local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 7 Projects 3 Releases Packages 1 Activity Actions

Concept for Groups #354

Closed
simon wants to merge 118 commits from feature/concept-groups into main
pull from: feature/concept-groups
merge into: local-it:main
Conversation 2 Commits 118 Files changed 166 +16 -21
1 changed files with 16 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 28526deb9c - Show all commits

29
test/mv/accounts/user_policies_test.exs
View file

@ -60,9 +60,9 @@ defmodule Mv.Accounts.UserPoliciesTest do
create_user_with_permission_set("own_data")
end
describe "own_data permission set (Mitglied)" do
setup do
user = create_user_with_permission_set("own_data")
# Shared test setup for permission sets with scope :own access
defp setup_user_with_own_access(permission_set) do
user = create_user_with_permission_set(permission_set)
other_user = create_other_user()
# Reload user to ensure role is preloaded
@ -71,6 +71,11 @@ defmodule Mv.Accounts.UserPoliciesTest do
%{user: user, other_user: other_user}
end
describe "own_data permission set (Mitglied)" do
setup do
setup_user_with_own_access("own_data")
end
test "can read own user record", %{user: user} do
{:ok, fetched_user} =
Ash.get(Accounts.User, user.id, actor: user, domain: Mv.Accounts)
@ -136,13 +141,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
describe "read_only permission set (Vorstand/Buchhaltung)" do
setup do
user = create_user_with_permission_set("read_only")
other_user = create_other_user()
# Reload user to ensure role is preloaded
{:ok, user} = Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role])
%{user: user, other_user: other_user}
setup_user_with_own_access("read_only")
end
test "can read own user record", %{user: user} do
@ -169,6 +168,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
} do
# Note: With auto_filter policies, when a user tries to read a user that doesn't
# match the filter (id == actor.id), Ash returns NotFound, not Forbidden.
# This is the expected behavior - the filter makes the record "invisible" to the user.
assert_raise Ash.Error.Invalid, fn ->
Ash.get!(Accounts.User, other_user.id, actor: user, domain: Mv.Accounts)
end
@ -209,13 +209,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
describe "normal_user permission set (Kassenwart)" do
setup do
user = create_user_with_permission_set("normal_user")
other_user = create_other_user()
# Reload user to ensure role is preloaded
{:ok, user} = Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role])
%{user: user, other_user: other_user}
setup_user_with_own_access("normal_user")
end
test "can read own user record", %{user: user} do
@ -242,6 +236,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
} do
# Note: With auto_filter policies, when a user tries to read a user that doesn't
# match the filter (id == actor.id), Ash returns NotFound, not Forbidden.
# This is the expected behavior - the filter makes the record "invisible" to the user.
assert_raise Ash.Error.Invalid, fn ->
Ash.get!(Accounts.User, other_user.id, actor: user, domain: Mv.Accounts)
end