d41252ce56
1 changed files with 106 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

106
test/mv_web/live/member_live_authorization_test.exs Normal file
View file

@ -0,0 +1,106 @@
defmodule MvWeb.MemberLiveAuthorizationTest do
@moduledoc """
Tests for UI authorization on Member LiveViews (Index and Show).
"""
use MvWeb.ConnCase, async: false
import Phoenix.LiveViewTest
alias Mv.Fixtures
# Use literal strings for button/link text (matches default Gettext locale)
@new_member_text "New Member"
@edit_member_text "Edit Member"
describe "Member Index - Vorstand (read_only)" do
@tag role: :read_only
test "sees member list but not New Member button", %{conn: conn} do
_member = Fixtures.member_fixture()
{:ok, _view, html} = live(conn, "/members")
refute html =~ @new_member_text
end
@tag role: :read_only
test "does not see Edit or Delete buttons in table", %{conn: conn} do
member = Fixtures.member_fixture()
{:ok, view, _html} = live(conn, "/members")
refute has_element?(view, "a[href=\"/members/#{member.id}/edit\"]")
refute has_element?(view, "a[phx-click*='delete']")
end
end
describe "Member Index - Kassenwart (normal_user)" do
@tag role: :normal_user
test "sees New Member and Edit buttons", %{conn: conn} do
member = Fixtures.member_fixture()
{:ok, view, html} = live(conn, "/members")
assert html =~ @new_member_text
assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]")
end
@tag role: :normal_user
test "does not see Delete button", %{conn: conn} do
_member = Fixtures.member_fixture()
{:ok, view, _html} = live(conn, "/members")
refute has_element?(view, "a[phx-click*='delete']")
end
end
describe "Member Index - Admin" do
@tag role: :admin
test "sees New Member, Edit and Delete buttons", %{conn: conn} do
member = Fixtures.member_fixture()
{:ok, view, html} = live(conn, "/members")
assert html =~ @new_member_text
assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]")
assert has_element?(view, "a[phx-click*='delete']")
end
end
describe "Member Index - Mitglied (own_data)" do
@tag role: :member
test "is redirected when accessing /members", %{conn: conn, current_user: user} do
assert {:error, {:redirect, %{to: to}}} = live(conn, "/members")
assert to == "/users/#{user.id}"
end
end
describe "Member Show - Edit button visibility" do
@tag role: :admin
test "admin sees Edit button", %{conn: conn} do
member = Fixtures.member_fixture()
{:ok, _view, html} = live(conn, "/members/#{member.id}")
assert html =~ @edit_member_text
end
@tag role: :read_only
test "read_only does not see Edit button", %{conn: conn} do
member = Fixtures.member_fixture()
{:ok, _view, html} = live(conn, "/members/#{member.id}")
refute html =~ @edit_member_text
end
@tag role: :normal_user
test "normal_user sees Edit button", %{conn: conn} do
member = Fixtures.member_fixture()
{:ok, _view, html} = live(conn, "/members/#{member.id}")
assert html =~ @edit_member_text
end
end
end