fix: add actor and domain parameters to user count functions in Show

Add actor and domain parameters to recalculate_user_count and
load_user_count to ensure consistent authorization. Clarify that
load_user_count is for initial display while recalculate_user_count
is for fresh count before deletion.

lib/mv_web/live/role_live/show.ex

@@ -27,10 +27,10 @@ defmodule MvWeb.RoleLive.Show do
              domain: Mv.Authorization,
              actor: socket.assigns[:current_user]
            ) do
-        {:ok, role} ->
+      {:ok, role} ->
-          user_count = load_user_count(role)
+        user_count = load_user_count(role, socket.assigns[:current_user])
 
-          {:ok,
+        {:ok,
            socket
            |> assign(:page_title, gettext("Show Role"))
            |> assign(:role, role)
@@ -99,7 +99,7 @@ defmodule MvWeb.RoleLive.Show do
          gettext("System roles cannot be deleted.")
        )}
     else
-      user_count = recalculate_user_count(role)
+      user_count = recalculate_user_count(role, socket.assigns.current_user)
 
       if user_count > 0 do
         {:noreply,
@@ -137,15 +137,20 @@ defmodule MvWeb.RoleLive.Show do
     end
   end
 
-  defp recalculate_user_count(role) do
+  # Recalculates user count for a specific role (used before deletion)
-    case Ash.count(Accounts.User |> Ash.Query.filter(role_id == ^role.id)) do
+  defp recalculate_user_count(role, actor) do
+    opts = [domain: Mv.Accounts]
+    opts = if actor, do: Keyword.put(opts, :actor, actor), else: opts
+
+    case Ash.count(Accounts.User |> Ash.Query.filter(role_id == ^role.id), opts) do
       {:ok, count} -> count
       _ -> 0
     end
   end
 
-  defp load_user_count(role) do
+  # Loads user count for initial display (uses same logic as recalculate)
-    recalculate_user_count(role)
+  defp load_user_count(role, actor) do
+    recalculate_user_count(role, actor)
   end
 
   @impl true