test: add Member resource policy tests

2026-01-08 21:03:17 +01:00 · 2026-01-08 21:03:17 +01:00 · f7cda66598
commit f7cda66598
parent 35aff50bea
3 changed files with 446 additions and 10 deletions
--- a/test/mv/authorization/checks/has_permission_integration_test.exs
+++ b/test/mv/authorization/checks/has_permission_integration_test.exs
@ -14,16 +14,22 @@ defmodule Mv.Authorization.Checks.HasPermissionIntegrationTest do
  alias Mv.Authorization.Checks.HasPermission

  # Helper to create mock actor with role
-  defp create_actor_with_role(permission_set_name) do
-    %{
+  defp create_actor_with_role(permission_set_name, opts \\ []) do
+    actor = %{
      id: "user-#{System.unique_integer([:positive])}",
      role: %{permission_set_name: permission_set_name}
    }
+
+    # Add member_id if provided (needed for :linked scope tests)
+    case Keyword.get(opts, :member_id) do
+      nil -> actor
+      member_id -> Map.put(actor, :member_id, member_id)
+    end
  end

  describe "Filter Expression Structure - :linked scope" do
    test "Member filter uses user.id relationship path" do
-      actor = create_actor_with_role("own_data")
+      actor = create_actor_with_role("own_data", member_id: "member-123")
      authorizer = create_authorizer(Mv.Membership.Member, :read)

      filter = HasPermission.auto_filter(actor, authorizer, [])
@ -37,7 +43,7 @@ defmodule Mv.Authorization.Checks.HasPermissionIntegrationTest do
    end

    test "CustomFieldValue filter uses member.user.id relationship path" do
-      actor = create_actor_with_role("own_data")
+      actor = create_actor_with_role("own_data", member_id: "member-123")
      authorizer = create_authorizer(Mv.Membership.CustomFieldValue, :read)

      filter = HasPermission.auto_filter(actor, authorizer, [])
@ -81,7 +87,10 @@ defmodule Mv.Authorization.Checks.HasPermissionIntegrationTest do
  defp create_authorizer(resource, action) do
    %Ash.Policy.Authorizer{
      resource: resource,
-      subject: %{action: %{name: action}}
+      subject: %{
+        action: %{type: action},
+        data: nil
+      }
    }
  end
 end
--- a/test/mv/authorization/checks/has_permission_test.exs
+++ b/test/mv/authorization/checks/has_permission_test.exs
@ -13,16 +13,25 @@ defmodule Mv.Authorization.Checks.HasPermissionTest do
  defp create_authorizer(resource, action) do
    %Ash.Policy.Authorizer{
      resource: resource,
-      subject: %{action: %{name: action}}
+      subject: %{
+        action: %{type: action},
+        data: nil
+      }
    }
  end

  # Helper to create actor with role
-  defp create_actor(id, permission_set_name) do
-    %{
+  defp create_actor(id, permission_set_name, opts \\ []) do
+    actor = %{
      id: id,
      role: %{permission_set_name: permission_set_name}
    }
+
+    # Add member_id if provided (needed for :linked scope tests)
+    case Keyword.get(opts, :member_id) do
+      nil -> actor
+      member_id -> Map.put(actor, :member_id, member_id)
+    end
  end

  describe "describe/1" do
@ -120,7 +129,7 @@ defmodule Mv.Authorization.Checks.HasPermissionTest do

  describe "auto_filter/3 - Scope :linked" do
    test "scope :linked for Member returns user_id filter" do
-      user = create_actor("user-123", "own_data")
+      user = create_actor("user-123", "own_data", member_id: "member-456")
      authorizer = create_authorizer(Mv.Membership.Member, :read)

      filter = HasPermission.auto_filter(user, authorizer, [])
@ -130,7 +139,7 @@ defmodule Mv.Authorization.Checks.HasPermissionTest do
    end

    test "scope :linked for CustomFieldValue returns member.user_id filter" do
-      user = create_actor("user-123", "own_data")
+      user = create_actor("user-123", "own_data", member_id: "member-456")
      authorizer = create_authorizer(Mv.Membership.CustomFieldValue, :update)

      filter = HasPermission.auto_filter(user, authorizer, [])