Compare commits
1 commit
74f398e58e
...
b48529113c
| Author | SHA1 | Date | |
|---|---|---|---|
|
b48529113c |
26 changed files with 123 additions and 889 deletions
|
|
@ -273,7 +273,7 @@ environment:
|
|||
|
||||
steps:
|
||||
- name: renovate
|
||||
image: renovate/renovate:42.95
|
||||
image: renovate/renovate:42.81
|
||||
environment:
|
||||
RENOVATE_CONFIG_FILE: "renovate_backend_config.js"
|
||||
RENOVATE_TOKEN:
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ services:
|
|||
|
||||
rauthy:
|
||||
container_name: rauthy-dev
|
||||
image: ghcr.io/sebadob/rauthy:0.34.2
|
||||
image: ghcr.io/sebadob/rauthy:0.33.4
|
||||
environment:
|
||||
- LOCAL_TEST=true
|
||||
- SMTP_URL=mailcrab
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
2. **DB constraints** - Prevent duplicates within same table (users.email, members.email)
|
||||
3. **Custom validations** - Prevent cross-table conflicts only for linked entities
|
||||
4. **Sync is bidirectional**: User ↔ Member (but User always wins on link)
|
||||
5. **Linked member email change** - When a member is linked, only administrators or the linked user may change that member's email (Member resource validation `EmailChangePermission`). Because User.email wins on link and changes sync Member → User, allowing anyone to change a linked member's email would overwrite that user's account email; this rule keeps sync under control.
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ defmodule Mv.Membership.Member do
|
|||
- Postal code format: exactly 5 digits (German format)
|
||||
- Date validations: join_date not in future, exit_date after join_date
|
||||
- Email uniqueness: prevents conflicts with unlinked users
|
||||
- Linked member email change: only admins or the linked user may change a linked member's email (see `Mv.Membership.Member.Validations.EmailChangePermission`)
|
||||
|
||||
## Full-Text Search
|
||||
Members have a `search_vector` attribute (tsvector) that is automatically
|
||||
|
|
@ -382,9 +381,6 @@ defmodule Mv.Membership.Member do
|
|||
# Validates that member email is not already used by another (unlinked) user
|
||||
validate Mv.Membership.Member.Validations.EmailNotUsedByOtherUser
|
||||
|
||||
# Only admins or the linked user may change a linked member's email (prevents breaking sync)
|
||||
validate Mv.Membership.Member.Validations.EmailChangePermission, on: [:update]
|
||||
|
||||
# Prevent linking to a user that already has a member
|
||||
# This validation prevents "stealing" users from other members by checking
|
||||
# if the target user is already linked to a different member
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
defmodule Mv.Authorization.Actor do
|
||||
@moduledoc """
|
||||
Helper functions for ensuring User actors have required data loaded
|
||||
and for querying actor capabilities (e.g. admin, permission set).
|
||||
Helper functions for ensuring User actors have required data loaded.
|
||||
|
||||
## Actor Invariant
|
||||
|
||||
|
|
@ -28,11 +27,8 @@ defmodule Mv.Authorization.Actor do
|
|||
assign(socket, :current_user, user)
|
||||
end
|
||||
|
||||
# Check if actor is admin (policy checks, validations)
|
||||
if Actor.admin?(actor), do: ...
|
||||
|
||||
# Get permission set name (string or nil)
|
||||
ps_name = Actor.permission_set_name(actor)
|
||||
# In tests
|
||||
user = Actor.ensure_loaded(user)
|
||||
|
||||
## Security Note
|
||||
|
||||
|
|
@ -51,8 +47,6 @@ defmodule Mv.Authorization.Actor do
|
|||
|
||||
require Logger
|
||||
|
||||
alias Mv.Helpers.SystemActor
|
||||
|
||||
@doc """
|
||||
Ensures the actor (User) has their `:role` relationship loaded.
|
||||
|
||||
|
|
@ -102,45 +96,4 @@ defmodule Mv.Authorization.Actor do
|
|||
actor
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
Returns the actor's permission set name (string or atom) from their role, or nil.
|
||||
|
||||
Ensures role is loaded (including when role is nil). Supports both atom and
|
||||
string keys for session/socket assigns. Use for capability checks consistent
|
||||
with `ActorIsAdmin` and `HasPermission`.
|
||||
"""
|
||||
@spec permission_set_name(Mv.Accounts.User.t() | map() | nil) :: String.t() | atom() | nil
|
||||
def permission_set_name(nil), do: nil
|
||||
|
||||
def permission_set_name(actor) do
|
||||
actor = actor |> ensure_loaded() |> maybe_load_role()
|
||||
|
||||
get_in(actor, [Access.key(:role), Access.key(:permission_set_name)]) ||
|
||||
get_in(actor, [Access.key("role"), Access.key("permission_set_name")])
|
||||
end
|
||||
|
||||
@doc """
|
||||
Returns true if the actor is the system user or has the admin permission set.
|
||||
|
||||
Use for validations and policy checks that require admin capability (e.g.
|
||||
changing a linked member's email). Consistent with `ActorIsAdmin` policy check.
|
||||
"""
|
||||
@spec admin?(Mv.Accounts.User.t() | map() | nil) :: boolean()
|
||||
def admin?(nil), do: false
|
||||
|
||||
def admin?(actor) do
|
||||
SystemActor.system_user?(actor) or permission_set_name(actor) in ["admin", :admin]
|
||||
end
|
||||
|
||||
# Load role only when it is nil (e.g. actor from session without role). ensure_loaded/1
|
||||
# already handles %Ash.NotLoaded{}, so we do not double-load in the normal Ash path.
|
||||
defp maybe_load_role(%Mv.Accounts.User{role: nil} = user) do
|
||||
case Ash.load(user, :role, domain: Mv.Accounts, authorize?: false) do
|
||||
{:ok, loaded} -> loaded
|
||||
_ -> user
|
||||
end
|
||||
end
|
||||
|
||||
defp maybe_load_role(actor), do: actor
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,18 +1,22 @@
|
|||
defmodule Mv.Authorization.Checks.ActorIsAdmin do
|
||||
@moduledoc """
|
||||
Policy check: true when the actor is the system user or has permission_set_name "admin".
|
||||
Policy check: true when the actor's role has permission_set_name "admin".
|
||||
|
||||
Used to restrict actions (e.g. User.update_user for member link/unlink) to admins only.
|
||||
Delegates to `Mv.Authorization.Actor.admin?/1`, which returns true for the system actor
|
||||
or for a user whose role has permission_set_name "admin".
|
||||
"""
|
||||
use Ash.Policy.SimpleCheck
|
||||
|
||||
alias Mv.Authorization.Actor
|
||||
|
||||
@impl true
|
||||
def describe(_opts), do: "actor has admin permission set"
|
||||
|
||||
@impl true
|
||||
def match?(actor, _context, _opts), do: Actor.admin?(actor)
|
||||
def match?(nil, _context, _opts), do: false
|
||||
|
||||
def match?(actor, _context, _opts) do
|
||||
ps_name =
|
||||
get_in(actor, [Access.key(:role), Access.key(:permission_set_name)]) ||
|
||||
get_in(actor, [Access.key("role"), Access.key("permission_set_name")])
|
||||
|
||||
ps_name == "admin"
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -3,15 +3,13 @@ defmodule Mv.EmailSync.Loader do
|
|||
Helper functions for loading linked records in email synchronization.
|
||||
Centralizes the logic for retrieving related User/Member entities.
|
||||
|
||||
## Authorization-independent link checks
|
||||
## Authorization
|
||||
|
||||
All functions use the **system actor** for the load. Link existence
|
||||
(linked vs not linked) is therefore determined **independently of the
|
||||
current request actor**. This is required so that validations (e.g.
|
||||
`EmailChangePermission`, `EmailNotUsedByOtherUser`) can correctly decide
|
||||
"member is linked" even when the current user would not have read permission
|
||||
on the related User. Using the request actor would otherwise allow
|
||||
treating a linked member as unlinked and bypass the permission rule.
|
||||
This module runs systemically and uses the system actor for all operations.
|
||||
This ensures that email synchronization always works, regardless of user permissions.
|
||||
|
||||
All functions use `Mv.Helpers.SystemActor.get_system_actor/0` to bypass
|
||||
user permission checks, as email sync is a mandatory side effect.
|
||||
"""
|
||||
alias Mv.Helpers
|
||||
alias Mv.Helpers.SystemActor
|
||||
|
|
|
|||
|
|
@ -1,75 +0,0 @@
|
|||
defmodule Mv.Membership.Member.Validations.EmailChangePermission do
|
||||
@moduledoc """
|
||||
Validates that only admins or the linked user may change a linked member's email.
|
||||
|
||||
This validation runs on member update when the email attribute is changing.
|
||||
It allows the change only if:
|
||||
- The member is not linked to a user, or
|
||||
- The actor has the admin permission set (via `Mv.Authorization.Actor.admin?/1`), or
|
||||
- The actor is the user linked to this member (actor.member_id == member.id).
|
||||
|
||||
This prevents non-admins from changing another user's linked member email,
|
||||
which would sync to that user's account and break email synchronization.
|
||||
|
||||
Missing actor is not allowed; the system actor counts as admin (via `Actor.admin?/1`).
|
||||
"""
|
||||
use Ash.Resource.Validation
|
||||
use Gettext, backend: MvWeb.Gettext, otp_app: :mv
|
||||
|
||||
alias Mv.Authorization.Actor
|
||||
alias Mv.EmailSync.Loader
|
||||
|
||||
@doc """
|
||||
Validates that the actor may change the member's email when the member is linked.
|
||||
|
||||
Only runs when the email attribute is changing (checked inside). Skips when
|
||||
member is not linked. Allows when actor is admin or owns the linked member.
|
||||
"""
|
||||
@impl true
|
||||
def validate(changeset, _opts, context) do
|
||||
if Ash.Changeset.changing_attribute?(changeset, :email) do
|
||||
validate_linked_member_email_change(changeset, context)
|
||||
else
|
||||
:ok
|
||||
end
|
||||
end
|
||||
|
||||
defp validate_linked_member_email_change(changeset, context) do
|
||||
linked_user = Loader.get_linked_user(changeset.data)
|
||||
|
||||
if is_nil(linked_user) do
|
||||
:ok
|
||||
else
|
||||
actor = resolve_actor(changeset, context)
|
||||
member_id = changeset.data.id
|
||||
|
||||
if Actor.admin?(actor) or actor_owns_member?(actor, member_id) do
|
||||
:ok
|
||||
else
|
||||
msg =
|
||||
dgettext(
|
||||
"default",
|
||||
"Only administrators or the linked user can change the email for members linked to users"
|
||||
)
|
||||
|
||||
{:error, field: :email, message: msg}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Ash stores actor in changeset.context.private.actor; validation context has .actor; some callsites use context.actor
|
||||
defp resolve_actor(changeset, context) do
|
||||
ctx = changeset.context || %{}
|
||||
|
||||
get_in(ctx, [:private, :actor]) ||
|
||||
Map.get(ctx, :actor) ||
|
||||
(context && Map.get(context, :actor))
|
||||
end
|
||||
|
||||
defp actor_owns_member?(nil, _member_id), do: false
|
||||
|
||||
defp actor_owns_member?(actor, member_id) do
|
||||
actor_member_id = Map.get(actor, :member_id) || Map.get(actor, "member_id")
|
||||
actor_member_id == member_id
|
||||
end
|
||||
end
|
||||
|
|
@ -8,8 +8,6 @@ defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do
|
|||
This allows creating members with the same email as unlinked users.
|
||||
"""
|
||||
use Ash.Resource.Validation
|
||||
|
||||
alias Mv.EmailSync.Loader
|
||||
alias Mv.Helpers
|
||||
|
||||
require Logger
|
||||
|
|
@ -34,8 +32,7 @@ defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do
|
|||
def validate(changeset, _opts, _context) do
|
||||
email_changing? = Ash.Changeset.changing_attribute?(changeset, :email)
|
||||
|
||||
linked_user = Loader.get_linked_user(changeset.data)
|
||||
linked_user_id = if linked_user, do: linked_user.id, else: nil
|
||||
linked_user_id = get_linked_user_id(changeset.data)
|
||||
is_linked? = not is_nil(linked_user_id)
|
||||
|
||||
# Only validate if member is already linked AND email is changing
|
||||
|
|
@ -79,4 +76,16 @@ defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do
|
|||
|
||||
defp maybe_exclude_id(query, nil), do: query
|
||||
defp maybe_exclude_id(query, id), do: Ash.Query.filter(query, id != ^id)
|
||||
|
||||
defp get_linked_user_id(member_data) do
|
||||
alias Mv.Helpers.SystemActor
|
||||
|
||||
system_actor = SystemActor.get_system_actor()
|
||||
opts = Helpers.ash_actor_opts(system_actor)
|
||||
|
||||
case Ash.load(member_data, :user, opts) do
|
||||
{:ok, %{user: %{id: id}}} -> id
|
||||
_ -> nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -97,18 +97,12 @@ defmodule MvWeb.Authorization do
|
|||
@doc """
|
||||
Checks if user can access a specific page.
|
||||
|
||||
Nil-safe: returns false when user is nil (e.g. unauthenticated or layout
|
||||
assigns regression), so callers do not need to guard.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> admin = %{role: %{permission_set_name: "admin"}}
|
||||
iex> can_access_page?(admin, "/admin/roles")
|
||||
true
|
||||
|
||||
iex> can_access_page?(nil, "/members")
|
||||
false
|
||||
|
||||
iex> mitglied = %{role: %{permission_set_name: "own_data"}}
|
||||
iex> can_access_page?(mitglied, "/members")
|
||||
false
|
||||
|
|
|
|||
|
|
@ -97,13 +97,12 @@ defmodule MvWeb.CoreComponents do
|
|||
<.button navigate={~p"/"}>Home</.button>
|
||||
<.button disabled={true}>Disabled</.button>
|
||||
"""
|
||||
attr :rest, :global, include: ~w(href navigate patch method data-testid)
|
||||
attr :rest, :global, include: ~w(href navigate patch method)
|
||||
attr :variant, :string, values: ~w(primary)
|
||||
attr :disabled, :boolean, default: false, doc: "Whether the button is disabled"
|
||||
slot :inner_block, required: true
|
||||
|
||||
def button(assigns) do
|
||||
rest = assigns.rest
|
||||
def button(%{rest: rest} = assigns) do
|
||||
variants = %{"primary" => "btn-primary", nil => "btn-primary btn-soft"}
|
||||
assigns = assign(assigns, :class, Map.fetch!(variants, assigns[:variant]))
|
||||
|
||||
|
|
|
|||
|
|
@ -4,8 +4,6 @@ defmodule MvWeb.Layouts.Sidebar do
|
|||
"""
|
||||
use MvWeb, :html
|
||||
|
||||
alias MvWeb.PagePaths
|
||||
|
||||
attr :current_user, :map, default: nil, doc: "The current user"
|
||||
attr :club_name, :string, required: true, doc: "The name of the club"
|
||||
attr :mobile, :boolean, default: false, doc: "Whether this is mobile view"
|
||||
|
|
@ -72,56 +70,33 @@ defmodule MvWeb.Layouts.Sidebar do
|
|||
defp sidebar_menu(assigns) do
|
||||
~H"""
|
||||
<ul class="menu flex-1 w-full p-2" role="menubar">
|
||||
<%= if can_access_page?(@current_user, PagePaths.members()) do %>
|
||||
<.menu_item
|
||||
href={~p"/members"}
|
||||
icon="hero-users"
|
||||
label={gettext("Members")}
|
||||
/>
|
||||
<% end %>
|
||||
<.menu_item
|
||||
href={~p"/members"}
|
||||
icon="hero-users"
|
||||
label={gettext("Members")}
|
||||
/>
|
||||
|
||||
<%= if can_access_page?(@current_user, PagePaths.membership_fee_types()) do %>
|
||||
<.menu_item
|
||||
href={~p"/membership_fee_types"}
|
||||
icon="hero-currency-euro"
|
||||
label={gettext("Fee Types")}
|
||||
/>
|
||||
<% end %>
|
||||
<.menu_item
|
||||
href={~p"/membership_fee_types"}
|
||||
icon="hero-currency-euro"
|
||||
label={gettext("Fee Types")}
|
||||
/>
|
||||
|
||||
<%= if admin_menu_visible?(@current_user) do %>
|
||||
<.menu_group
|
||||
icon="hero-cog-6-tooth"
|
||||
label={gettext("Administration")}
|
||||
testid="sidebar-administration"
|
||||
>
|
||||
<%= if can_access_page?(@current_user, PagePaths.users()) do %>
|
||||
<.menu_subitem href={~p"/users"} label={gettext("Users")} />
|
||||
<% end %>
|
||||
<%= if can_access_page?(@current_user, PagePaths.groups()) do %>
|
||||
<.menu_subitem href={~p"/groups"} label={gettext("Groups")} />
|
||||
<% end %>
|
||||
<%= if can_access_page?(@current_user, PagePaths.admin_roles()) do %>
|
||||
<.menu_subitem href={~p"/admin/roles"} label={gettext("Roles")} />
|
||||
<% end %>
|
||||
<%= if can_access_page?(@current_user, PagePaths.membership_fee_settings()) do %>
|
||||
<.menu_subitem
|
||||
href={~p"/membership_fee_settings"}
|
||||
label={gettext("Fee Settings")}
|
||||
/>
|
||||
<% end %>
|
||||
<%= if can_access_page?(@current_user, PagePaths.settings()) do %>
|
||||
<.menu_subitem href={~p"/settings"} label={gettext("Settings")} />
|
||||
<% end %>
|
||||
</.menu_group>
|
||||
<% end %>
|
||||
<!-- Nested Admin Menu -->
|
||||
<.menu_group icon="hero-cog-6-tooth" label={gettext("Administration")}>
|
||||
<.menu_subitem href={~p"/users"} label={gettext("Users")} />
|
||||
<.menu_subitem href={~p"/groups"} label={gettext("Groups")} />
|
||||
<.menu_subitem href={~p"/admin/roles"} label={gettext("Roles")} />
|
||||
<.menu_subitem
|
||||
href={~p"/membership_fee_settings"}
|
||||
label={gettext("Fee Settings")}
|
||||
/>
|
||||
<.menu_subitem href={~p"/settings"} label={gettext("Settings")} />
|
||||
</.menu_group>
|
||||
</ul>
|
||||
"""
|
||||
end
|
||||
|
||||
defp admin_menu_visible?(user) do
|
||||
Enum.any?(PagePaths.admin_menu_paths(), &can_access_page?(user, &1))
|
||||
end
|
||||
|
||||
attr :href, :string, required: true, doc: "Navigation path"
|
||||
attr :icon, :string, required: true, doc: "Heroicon name"
|
||||
attr :label, :string, required: true, doc: "Menu item label"
|
||||
|
|
@ -144,13 +119,12 @@ defmodule MvWeb.Layouts.Sidebar do
|
|||
|
||||
attr :icon, :string, required: true, doc: "Heroicon name for the menu group"
|
||||
attr :label, :string, required: true, doc: "Menu group label"
|
||||
attr :testid, :string, default: nil, doc: "data-testid for stable test selectors"
|
||||
slot :inner_block, required: true, doc: "Submenu items"
|
||||
|
||||
defp menu_group(assigns) do
|
||||
~H"""
|
||||
<!-- Expanded Mode: Always open div structure -->
|
||||
<li role="none" class="expanded-menu-group" data-testid={@testid}>
|
||||
<li role="none" class="expanded-menu-group">
|
||||
<div
|
||||
class="flex items-center gap-3"
|
||||
role="group"
|
||||
|
|
@ -164,7 +138,7 @@ defmodule MvWeb.Layouts.Sidebar do
|
|||
</ul>
|
||||
</li>
|
||||
<!-- Collapsed Mode: Dropdown -->
|
||||
<div class="collapsed-menu-group dropdown dropdown-right" data-testid={@testid}>
|
||||
<div class="collapsed-menu-group dropdown dropdown-right">
|
||||
<button
|
||||
type="button"
|
||||
tabindex="0"
|
||||
|
|
|
|||
|
|
@ -23,11 +23,9 @@
|
|||
<.icon name="hero-envelope" />
|
||||
{gettext("Open in email program")}
|
||||
</.button>
|
||||
<%= if can?(@current_user, :create, Mv.Membership.Member) do %>
|
||||
<.button variant="primary" navigate={~p"/members/new"} data-testid="member-new">
|
||||
<.icon name="hero-plus" /> {gettext("New Member")}
|
||||
</.button>
|
||||
<% end %>
|
||||
<.button variant="primary" navigate={~p"/members/new"}>
|
||||
<.icon name="hero-plus" /> {gettext("New Member")}
|
||||
</.button>
|
||||
</:actions>
|
||||
</.header>
|
||||
|
||||
|
|
@ -86,7 +84,6 @@
|
|||
<.table
|
||||
id="members"
|
||||
rows={@members}
|
||||
row_id={fn member -> "row-#{member.id}" end}
|
||||
row_click={fn member -> JS.navigate(~p"/members/#{member}") end}
|
||||
dynamic_cols={@dynamic_cols}
|
||||
sort_field={@sort_field}
|
||||
|
|
@ -300,23 +297,16 @@
|
|||
<.link navigate={~p"/members/#{member}"}>{gettext("Show")}</.link>
|
||||
</div>
|
||||
|
||||
<%= if can?(@current_user, :update, member) do %>
|
||||
<.link navigate={~p"/members/#{member}/edit"} data-testid="member-edit">
|
||||
{gettext("Edit")}
|
||||
</.link>
|
||||
<% end %>
|
||||
<.link navigate={~p"/members/#{member}/edit"}>{gettext("Edit")}</.link>
|
||||
</:action>
|
||||
|
||||
<:action :let={member}>
|
||||
<%= if can?(@current_user, :destroy, member) do %>
|
||||
<.link
|
||||
phx-click={JS.push("delete", value: %{id: member.id}) |> hide("#row-#{member.id}")}
|
||||
data-confirm={gettext("Are you sure?")}
|
||||
data-testid="member-delete"
|
||||
>
|
||||
{gettext("Delete")}
|
||||
</.link>
|
||||
<% end %>
|
||||
<.link
|
||||
phx-click={JS.push("delete", value: %{id: member.id}) |> hide("#row-#{member.id}")}
|
||||
data-confirm={gettext("Are you sure?")}
|
||||
>
|
||||
{gettext("Delete")}
|
||||
</.link>
|
||||
</:action>
|
||||
</.table>
|
||||
</Layouts.app>
|
||||
|
|
|
|||
|
|
@ -39,15 +39,9 @@ defmodule MvWeb.MemberLive.Show do
|
|||
{MvWeb.Helpers.MemberHelpers.display_name(@member)}
|
||||
</h1>
|
||||
|
||||
<%= if can?(@current_user, :update, @member) do %>
|
||||
<.button
|
||||
variant="primary"
|
||||
navigate={~p"/members/#{@member}/edit?return_to=show"}
|
||||
data-testid="member-edit"
|
||||
>
|
||||
{gettext("Edit Member")}
|
||||
</.button>
|
||||
<% end %>
|
||||
<.button variant="primary" navigate={~p"/members/#{@member}/edit?return_to=show"}>
|
||||
{gettext("Edit Member")}
|
||||
</.button>
|
||||
</div>
|
||||
|
||||
<%!-- Tab Navigation --%>
|
||||
|
|
|
|||
|
|
@ -2,20 +2,13 @@
|
|||
<.header>
|
||||
{gettext("Listing Users")}
|
||||
<:actions>
|
||||
<%= if can?(@current_user, :create, Mv.Accounts.User) do %>
|
||||
<.button variant="primary" navigate={~p"/users/new"} data-testid="user-new">
|
||||
<.icon name="hero-plus" /> {gettext("New User")}
|
||||
</.button>
|
||||
<% end %>
|
||||
<.button variant="primary" navigate={~p"/users/new"}>
|
||||
<.icon name="hero-plus" /> {gettext("New User")}
|
||||
</.button>
|
||||
</:actions>
|
||||
</.header>
|
||||
|
||||
<.table
|
||||
id="users"
|
||||
rows={@users}
|
||||
row_id={fn user -> "row-#{user.id}" end}
|
||||
row_click={fn user -> JS.navigate(~p"/users/#{user}") end}
|
||||
>
|
||||
<.table id="users" rows={@users} row_click={fn user -> JS.navigate(~p"/users/#{user}") end}>
|
||||
<:col
|
||||
:let={user}
|
||||
label={
|
||||
|
|
@ -69,23 +62,16 @@
|
|||
<.link navigate={~p"/users/#{user}"}>{gettext("Show")}</.link>
|
||||
</div>
|
||||
|
||||
<%= if can?(@current_user, :update, user) do %>
|
||||
<.link navigate={~p"/users/#{user}/edit"} data-testid="user-edit">
|
||||
{gettext("Edit")}
|
||||
</.link>
|
||||
<% end %>
|
||||
<.link navigate={~p"/users/#{user}/edit"}>{gettext("Edit")}</.link>
|
||||
</:action>
|
||||
|
||||
<:action :let={user}>
|
||||
<%= if can?(@current_user, :destroy, user) do %>
|
||||
<.link
|
||||
phx-click={JS.push("delete", value: %{id: user.id}) |> hide("#row-#{user.id}")}
|
||||
data-confirm={gettext("Are you sure?")}
|
||||
data-testid="user-delete"
|
||||
>
|
||||
{gettext("Delete")}
|
||||
</.link>
|
||||
<% end %>
|
||||
<.link
|
||||
phx-click={JS.push("delete", value: %{id: user.id}) |> hide("#row-#{user.id}")}
|
||||
data-confirm={gettext("Are you sure?")}
|
||||
>
|
||||
{gettext("Delete")}
|
||||
</.link>
|
||||
</:action>
|
||||
</.table>
|
||||
</Layouts.app>
|
||||
|
|
|
|||
|
|
@ -41,15 +41,9 @@ defmodule MvWeb.UserLive.Show do
|
|||
<.icon name="hero-arrow-left" />
|
||||
<span class="sr-only">{gettext("Back to users list")}</span>
|
||||
</.button>
|
||||
<%= if can?(@current_user, :update, @user) do %>
|
||||
<.button
|
||||
variant="primary"
|
||||
navigate={~p"/users/#{@user}/edit?return_to=show"}
|
||||
data-testid="user-edit"
|
||||
>
|
||||
<.icon name="hero-pencil-square" /> {gettext("Edit User")}
|
||||
</.button>
|
||||
<% end %>
|
||||
<.button variant="primary" navigate={~p"/users/#{@user}/edit?return_to=show"}>
|
||||
<.icon name="hero-pencil-square" /> {gettext("Edit User")}
|
||||
</.button>
|
||||
</:actions>
|
||||
</.header>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,42 +0,0 @@
|
|||
defmodule MvWeb.PagePaths do
|
||||
@moduledoc """
|
||||
Central path strings for UI authorization and sidebar menu.
|
||||
|
||||
Keep in sync with `MvWeb.Router`. Used by Sidebar and `can_access_page?/2`
|
||||
so route changes (prefix, rename) are updated in one place.
|
||||
"""
|
||||
|
||||
# Sidebar top-level menu paths
|
||||
@members "/members"
|
||||
@membership_fee_types "/membership_fee_types"
|
||||
|
||||
# Administration submenu paths (all must match router)
|
||||
@users "/users"
|
||||
@groups "/groups"
|
||||
@admin_roles "/admin/roles"
|
||||
@membership_fee_settings "/membership_fee_settings"
|
||||
@settings "/settings"
|
||||
|
||||
@admin_page_paths [
|
||||
@users,
|
||||
@groups,
|
||||
@admin_roles,
|
||||
@membership_fee_settings,
|
||||
@settings
|
||||
]
|
||||
|
||||
@doc "Path for Members index (sidebar and page permission check)."
|
||||
def members, do: @members
|
||||
|
||||
@doc "Path for Membership Fee Types index (sidebar and page permission check)."
|
||||
def membership_fee_types, do: @membership_fee_types
|
||||
|
||||
@doc "Paths for Administration menu; show group if user can access any of these."
|
||||
def admin_menu_paths, do: @admin_page_paths
|
||||
|
||||
def users, do: @users
|
||||
def groups, do: @groups
|
||||
def admin_roles, do: @admin_roles
|
||||
def membership_fee_settings, do: @membership_fee_settings
|
||||
def settings, do: @settings
|
||||
end
|
||||
6
mix.lock
6
mix.lock
|
|
@ -1,11 +1,11 @@
|
|||
%{
|
||||
"ash": {:hex, :ash, "3.14.1", "22e0ac5dfd4c7d502bd103f0b4380defd66d7c6c83b3a4f54af7045f13da00d7", [:mix], [{:crux, ">= 0.1.2 and < 1.0.0-0", [hex: :crux, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:igniter, ">= 0.6.29 and < 1.0.0-0", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: true]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:reactor, "~> 1.0", [hex: :reactor, repo: "hexpm", optional: false]}, {:simple_sat, ">= 0.1.1 and < 1.0.0-0", [hex: :simple_sat, repo: "hexpm", optional: true]}, {:spark, ">= 2.3.14 and < 3.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:splode, "~> 0.3", [hex: :splode, repo: "hexpm", optional: false]}, {:stream_data, "~> 1.0", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "776a5963790d5af79855ddca1718a037d06b49063a6b97fae9110050b3d5127d"},
|
||||
"ash": {:hex, :ash, "3.14.0", "528264e9185f4bfe56f3fb32b4f3dabff0709b0baa5c3c30180e4a95750e9cc0", [:mix], [{:crux, ">= 0.1.2 and < 1.0.0-0", [hex: :crux, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:igniter, ">= 0.6.29 and < 1.0.0-0", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: true]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:reactor, "~> 1.0", [hex: :reactor, repo: "hexpm", optional: false]}, {:simple_sat, ">= 0.1.1 and < 1.0.0-0", [hex: :simple_sat, repo: "hexpm", optional: true]}, {:spark, ">= 2.3.14 and < 3.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:splode, "~> 0.3", [hex: :splode, repo: "hexpm", optional: false]}, {:stream_data, "~> 1.0", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8a0a2fd1ded0262685b36c2b6f892b90d464e6afc16b65a2b87578eb2a05bb90"},
|
||||
"ash_admin": {:hex, :ash_admin, "0.13.24", "4fafddc7b4450a92878b58630688c55cab20b0c27e35cad68f29811f73815816", [:mix], [{:ash, ">= 3.4.63 and < 4.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ash_phoenix, ">= 2.1.8 and < 3.0.0-0", [hex: :ash_phoenix, repo: "hexpm", optional: false]}, {:gettext, "~> 0.26 or ~> 1.0", [hex: :gettext, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.7", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 4.1", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 1.1-rc", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}], "hexpm", "8f298cf6cb6635744ed75dd401295ed52513ea4df169f0f89d6a9a75dc4de4dc"},
|
||||
"ash_authentication": {:hex, :ash_authentication, "4.13.7", "421b5ddb516026f6794435980a632109ec116af2afa68a45e15fb48b41c92cfa", [:mix], [{:argon2_elixir, "~> 4.0", [hex: :argon2_elixir, repo: "hexpm", optional: true]}, {:ash, "~> 3.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ash_postgres, ">= 2.6.8 and < 3.0.0-0", [hex: :ash_postgres, repo: "hexpm", optional: true]}, {:assent, "> 0.2.0 and < 0.3.0", [hex: :assent, repo: "hexpm", optional: false]}, {:bcrypt_elixir, "~> 3.0", [hex: :bcrypt_elixir, repo: "hexpm", optional: false]}, {:castore, "~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:finch, "~> 0.19", [hex: :finch, repo: "hexpm", optional: false]}, {:igniter, "~> 0.4", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:joken, "~> 2.5", [hex: :joken, repo: "hexpm", optional: false]}, {:plug, "~> 1.13", [hex: :plug, repo: "hexpm", optional: false]}, {:spark, "~> 2.0", [hex: :spark, repo: "hexpm", optional: false]}, {:splode, "~> 0.2", [hex: :splode, repo: "hexpm", optional: false]}], "hexpm", "0d45ac3fdcca6902dabbe161ce63e9cea8f90583863c2e14261c9309e5837121"},
|
||||
"ash_authentication_phoenix": {:hex, :ash_authentication_phoenix, "2.15.0", "89e71e96a3d954aed7ed0c1f511d42cbfd19009b813f580b12749b01bbea5148", [:mix], [{:ash, "~> 3.0", [hex: :ash, repo: "hexpm", optional: false]}, {:ash_authentication, "~> 4.10", [hex: :ash_authentication, repo: "hexpm", optional: false]}, {:ash_phoenix, ">= 2.3.11 and < 3.0.0-0", [hex: :ash_phoenix, repo: "hexpm", optional: false]}, {:bcrypt_elixir, "~> 3.0", [hex: :bcrypt_elixir, repo: "hexpm", optional: false]}, {:gettext, "~> 0.26 or ~> 1.0", [hex: :gettext, repo: "hexpm", optional: true]}, {:igniter, ">= 0.5.25 and < 1.0.0-0", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.6", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 4.0", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_html_helpers, "~> 1.0", [hex: :phoenix_html_helpers, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 1.1", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 2.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:slugify, "~> 1.3", [hex: :slugify, repo: "hexpm", optional: false]}], "hexpm", "d2da66dcf62bc1054ce8f5d9c2829b1dff1dbc3f1d03f9ef0cbe89123d7df107"},
|
||||
"ash_phoenix": {:hex, :ash_phoenix, "2.3.19", "244b24256a7d730e5223f36f371a95971542a547a12f0fb73406f67977e86c97", [:mix], [{:ash, ">= 3.5.13 and < 4.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:igniter, "~> 0.6", [hex: :igniter, repo: "hexpm", optional: true]}, {:inertia, "~> 2.3", [hex: :inertia, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.5.6 or ~> 1.6", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 4.0", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 0.20.3 or ~> 1.0-rc.1", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:spark, ">= 2.2.29 and < 3.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}], "hexpm", "754a7d869a3961a927abb7ff700af9895d2e69dd3b8f9471b0aa8e859cc4b135"},
|
||||
"ash_postgres": {:hex, :ash_postgres, "2.6.29", "93c7d39890930548acc704613b7f83e65c0880940be1b2048ee86dfb44918529", [:mix], [{:ash, "~> 3.14", [hex: :ash, repo: "hexpm", optional: false]}, {:ash_sql, ">= 0.4.3 and < 1.0.0-0", [hex: :ash_sql, repo: "hexpm", optional: false]}, {:ecto, "~> 3.13", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.13", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:igniter, ">= 0.6.29 and < 1.0.0-0", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}, {:spark, ">= 2.3.4 and < 3.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}], "hexpm", "0aed7ac3d8407ff094218b1dc86b88ea7e39249fb9e94360c7dac1711e206d8b"},
|
||||
"ash_sql": {:hex, :ash_sql, "0.4.3", "2c74e0a19646e3d31a384a2712fc48a82d04ceea74467771ce496fd64dbb55db", [:mix], [{:ash, "~> 3.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, ">= 3.13.4 and < 4.0.0-0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}], "hexpm", "b0ecc00502178407e607ae4bcfd2f264f36f6a884218024b5e4d5b3dcfa5e027"},
|
||||
"ash_postgres": {:hex, :ash_postgres, "2.6.28", "52cd2a5a701f15ffb76cf1db6ff3854bea616b963b869bac562420af73024ecf", [:mix], [{:ash, ">= 3.11.2 and < 4.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ash_sql, ">= 0.3.16 and < 1.0.0-0", [hex: :ash_sql, repo: "hexpm", optional: false]}, {:ecto, "~> 3.13", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.13", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:igniter, ">= 0.6.29 and < 1.0.0-0", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}, {:spark, ">= 2.3.4 and < 3.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}], "hexpm", "da354f3380d8a2c049904e8860fd2eea53e034a9be353bdd8a09e2a1f3315747"},
|
||||
"ash_sql": {:hex, :ash_sql, "0.4.2", "6ff701ee1f55d0310d1e6878ce57508f3c4aac70d7c751d3f9427dc0d5c36b50", [:mix], [{:ash, "~> 3.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, ">= 3.13.4 and < 4.0.0-0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}], "hexpm", "eae73e0a84b10ceb508739eaef144d8d8e86b634aa177ed99d688758c29273cb"},
|
||||
"assent": {:hex, :assent, "0.2.13", "11226365d2d8661d23e9a2cf94d3255e81054ff9d88ac877f28bfdf38fa4ef31", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "bf9f351b01dd6bceea1d1f157f05438f6765ce606e6eb8d29296003d29bf6eab"},
|
||||
"bandit": {:hex, :bandit, "1.10.2", "d15ea32eb853b5b42b965b24221eb045462b2ba9aff9a0bda71157c06338cbff", [:mix], [{:hpax, "~> 1.0", [hex: :hpax, repo: "hexpm", optional: false]}, {:plug, "~> 1.18", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}, {:thousand_island, "~> 1.0", [hex: :thousand_island, repo: "hexpm", optional: false]}, {:websock, "~> 0.5", [hex: :websock, repo: "hexpm", optional: false]}], "hexpm", "27b2a61b647914b1726c2ced3601473be5f7aa6bb468564a688646a689b3ee45"},
|
||||
"bcrypt_elixir": {:hex, :bcrypt_elixir, "3.3.2", "d50091e3c9492d73e17fc1e1619a9b09d6a5ef99160eb4d736926fd475a16ca3", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "471be5151874ae7931911057d1467d908955f93554f7a6cd1b7d804cac8cef53"},
|
||||
|
|
|
|||
|
|
@ -2298,7 +2298,17 @@ msgstr "Verwende die Namen der Datenfelder als Spaltennamen in der CSV Datei. Da
|
|||
msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing."
|
||||
msgstr "Unbekannte Spalte '%{header}' wird ignoriert. Falls dies ein Datenfeld ist, erstellen Sie es in Mila vor dem Import."
|
||||
|
||||
#: lib/mv/membership/member/validations/email_change_permission.ex
|
||||
#, elixir-autogen, elixir-format, fuzzy
|
||||
msgid "Only administrators or the linked user can change the email for members linked to users"
|
||||
msgstr "Nur Administrator*innen oder die verknüpfte Benutzer*in können die E-Mail von Mitgliedern ändern, die mit Benutzer*innen verknüpft sind."
|
||||
#~ #: lib/mv_web/live/global_settings_live.ex
|
||||
#~ #, elixir-autogen, elixir-format, fuzzy
|
||||
#~ msgid "Custom Fields in CSV Import"
|
||||
#~ msgstr "Benutzerdefinierte Felder"
|
||||
|
||||
#~ #: lib/mv_web/live/global_settings_live.ex
|
||||
#~ #, elixir-autogen, elixir-format, fuzzy
|
||||
#~ msgid "Individual data fields must be created in Mila before importing. Use the field name as the CSV column header. Unknown custom field columns will be ignored with a warning."
|
||||
#~ msgstr "Individuelle Datenfelder müssen in Mila erstellt werden, bevor sie importiert werden können. Verwenden Sie den Namen des Datenfeldes als CSV-Spaltenüberschrift. Unbekannte Spaltenüberschriften werden mit einer Warnung ignoriert."
|
||||
|
||||
#~ #: lib/mv_web/live/global_settings_live.ex
|
||||
#~ #, elixir-autogen, elixir-format
|
||||
#~ msgid "Manage Custom Fields"
|
||||
#~ msgstr "Benutzerdefinierte Felder verwalten"
|
||||
|
|
|
|||
|
|
@ -2298,8 +2298,3 @@ msgstr ""
|
|||
#, elixir-autogen, elixir-format
|
||||
msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing."
|
||||
msgstr ""
|
||||
|
||||
#: lib/mv/membership/member/validations/email_change_permission.ex
|
||||
#, elixir-autogen, elixir-format
|
||||
msgid "Only administrators or the linked user can change the email for members linked to users"
|
||||
msgstr ""
|
||||
|
|
|
|||
|
|
@ -2299,7 +2299,17 @@ msgstr ""
|
|||
msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing."
|
||||
msgstr "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing."
|
||||
|
||||
#: lib/mv/membership/member/validations/email_change_permission.ex
|
||||
#, elixir-autogen, elixir-format, fuzzy
|
||||
msgid "Only administrators or the linked user can change the email for members linked to users"
|
||||
msgstr "Only administrators or the linked user can change the email for members linked to users"
|
||||
#~ #: lib/mv_web/live/global_settings_live.ex
|
||||
#~ #, elixir-autogen, elixir-format, fuzzy
|
||||
#~ msgid "Custom Fields in CSV Import"
|
||||
#~ msgstr ""
|
||||
|
||||
#~ #: lib/mv_web/live/global_settings_live.ex
|
||||
#~ #, elixir-autogen, elixir-format, fuzzy
|
||||
#~ msgid "Individual data fields must be created in Mila before importing. Use the field name as the CSV column header. Unknown custom field columns will be ignored with a warning."
|
||||
#~ msgstr ""
|
||||
|
||||
#~ #: lib/mv_web/live/global_settings_live.ex
|
||||
#~ #, elixir-autogen, elixir-format
|
||||
#~ msgid "Manage Custom Fields"
|
||||
#~ msgstr ""
|
||||
|
|
|
|||
|
|
@ -1,236 +0,0 @@
|
|||
defmodule Mv.Membership.MemberEmailValidationTest do
|
||||
@moduledoc """
|
||||
Tests for Member email-change permission validation.
|
||||
|
||||
When a member is linked to a user, only admins or the linked user may change
|
||||
that member's email. Unlinked members and non-email updates are unaffected.
|
||||
"""
|
||||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
alias Mv.Helpers.SystemActor
|
||||
alias Mv.Membership
|
||||
|
||||
setup do
|
||||
system_actor = SystemActor.get_system_actor()
|
||||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
defp create_linked_member_for_user(user, actor) do
|
||||
admin = create_admin_user(actor)
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
%{
|
||||
first_name: "Linked",
|
||||
last_name: "Member",
|
||||
email: "linked#{System.unique_integer([:positive])}@example.com"
|
||||
},
|
||||
actor: admin
|
||||
)
|
||||
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.force_change_attribute(:member_id, member.id)
|
||||
|> Ash.update(actor: admin, domain: Mv.Accounts, return_notifications?: false)
|
||||
|
||||
member
|
||||
end
|
||||
|
||||
defp create_unlinked_member(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
%{
|
||||
first_name: "Unlinked",
|
||||
last_name: "Member",
|
||||
email: "unlinked#{System.unique_integer([:positive])}@example.com"
|
||||
},
|
||||
actor: admin
|
||||
)
|
||||
|
||||
member
|
||||
end
|
||||
|
||||
describe "unlinked member" do
|
||||
test "normal_user can update email of unlinked member", %{actor: actor} do
|
||||
normal_user = create_user_with_permission_set("normal_user", actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
new_email = "new#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(unlinked_member, %{email: new_email}, actor: normal_user)
|
||||
|
||||
assert updated.email == new_email
|
||||
end
|
||||
|
||||
test "validation does not block when member has no linked user", %{actor: actor} do
|
||||
normal_user = create_user_with_permission_set("normal_user", actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
new_email = "other#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:ok, _} =
|
||||
Membership.update_member(unlinked_member, %{email: new_email}, actor: normal_user)
|
||||
end
|
||||
end
|
||||
|
||||
describe "linked member – another user's member" do
|
||||
test "normal_user cannot update email of another user's linked member", %{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
|
||||
normal_user_b = create_user_with_permission_set("normal_user", actor)
|
||||
new_email = "other#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:error, %Ash.Error.Invalid{} = error} =
|
||||
Membership.update_member(linked_member, %{email: new_email}, actor: normal_user_b)
|
||||
|
||||
assert Enum.any?(error.errors, &(&1.field == :email)),
|
||||
"expected an error for field :email, got: #{inspect(error.errors)}"
|
||||
end
|
||||
|
||||
test "admin can update email of linked member", %{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
admin = create_admin_user(actor)
|
||||
|
||||
new_email = "admin_changed#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(linked_member, %{email: new_email}, actor: admin)
|
||||
|
||||
assert updated.email == new_email
|
||||
end
|
||||
end
|
||||
|
||||
describe "linked member – own member" do
|
||||
test "own_data user can update email of their own linked member", %{actor: actor} do
|
||||
own_data_user = create_user_with_permission_set("own_data", actor)
|
||||
linked_member = create_linked_member_for_user(own_data_user, actor)
|
||||
|
||||
{:ok, own_data_user} =
|
||||
Ash.get(Accounts.User, own_data_user.id, domain: Mv.Accounts, load: [:role], actor: actor)
|
||||
|
||||
{:ok, own_data_user} =
|
||||
Ash.load(own_data_user, :member, domain: Mv.Accounts, actor: actor)
|
||||
|
||||
new_email = "own_updated#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(linked_member, %{email: new_email}, actor: own_data_user)
|
||||
|
||||
assert updated.email == new_email
|
||||
end
|
||||
|
||||
test "normal_user with linked member can update email of that same member", %{actor: actor} do
|
||||
normal_user = create_user_with_permission_set("normal_user", actor)
|
||||
linked_member = create_linked_member_for_user(normal_user, actor)
|
||||
|
||||
{:ok, normal_user} =
|
||||
Ash.get(Accounts.User, normal_user.id, domain: Mv.Accounts, load: [:role], actor: actor)
|
||||
|
||||
{:ok, normal_user} = Ash.load(normal_user, :member, domain: Mv.Accounts, actor: actor)
|
||||
|
||||
new_email = "normal_own#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(linked_member, %{email: new_email}, actor: normal_user)
|
||||
|
||||
assert updated.email == new_email
|
||||
end
|
||||
end
|
||||
|
||||
describe "no-op / other fields" do
|
||||
test "updating only other attributes on linked member as normal_user does not trigger validation error",
|
||||
%{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
normal_user_b = create_user_with_permission_set("normal_user", actor)
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(linked_member, %{first_name: "UpdatedName"},
|
||||
actor: normal_user_b
|
||||
)
|
||||
|
||||
assert updated.first_name == "UpdatedName"
|
||||
assert updated.email == linked_member.email
|
||||
end
|
||||
|
||||
test "updating email of linked member as admin succeeds", %{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
admin = create_admin_user(actor)
|
||||
|
||||
new_email = "admin_ok#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(linked_member, %{email: new_email}, actor: admin)
|
||||
|
||||
assert updated.email == new_email
|
||||
end
|
||||
end
|
||||
|
||||
describe "read_only" do
|
||||
test "read_only cannot update any member (policy rejects before validation)", %{actor: actor} do
|
||||
read_only_user = create_user_with_permission_set("read_only", actor)
|
||||
linked_member = create_linked_member_for_user(read_only_user, actor)
|
||||
|
||||
{:ok, read_only_user} =
|
||||
Ash.get(Accounts.User, read_only_user.id,
|
||||
domain: Mv.Accounts,
|
||||
load: [:role],
|
||||
actor: actor
|
||||
)
|
||||
|
||||
assert {:error, %Ash.Error.Forbidden{}} =
|
||||
Membership.update_member(linked_member, %{email: "changed@example.com"},
|
||||
actor: read_only_user
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -22,14 +22,9 @@ defmodule MvWeb.Layouts.SidebarTest do
|
|||
# =============================================================================
|
||||
|
||||
# Returns assigns for an authenticated user with all required attributes.
|
||||
# User has admin role so can_access_page? returns true for all sidebar links.
|
||||
defp authenticated_assigns(mobile \\ false) do
|
||||
%{
|
||||
current_user: %{
|
||||
id: "user-123",
|
||||
email: "test@example.com",
|
||||
role: %{permission_set_name: "admin"}
|
||||
},
|
||||
current_user: %{id: "user-123", email: "test@example.com"},
|
||||
club_name: "Test Club",
|
||||
mobile: mobile
|
||||
}
|
||||
|
|
@ -149,9 +144,7 @@ defmodule MvWeb.Layouts.SidebarTest do
|
|||
assert menu_item_count > 0, "Should have at least one top-level menu item"
|
||||
|
||||
# Check that nested menu groups exist
|
||||
assert html =~
|
||||
~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
|
||||
|
||||
assert html =~ ~s(<li role="none" class="expanded-menu-group">)
|
||||
assert html =~ ~s(role="group")
|
||||
assert has_class?(html, "expanded-menu-group")
|
||||
|
||||
|
|
@ -200,9 +193,7 @@ defmodule MvWeb.Layouts.SidebarTest do
|
|||
html = render_sidebar(authenticated_assigns())
|
||||
|
||||
# Check for nested menu structure
|
||||
assert html =~
|
||||
~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
|
||||
|
||||
assert html =~ ~s(<li role="none" class="expanded-menu-group">)
|
||||
assert html =~ ~s(role="group")
|
||||
assert html =~ ~s(aria-label="Administration")
|
||||
assert has_class?(html, "expanded-menu-group")
|
||||
|
|
@ -530,9 +521,7 @@ defmodule MvWeb.Layouts.SidebarTest do
|
|||
assert html =~ ~s(role="menuitem")
|
||||
|
||||
# Check that nested menus exist
|
||||
assert html =~
|
||||
~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
|
||||
|
||||
assert html =~ ~s(<li role="none" class="expanded-menu-group">)
|
||||
assert html =~ ~s(role="group")
|
||||
|
||||
# Footer section
|
||||
|
|
@ -640,9 +629,7 @@ defmodule MvWeb.Layouts.SidebarTest do
|
|||
html = render_sidebar(authenticated_assigns())
|
||||
|
||||
# expanded-menu-group structure present
|
||||
assert html =~
|
||||
~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
|
||||
|
||||
assert html =~ ~s(<li role="none" class="expanded-menu-group">)
|
||||
assert html =~ ~s(role="group")
|
||||
assert html =~ ~s(aria-label="Administration")
|
||||
assert has_class?(html, "expanded-menu-group")
|
||||
|
|
@ -856,9 +843,7 @@ defmodule MvWeb.Layouts.SidebarTest do
|
|||
|
||||
# Expanded menu group should have correct structure
|
||||
# (CSS handles hover effects, but we verify structure)
|
||||
assert html =~
|
||||
~s(<li role="none" class="expanded-menu-group" data-testid="sidebar-administration">)
|
||||
|
||||
assert html =~ ~s(<li role="none" class="expanded-menu-group">)
|
||||
assert html =~ ~s(role="group")
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -1,120 +0,0 @@
|
|||
defmodule MvWeb.SidebarAuthorizationTest do
|
||||
@moduledoc """
|
||||
Tests for sidebar menu visibility based on user permissions (can_access_page?).
|
||||
"""
|
||||
use MvWeb.ConnCase, async: false
|
||||
|
||||
import Phoenix.LiveViewTest
|
||||
import MvWeb.Layouts.Sidebar
|
||||
|
||||
alias Mv.Fixtures
|
||||
|
||||
defp render_sidebar(assigns) do
|
||||
render_component(&sidebar/1, assigns)
|
||||
end
|
||||
|
||||
defp sidebar_assigns(current_user, opts \\ []) do
|
||||
mobile = Keyword.get(opts, :mobile, false)
|
||||
club_name = Keyword.get(opts, :club_name, "Test Club")
|
||||
|
||||
%{
|
||||
current_user: current_user,
|
||||
club_name: club_name,
|
||||
mobile: mobile
|
||||
}
|
||||
end
|
||||
|
||||
describe "sidebar menu with admin user" do
|
||||
test "shows Members, Fee Types and Administration with all subitems" do
|
||||
user = Fixtures.user_with_role_fixture("admin")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
assert html =~ ~s(href="/members")
|
||||
assert html =~ ~s(href="/membership_fee_types")
|
||||
assert html =~ ~s(data-testid="sidebar-administration")
|
||||
assert html =~ ~s(href="/users")
|
||||
assert html =~ ~s(href="/groups")
|
||||
assert html =~ ~s(href="/admin/roles")
|
||||
assert html =~ ~s(href="/membership_fee_settings")
|
||||
assert html =~ ~s(href="/settings")
|
||||
end
|
||||
end
|
||||
|
||||
describe "sidebar menu with read_only user (Vorstand/Buchhaltung)" do
|
||||
test "shows Members and Groups (from Administration)" do
|
||||
user = Fixtures.user_with_role_fixture("read_only")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
assert html =~ ~s(href="/members")
|
||||
assert html =~ ~s(href="/groups")
|
||||
end
|
||||
|
||||
test "does not show Fee Types, Users, Roles or Settings" do
|
||||
user = Fixtures.user_with_role_fixture("read_only")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
refute html =~ ~s(href="/membership_fee_types")
|
||||
refute html =~ ~s(href="/users")
|
||||
refute html =~ ~s(href="/admin/roles")
|
||||
refute html =~ ~s(href="/settings")
|
||||
end
|
||||
end
|
||||
|
||||
describe "sidebar menu with normal_user (Kassenwart)" do
|
||||
test "shows Members and Groups" do
|
||||
user = Fixtures.user_with_role_fixture("normal_user")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
assert html =~ ~s(href="/members")
|
||||
assert html =~ ~s(href="/groups")
|
||||
end
|
||||
|
||||
test "does not show Fee Types, Users, Roles or Settings" do
|
||||
user = Fixtures.user_with_role_fixture("normal_user")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
refute html =~ ~s(href="/membership_fee_types")
|
||||
refute html =~ ~s(href="/users")
|
||||
refute html =~ ~s(href="/admin/roles")
|
||||
refute html =~ ~s(href="/settings")
|
||||
end
|
||||
end
|
||||
|
||||
describe "sidebar menu with own_data user (Mitglied)" do
|
||||
test "does not show Members link (no /members page access)" do
|
||||
user = Fixtures.user_with_role_fixture("own_data")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
refute html =~ ~s(href="/members")
|
||||
end
|
||||
|
||||
test "does not show Fee Types or Administration" do
|
||||
user = Fixtures.user_with_role_fixture("own_data")
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
refute html =~ ~s(href="/membership_fee_types")
|
||||
refute html =~ ~s(href="/users")
|
||||
refute html =~ ~s(data-testid="sidebar-administration")
|
||||
end
|
||||
end
|
||||
|
||||
describe "sidebar with nil current_user" do
|
||||
test "does not render menu items (only header and footer when present)" do
|
||||
html = render_sidebar(sidebar_assigns(nil))
|
||||
|
||||
refute html =~ ~s(role="menubar")
|
||||
refute html =~ ~s(href="/members")
|
||||
end
|
||||
end
|
||||
|
||||
describe "sidebar with user without role" do
|
||||
test "does not show any navigation links" do
|
||||
user = %{id: "user-no-role", email: "noreply@test.com", role: nil}
|
||||
html = render_sidebar(sidebar_assigns(user))
|
||||
|
||||
refute html =~ ~s(href="/members")
|
||||
refute html =~ ~s(href="/membership_fee_types")
|
||||
refute html =~ ~s(href="/users")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -1,102 +0,0 @@
|
|||
defmodule MvWeb.MemberLiveAuthorizationTest do
|
||||
@moduledoc """
|
||||
Tests for UI authorization on Member LiveViews (Index and Show).
|
||||
"""
|
||||
use MvWeb.ConnCase, async: false
|
||||
|
||||
import Phoenix.LiveViewTest
|
||||
|
||||
alias Mv.Fixtures
|
||||
|
||||
describe "Member Index - Vorstand (read_only)" do
|
||||
@tag role: :read_only
|
||||
test "sees member list but not New Member button", %{conn: conn} do
|
||||
_member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members")
|
||||
|
||||
refute has_element?(view, "[data-testid=member-new]")
|
||||
end
|
||||
|
||||
@tag role: :read_only
|
||||
test "does not see Edit or Delete buttons in table", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members")
|
||||
|
||||
refute has_element?(view, "#row-#{member.id} [data-testid=member-edit]")
|
||||
refute has_element?(view, "#row-#{member.id} [data-testid=member-delete]")
|
||||
end
|
||||
end
|
||||
|
||||
describe "Member Index - Kassenwart (normal_user)" do
|
||||
@tag role: :normal_user
|
||||
test "sees New Member and Edit buttons", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members")
|
||||
|
||||
assert has_element?(view, "[data-testid=member-new]")
|
||||
assert has_element?(view, "#row-#{member.id} [data-testid=member-edit]")
|
||||
end
|
||||
|
||||
@tag role: :normal_user
|
||||
test "does not see Delete button", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members")
|
||||
|
||||
refute has_element?(view, "#row-#{member.id} [data-testid=member-delete]")
|
||||
end
|
||||
end
|
||||
|
||||
describe "Member Index - Admin" do
|
||||
@tag role: :admin
|
||||
test "sees New Member, Edit and Delete buttons", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members")
|
||||
|
||||
assert has_element?(view, "[data-testid=member-new]")
|
||||
assert has_element?(view, "#row-#{member.id} [data-testid=member-edit]")
|
||||
assert has_element?(view, "#row-#{member.id} [data-testid=member-delete]")
|
||||
end
|
||||
end
|
||||
|
||||
describe "Member Index - Mitglied (own_data)" do
|
||||
@tag role: :member
|
||||
test "is redirected when accessing /members", %{conn: conn, current_user: user} do
|
||||
assert {:error, {:redirect, %{to: to}}} = live(conn, "/members")
|
||||
assert to == "/users/#{user.id}"
|
||||
end
|
||||
end
|
||||
|
||||
describe "Member Show - Edit button visibility" do
|
||||
@tag role: :admin
|
||||
test "admin sees Edit button", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members/#{member.id}")
|
||||
|
||||
assert has_element?(view, "[data-testid=member-edit]")
|
||||
end
|
||||
|
||||
@tag role: :read_only
|
||||
test "read_only does not see Edit button", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members/#{member.id}")
|
||||
|
||||
refute has_element?(view, "[data-testid=member-edit]")
|
||||
end
|
||||
|
||||
@tag role: :normal_user
|
||||
test "normal_user sees Edit button", %{conn: conn} do
|
||||
member = Fixtures.member_fixture()
|
||||
|
||||
{:ok, view, _html} = live(conn, "/members/#{member.id}")
|
||||
|
||||
assert has_element?(view, "[data-testid=member-edit]")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -1,81 +0,0 @@
|
|||
defmodule MvWeb.UserLiveAuthorizationTest do
|
||||
@moduledoc """
|
||||
Tests for UI authorization on User LiveViews (Index and Show).
|
||||
"""
|
||||
use MvWeb.ConnCase, async: false
|
||||
|
||||
import Phoenix.LiveViewTest
|
||||
|
||||
alias Mv.Fixtures
|
||||
|
||||
describe "User Index - Admin" do
|
||||
@tag role: :admin
|
||||
test "sees New User, Edit and Delete buttons", %{conn: conn} do
|
||||
user = Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, view, _html} = live(conn, "/users")
|
||||
|
||||
assert has_element?(view, "[data-testid=user-new]")
|
||||
assert has_element?(view, "#row-#{user.id} [data-testid=user-edit]")
|
||||
assert has_element?(view, "#row-#{user.id} [data-testid=user-delete]")
|
||||
end
|
||||
end
|
||||
|
||||
describe "User Index - Non-Admin is redirected" do
|
||||
@tag role: :read_only
|
||||
test "read_only is redirected when accessing /users", %{conn: conn, current_user: user} do
|
||||
assert {:error, {:redirect, %{to: to}}} = live(conn, "/users")
|
||||
assert to == "/users/#{user.id}"
|
||||
end
|
||||
|
||||
@tag role: :member
|
||||
test "member is redirected when accessing /users", %{conn: conn, current_user: user} do
|
||||
assert {:error, {:redirect, %{to: to}}} = live(conn, "/users")
|
||||
assert to == "/users/#{user.id}"
|
||||
end
|
||||
|
||||
@tag role: :normal_user
|
||||
test "normal_user is redirected when accessing /users", %{conn: conn, current_user: user} do
|
||||
assert {:error, {:redirect, %{to: to}}} = live(conn, "/users")
|
||||
assert to == "/users/#{user.id}"
|
||||
end
|
||||
end
|
||||
|
||||
describe "User Show - own profile" do
|
||||
@tag role: :member
|
||||
test "member sees Edit button on own profile", %{conn: conn, current_user: user} do
|
||||
{:ok, view, _html} = live(conn, "/users/#{user.id}")
|
||||
|
||||
assert has_element?(view, "[data-testid=user-edit]")
|
||||
end
|
||||
|
||||
@tag role: :read_only
|
||||
test "read_only sees Edit button on own profile", %{conn: conn, current_user: user} do
|
||||
{:ok, view, _html} = live(conn, "/users/#{user.id}")
|
||||
|
||||
assert has_element?(view, "[data-testid=user-edit]")
|
||||
end
|
||||
|
||||
@tag role: :admin
|
||||
test "admin sees Edit button on user show", %{conn: conn} do
|
||||
user = Fixtures.user_with_role_fixture("read_only")
|
||||
|
||||
{:ok, view, _html} = live(conn, "/users/#{user.id}")
|
||||
|
||||
assert has_element?(view, "[data-testid=user-edit]")
|
||||
end
|
||||
end
|
||||
|
||||
describe "User Show - other user (non-admin redirected)" do
|
||||
@tag role: :member
|
||||
test "member is redirected when accessing other user's profile", %{
|
||||
conn: conn,
|
||||
current_user: current_user
|
||||
} do
|
||||
other_user = Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
assert {:error, {:redirect, %{to: to}}} = live(conn, "/users/#{other_user.id}")
|
||||
assert to == "/users/#{current_user.id}"
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue