local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Tests: read_only/normal_user /users/:id, Ash.read! actor, Authorization own/other
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source 
- Integration: read_only and normal_user GET /users/:id (own) and edit/show/edit return 200
- Integration: read_only GET /users/:id (other) redirects
- Plug test: use group_fixture in setup instead of Ash.read!() without actor
- Authorization: tests for own/other profile and reserved 'new'
This commit is contained in:
Moritz 2026-01-30 10:22:34 +01:00
parent a1fe36b7f2
commit faee780aab
2 changed files with 106 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

79
test/mv_web/plugs/check_page_permission_test.exs
View file

@ -292,7 +292,14 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
setup %{conn: conn, current_user: current_user} do
member = Mv.Fixtures.member_fixture()
role = Mv.Fixtures.role_fixture("admin")
{:ok, conn: conn, current_user: current_user, member_id: member.id, role_id: role.id}
group = Mv.Fixtures.group_fixture()
{:ok,
conn: conn,
current_user: current_user,
member_id: member.id,
role_id: role.id,
group_slug: group.slug}
end
@tag role: :member
@ -364,11 +371,12 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
end
@tag role: :member
test "GET /groups/:slug redirects to user profile", %{conn: conn, current_user: user} do
group = Mv.Membership.Group |> Ash.Query.limit(1) |> Ash.read!() |> List.first()
if group,
do: assert(redirected_to(get(conn, "/groups/#{group.slug}")) == "/users/#{user.id}")
test "GET /groups/:slug redirects to user profile", %{
conn: conn,
current_user: user,
group_slug: slug
} do
assert redirected_to(get(conn, "/groups/#{slug}")) == "/users/#{user.id}"
end
@tag role: :member
@ -543,6 +551,27 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
conn = get(conn, "/groups/#{slug}")
assert conn.status == 200
end
@tag role: :read_only
test "GET /users/:id (own profile) returns 200", %{conn: conn, current_user: user} do
conn = get(conn, "/users/#{user.id}")
assert conn.status == 200
end
@tag role: :read_only
test "GET /users/:id/edit (own profile edit) returns 200", %{conn: conn, current_user: user} do
conn = get(conn, "/users/#{user.id}/edit")
assert conn.status == 200
end
@tag role: :read_only
test "GET /users/:id/show/edit (own profile show edit) returns 200", %{
conn: conn,
current_user: user
} do
conn = get(conn, "/users/#{user.id}/show/edit")
assert conn.status == 200
end
end
describe "integration: read_only denied paths via full router" do
@ -594,6 +623,17 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
assert redirected_to(conn) == "/users/#{user.id}"
end
@tag role: :read_only
test "GET /users/:id (other user) redirects to user profile", %{
conn: conn,
current_user: user,
role_id: _role_id
} do
other_user = Mv.Fixtures.user_with_role_fixture("admin")
conn = get(conn, "/users/#{other_user.id}")
assert redirected_to(conn) == "/users/#{user.id}"
end
@tag role: :read_only
test "GET /settings redirects to user profile", %{conn: conn, current_user: user} do
conn = get(conn, "/settings")
@ -701,6 +741,33 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
conn = get(conn, "/groups/#{slug}")
assert conn.status == 200
end
@tag role: :normal_user
test "GET /members/:id/show/edit returns 200", %{conn: conn, member_id: id} do
conn = get(conn, "/members/#{id}/show/edit")
assert conn.status == 200
end
@tag role: :normal_user
test "GET /users/:id (own profile) returns 200", %{conn: conn, current_user: user} do
conn = get(conn, "/users/#{user.id}")
assert conn.status == 200
end
@tag role: :normal_user
test "GET /users/:id/edit (own profile edit) returns 200", %{conn: conn, current_user: user} do
conn = get(conn, "/users/#{user.id}/edit")
assert conn.status == 200
end
@tag role: :normal_user
test "GET /users/:id/show/edit (own profile show edit) returns 200", %{
conn: conn,
current_user: user
} do
conn = get(conn, "/users/#{user.id}/show/edit")
assert conn.status == 200
end
end
describe "integration: normal_user denied paths via full router" do