Complete Permissions for Groups, Membership Fees, and User Role Assignment closes #404 #405
9 changed files with 178 additions and 531 deletions
|
|
@ -8,67 +8,30 @@ defmodule Mv.Membership.CustomFieldPoliciesTest do
|
|||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.Membership.CustomField
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
setup do
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
defp create_custom_field do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_custom_field(actor) do
|
||||
{:ok, field} =
|
||||
CustomField
|
||||
|> Ash.Changeset.for_create(:create, %{
|
||||
name: "test_field_#{System.unique_integer([:positive])}",
|
||||
value_type: :string
|
||||
})
|
||||
|> Ash.create(actor: actor, domain: Mv.Membership)
|
||||
|> Ash.create(actor: admin, domain: Mv.Membership)
|
||||
|
||||
field
|
||||
end
|
||||
|
||||
describe "read access (all roles)" do
|
||||
test "user with own_data can read all custom fields", %{actor: actor} do
|
||||
custom_field = create_custom_field(actor)
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
test "user with own_data can read all custom fields", %{actor: _actor} do
|
||||
custom_field = create_custom_field()
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
|
||||
{:ok, fields} = Ash.read(CustomField, actor: user, domain: Mv.Membership)
|
||||
ids = Enum.map(fields, & &1.id)
|
||||
|
|
@ -78,9 +41,9 @@ defmodule Mv.Membership.CustomFieldPoliciesTest do
|
|||
assert fetched.id == custom_field.id
|
||||
end
|
||||
|
||||
test "user with read_only can read all custom fields", %{actor: actor} do
|
||||
custom_field = create_custom_field(actor)
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
test "user with read_only can read all custom fields", %{actor: _actor} do
|
||||
custom_field = create_custom_field()
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
|
||||
{:ok, fields} = Ash.read(CustomField, actor: user, domain: Mv.Membership)
|
||||
ids = Enum.map(fields, & &1.id)
|
||||
|
|
@ -90,9 +53,9 @@ defmodule Mv.Membership.CustomFieldPoliciesTest do
|
|||
assert fetched.id == custom_field.id
|
||||
end
|
||||
|
||||
test "user with normal_user can read all custom fields", %{actor: actor} do
|
||||
custom_field = create_custom_field(actor)
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
test "user with normal_user can read all custom fields", %{actor: _actor} do
|
||||
custom_field = create_custom_field()
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
|
||||
{:ok, fields} = Ash.read(CustomField, actor: user, domain: Mv.Membership)
|
||||
ids = Enum.map(fields, & &1.id)
|
||||
|
|
@ -102,9 +65,9 @@ defmodule Mv.Membership.CustomFieldPoliciesTest do
|
|||
assert fetched.id == custom_field.id
|
||||
end
|
||||
|
||||
test "user with admin can read all custom fields", %{actor: actor} do
|
||||
custom_field = create_custom_field(actor)
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
test "user with admin can read all custom fields", %{actor: _actor} do
|
||||
custom_field = create_custom_field()
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, fields} = Ash.read(CustomField, actor: user, domain: Mv.Membership)
|
||||
ids = Enum.map(fields, & &1.id)
|
||||
|
|
@ -116,9 +79,9 @@ defmodule Mv.Membership.CustomFieldPoliciesTest do
|
|||
end
|
||||
|
||||
describe "write access - non-admin cannot create/update/destroy" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
custom_field = create_custom_field(actor)
|
||||
setup %{actor: _actor} do
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
custom_field = create_custom_field()
|
||||
%{user: user, custom_field: custom_field}
|
||||
end
|
||||
|
||||
|
|
@ -152,9 +115,9 @@ defmodule Mv.Membership.CustomFieldPoliciesTest do
|
|||
end
|
||||
|
||||
describe "write access - admin can create/update/destroy" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
custom_field = create_custom_field(actor)
|
||||
setup %{actor: _actor} do
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
custom_field = create_custom_field()
|
||||
%{user: user, custom_field: custom_field}
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
|
||||
alias Mv.Membership.{CustomField, CustomFieldValue}
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
require Ash.Query
|
||||
|
||||
|
|
@ -20,47 +19,9 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
# Helper to create a role with a specific permission set
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
defp create_linked_member_for_user(user, _actor) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
# Helper to create a user with a specific permission set
|
||||
# Returns user with role preloaded (required for authorization)
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_linked_member_for_user(user, actor) do
|
||||
{:ok, member} =
|
||||
Mv.Membership.create_member(
|
||||
%{
|
||||
|
|
@ -68,18 +29,20 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
last_name: "Member",
|
||||
email: "linked#{System.unique_integer([:positive])}@example.com"
|
||||
},
|
||||
actor: actor
|
||||
actor: admin
|
||||
)
|
||||
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.force_change_attribute(:member_id, member.id)
|
||||
|> Ash.update(actor: actor, domain: Mv.Accounts, return_notifications?: false)
|
||||
|> Ash.update(actor: admin, domain: Mv.Accounts, return_notifications?: false)
|
||||
|
||||
member
|
||||
end
|
||||
|
||||
defp create_unlinked_member(actor) do
|
||||
defp create_unlinked_member(_actor) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, member} =
|
||||
Mv.Membership.create_member(
|
||||
%{
|
||||
|
|
@ -87,25 +50,29 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
last_name: "Member",
|
||||
email: "unlinked#{System.unique_integer([:positive])}@example.com"
|
||||
},
|
||||
actor: actor
|
||||
actor: admin
|
||||
)
|
||||
|
||||
member
|
||||
end
|
||||
|
||||
defp create_custom_field(actor) do
|
||||
defp create_custom_field do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, field} =
|
||||
CustomField
|
||||
|> Ash.Changeset.for_create(:create, %{
|
||||
name: "test_field_#{System.unique_integer([:positive])}",
|
||||
value_type: :string
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|> Ash.create(actor: admin, domain: Mv.Membership)
|
||||
|
||||
field
|
||||
end
|
||||
|
||||
defp create_custom_field_value(member_id, custom_field_id, value, actor) do
|
||||
defp create_custom_field_value(member_id, custom_field_id, value) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, cfv} =
|
||||
CustomFieldValue
|
||||
|> Ash.Changeset.for_create(:create, %{
|
||||
|
|
@ -113,22 +80,22 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
custom_field_id: custom_field_id,
|
||||
value: %{"_union_type" => "string", "_union_value" => value}
|
||||
})
|
||||
|> Ash.create(actor: actor, domain: Mv.Membership)
|
||||
|> Ash.create(actor: admin, domain: Mv.Membership)
|
||||
|
||||
cfv
|
||||
end
|
||||
|
||||
describe "own_data permission set (Mitglied)" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
custom_field = create_custom_field(actor)
|
||||
custom_field = create_custom_field()
|
||||
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked", actor)
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked")
|
||||
|
||||
cfv_unlinked =
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked", actor)
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked")
|
||||
|
||||
{:ok, user} =
|
||||
Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role], actor: actor)
|
||||
|
|
@ -177,10 +144,10 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
test "can create custom field value for linked member", %{
|
||||
user: user,
|
||||
linked_member: linked_member,
|
||||
actor: actor
|
||||
actor: _actor
|
||||
} do
|
||||
# Create a second custom field via admin (own_data cannot create CustomField)
|
||||
custom_field2 = create_custom_field(actor)
|
||||
custom_field2 = create_custom_field()
|
||||
|
||||
{:ok, cfv} =
|
||||
CustomFieldValue
|
||||
|
|
@ -257,15 +224,15 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
|
||||
describe "read_only permission set (Vorstand/Buchhaltung)" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
custom_field = create_custom_field(actor)
|
||||
custom_field = create_custom_field()
|
||||
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked", actor)
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked")
|
||||
|
||||
cfv_unlinked =
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked", actor)
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked")
|
||||
|
||||
{:ok, user} =
|
||||
Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role], actor: actor)
|
||||
|
|
@ -340,15 +307,15 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
|
||||
describe "normal_user permission set (Kassenwart)" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
custom_field = create_custom_field(actor)
|
||||
custom_field = create_custom_field()
|
||||
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked", actor)
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked")
|
||||
|
||||
cfv_unlinked =
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked", actor)
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked")
|
||||
|
||||
{:ok, user} =
|
||||
Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role], actor: actor)
|
||||
|
|
@ -379,10 +346,10 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
test "can create custom field value", %{
|
||||
user: user,
|
||||
unlinked_member: unlinked_member,
|
||||
actor: actor
|
||||
actor: _actor
|
||||
} do
|
||||
# normal_user cannot create CustomField; use actor (admin) to create it
|
||||
custom_field = create_custom_field(actor)
|
||||
custom_field = create_custom_field()
|
||||
|
||||
{:ok, cfv} =
|
||||
CustomFieldValue
|
||||
|
|
@ -421,15 +388,15 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
|
||||
describe "admin permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
custom_field = create_custom_field(actor)
|
||||
custom_field = create_custom_field()
|
||||
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked", actor)
|
||||
cfv_linked = create_custom_field_value(linked_member.id, custom_field.id, "linked")
|
||||
|
||||
cfv_unlinked =
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked", actor)
|
||||
create_custom_field_value(unlinked_member.id, custom_field.id, "unlinked")
|
||||
|
||||
{:ok, user} =
|
||||
Ash.get(Accounts.User, user.id, domain: Mv.Accounts, load: [:role], actor: actor)
|
||||
|
|
@ -457,7 +424,7 @@ defmodule Mv.Membership.CustomFieldValuePoliciesTest do
|
|||
end
|
||||
|
||||
test "can create custom field value", %{user: user, unlinked_member: unlinked_member} do
|
||||
custom_field = create_custom_field(user)
|
||||
custom_field = create_custom_field()
|
||||
|
||||
{:ok, cfv} =
|
||||
CustomFieldValue
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ defmodule Mv.Membership.GroupPoliciesTest do
|
|||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.Membership
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
require Ash.Query
|
||||
|
||||
|
|
@ -18,49 +16,8 @@ defmodule Mv.Membership.GroupPoliciesTest do
|
|||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
defp create_group_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_group_fixture do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, group} =
|
||||
Membership.create_group(
|
||||
|
|
@ -72,9 +29,9 @@ defmodule Mv.Membership.GroupPoliciesTest do
|
|||
end
|
||||
|
||||
describe "own_data permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
group = create_group_fixture(actor)
|
||||
setup %{actor: _actor} do
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
group = create_group_fixture()
|
||||
%{user: user, group: group}
|
||||
end
|
||||
|
||||
|
|
@ -90,9 +47,9 @@ defmodule Mv.Membership.GroupPoliciesTest do
|
|||
end
|
||||
|
||||
describe "read_only permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
group = create_group_fixture(actor)
|
||||
setup %{actor: _actor} do
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
group = create_group_fixture()
|
||||
%{user: user, group: group}
|
||||
end
|
||||
|
||||
|
|
@ -108,9 +65,9 @@ defmodule Mv.Membership.GroupPoliciesTest do
|
|||
end
|
||||
|
||||
describe "normal_user permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
group = create_group_fixture(actor)
|
||||
setup %{actor: _actor} do
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
group = create_group_fixture()
|
||||
%{user: user, group: group}
|
||||
end
|
||||
|
||||
|
|
@ -147,9 +104,9 @@ defmodule Mv.Membership.GroupPoliciesTest do
|
|||
end
|
||||
|
||||
describe "admin permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
group = create_group_fixture(actor)
|
||||
setup %{actor: _actor} do
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
group = create_group_fixture()
|
||||
%{user: user, group: group}
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
alias Mv.Helpers.SystemActor
|
||||
alias Mv.Membership
|
||||
|
||||
|
|
@ -17,49 +16,8 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
defp create_linked_member_for_user(user, actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_linked_member_for_user(user, _actor) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
|
|
@ -79,8 +37,8 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
member
|
||||
end
|
||||
|
||||
defp create_unlinked_member(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_unlinked_member(_actor) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
|
|
@ -97,7 +55,7 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
|
||||
describe "unlinked member" do
|
||||
test "normal_user can update email of unlinked member", %{actor: actor} do
|
||||
normal_user = create_user_with_permission_set("normal_user", actor)
|
||||
normal_user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
new_email = "new#{System.unique_integer([:positive])}@example.com"
|
||||
|
|
@ -109,7 +67,7 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
end
|
||||
|
||||
test "validation does not block when member has no linked user", %{actor: actor} do
|
||||
normal_user = create_user_with_permission_set("normal_user", actor)
|
||||
normal_user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
new_email = "other#{System.unique_integer([:positive])}@example.com"
|
||||
|
|
@ -121,10 +79,10 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
|
||||
describe "linked member – another user's member" do
|
||||
test "normal_user cannot update email of another user's linked member", %{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
user_a = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
|
||||
normal_user_b = create_user_with_permission_set("normal_user", actor)
|
||||
normal_user_b = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
new_email = "other#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
assert {:error, %Ash.Error.Invalid{} = error} =
|
||||
|
|
@ -135,9 +93,9 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
end
|
||||
|
||||
test "admin can update email of linked member", %{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
user_a = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
admin = create_admin_user(actor)
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
new_email = "admin_changed#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
|
|
@ -150,7 +108,7 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
|
||||
describe "linked member – own member" do
|
||||
test "own_data user can update email of their own linked member", %{actor: actor} do
|
||||
own_data_user = create_user_with_permission_set("own_data", actor)
|
||||
own_data_user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(own_data_user, actor)
|
||||
|
||||
{:ok, own_data_user} =
|
||||
|
|
@ -168,7 +126,7 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
end
|
||||
|
||||
test "normal_user with linked member can update email of that same member", %{actor: actor} do
|
||||
normal_user = create_user_with_permission_set("normal_user", actor)
|
||||
normal_user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
linked_member = create_linked_member_for_user(normal_user, actor)
|
||||
|
||||
{:ok, normal_user} =
|
||||
|
|
@ -188,9 +146,9 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
describe "no-op / other fields" do
|
||||
test "updating only other attributes on linked member as normal_user does not trigger validation error",
|
||||
%{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
user_a = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
normal_user_b = create_user_with_permission_set("normal_user", actor)
|
||||
normal_user_b = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
|
||||
assert {:ok, updated} =
|
||||
Membership.update_member(linked_member, %{first_name: "UpdatedName"},
|
||||
|
|
@ -202,9 +160,9 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
end
|
||||
|
||||
test "updating email of linked member as admin succeeds", %{actor: actor} do
|
||||
user_a = create_user_with_permission_set("own_data", actor)
|
||||
user_a = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user_a, actor)
|
||||
admin = create_admin_user(actor)
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
new_email = "admin_ok#{System.unique_integer([:positive])}@example.com"
|
||||
|
||||
|
|
@ -217,7 +175,7 @@ defmodule Mv.Membership.MemberEmailValidationTest do
|
|||
|
||||
describe "read_only" do
|
||||
test "read_only cannot update any member (policy rejects before validation)", %{actor: actor} do
|
||||
read_only_user = create_user_with_permission_set("read_only", actor)
|
||||
read_only_user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
linked_member = create_linked_member_for_user(read_only_user, actor)
|
||||
|
||||
{:ok, read_only_user} =
|
||||
|
|
|
|||
|
|
@ -9,8 +9,6 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.Membership
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
require Ash.Query
|
||||
|
||||
|
|
@ -19,77 +17,16 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
defp create_member_fixture do
|
||||
Mv.Fixtures.member_fixture()
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
defp create_group_fixture do
|
||||
Mv.Fixtures.group_fixture()
|
||||
end
|
||||
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
defp create_member_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
%{
|
||||
first_name: "Test",
|
||||
last_name: "Member",
|
||||
email: "test#{System.unique_integer([:positive])}@example.com"
|
||||
},
|
||||
actor: admin
|
||||
)
|
||||
|
||||
member
|
||||
end
|
||||
|
||||
defp create_group_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
|
||||
{:ok, group} =
|
||||
Membership.create_group(
|
||||
%{name: "Test Group #{System.unique_integer([:positive])}", description: "Test"},
|
||||
actor: admin
|
||||
)
|
||||
|
||||
group
|
||||
end
|
||||
|
||||
defp create_member_group_fixture(member_id, group_id, actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_member_group_fixture(member_id, group_id) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, member_group} =
|
||||
Membership.create_member_group(%{member_id: member_id, group_id: group_id}, actor: admin)
|
||||
|
|
@ -99,11 +36,11 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
|
||||
describe "own_data permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
# Link user to member so actor.member_id is set
|
||||
admin = create_admin_user(actor)
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
user =
|
||||
user
|
||||
|
|
@ -112,11 +49,11 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
|> Ash.update(actor: admin)
|
||||
|
||||
{:ok, user} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
mg_linked = create_member_group_fixture(member.id, group.id, actor)
|
||||
mg_linked = create_member_group_fixture(member.id, group.id)
|
||||
# MemberGroup for another member (not linked to user)
|
||||
other_member = create_member_fixture(actor)
|
||||
other_group = create_group_fixture(actor)
|
||||
mg_other = create_member_group_fixture(other_member.id, other_group.id, actor)
|
||||
other_member = create_member_fixture()
|
||||
other_group = create_group_fixture()
|
||||
mg_other = create_member_group_fixture(other_member.id, other_group.id)
|
||||
%{user: user, member: member, group: group, mg_linked: mg_linked, mg_other: mg_other}
|
||||
end
|
||||
|
||||
|
|
@ -144,10 +81,10 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
refute mg_other.id in ids
|
||||
end
|
||||
|
||||
test "cannot create member_group (returns forbidden)", %{user: user, actor: actor} do
|
||||
test "cannot create member_group (returns forbidden)", %{user: user, actor: _actor} do
|
||||
# Use fresh member/group so we assert on Forbidden, not on duplicate validation
|
||||
other_member = create_member_fixture(actor)
|
||||
other_group = create_group_fixture(actor)
|
||||
other_member = create_member_fixture()
|
||||
other_group = create_group_fixture()
|
||||
|
||||
assert {:error, %Ash.Error.Forbidden{}} =
|
||||
Membership.create_member_group(
|
||||
|
|
@ -164,10 +101,10 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
|
||||
describe "read_only permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
mg = create_member_group_fixture(member.id, group.id, actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
mg = create_member_group_fixture(member.id, group.id)
|
||||
%{actor: actor, user: user, member: member, group: group, mg: mg}
|
||||
end
|
||||
|
||||
|
|
@ -180,9 +117,9 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
assert mg.id in ids
|
||||
end
|
||||
|
||||
test "cannot create member_group (returns forbidden)", %{user: user, actor: actor} do
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
test "cannot create member_group (returns forbidden)", %{user: user, actor: _actor} do
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
|
||||
assert {:error, %Ash.Error.Forbidden{}} =
|
||||
Membership.create_member_group(%{member_id: member.id, group_id: group.id},
|
||||
|
|
@ -198,10 +135,10 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
|
||||
describe "normal_user permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
mg = create_member_group_fixture(member.id, group.id, actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
mg = create_member_group_fixture(member.id, group.id)
|
||||
%{actor: actor, user: user, member: member, group: group, mg: mg}
|
||||
end
|
||||
|
||||
|
|
@ -214,9 +151,9 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
assert mg.id in ids
|
||||
end
|
||||
|
||||
test "can create member_group", %{user: user, actor: actor} do
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
test "can create member_group", %{user: user, actor: _actor} do
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
|
||||
assert {:ok, _mg} =
|
||||
Membership.create_member_group(%{member_id: member.id, group_id: group.id},
|
||||
|
|
@ -231,10 +168,10 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
|
||||
describe "admin permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
mg = create_member_group_fixture(member.id, group.id, actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
mg = create_member_group_fixture(member.id, group.id)
|
||||
%{actor: actor, user: user, member: member, group: group, mg: mg}
|
||||
end
|
||||
|
||||
|
|
@ -247,9 +184,9 @@ defmodule Mv.Membership.MemberGroupPoliciesTest do
|
|||
assert mg.id in ids
|
||||
end
|
||||
|
||||
test "can create member_group", %{user: user, actor: actor} do
|
||||
member = create_member_fixture(actor)
|
||||
group = create_group_fixture(actor)
|
||||
test "can create member_group", %{user: user, actor: _actor} do
|
||||
member = create_member_fixture()
|
||||
group = create_group_fixture()
|
||||
|
||||
assert {:ok, _mg} =
|
||||
Membership.create_member_group(%{member_id: member.id, group_id: group.id},
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
|
||||
alias Mv.Membership
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
require Ash.Query
|
||||
|
||||
|
|
@ -21,58 +20,9 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
# Helper to create a role with a specific permission set
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
# Helper to create a user with a specific permission set
|
||||
# Returns user with role preloaded (required for authorization)
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
# Create role with permission set
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
# Create user
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
# Assign role to user
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
# Reload user with role preloaded (critical for authorization!)
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
# Helper to create an admin user (for creating test fixtures)
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
# Helper to create a member linked to a user
|
||||
defp create_linked_member_for_user(user, actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_linked_member_for_user(user, _actor) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
# Create member
|
||||
# NOTE: We need to ensure the member is actually persisted to the database
|
||||
|
|
@ -105,8 +55,8 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
end
|
||||
|
||||
# Helper to create an unlinked member (no user relationship)
|
||||
defp create_unlinked_member(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_unlinked_member(_actor) do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
|
|
@ -123,7 +73,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
|
||||
describe "own_data permission set (Mitglied)" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
|
|
@ -207,7 +157,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
|
||||
describe "read_only permission set (Vorstand/Buchhaltung)" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
|
|
@ -273,7 +223,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
|
||||
describe "normal_user permission set (Kassenwart)" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
|
|
@ -330,7 +280,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
|
||||
describe "admin permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
unlinked_member = create_unlinked_member(actor)
|
||||
|
||||
|
|
@ -397,7 +347,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
# read_only has Member.read scope :all, but the special case ensures
|
||||
# users can ALWAYS read their linked member, even if they had no read permission.
|
||||
# This test verifies the special case works independently of permission sets.
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
|
||||
# Reload user to get updated member_id
|
||||
|
|
@ -416,7 +366,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
test "own_data user can read linked member (via special case bypass)", %{actor: actor} do
|
||||
# own_data has Member.read scope :linked, but the special case ensures
|
||||
# users can ALWAYS read their linked member regardless of permission set.
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
|
||||
# Reload user to get updated member_id
|
||||
|
|
@ -437,7 +387,7 @@ defmodule Mv.Membership.MemberPoliciesTest do
|
|||
} do
|
||||
# Update is NOT handled by special case - it's handled by HasPermission
|
||||
# with :linked scope. own_data has Member.update scope :linked.
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
linked_member = create_linked_member_for_user(user, actor)
|
||||
|
||||
# Reload user to get updated member_id
|
||||
|
|
|
|||
|
|
@ -10,57 +10,14 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
|
||||
alias Mv.MembershipFees
|
||||
alias Mv.Membership
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
setup do
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
defp create_member_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_member_fixture do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, member} =
|
||||
Membership.create_member(
|
||||
|
|
@ -75,8 +32,8 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
member
|
||||
end
|
||||
|
||||
defp create_fee_type_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_fee_type_fixture do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, fee_type} =
|
||||
MembershipFees.create_membership_fee_type(
|
||||
|
|
@ -92,10 +49,10 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
fee_type
|
||||
end
|
||||
|
||||
defp create_cycle_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
member = create_member_fixture(actor)
|
||||
fee_type = create_fee_type_fixture(actor)
|
||||
defp create_cycle_fixture do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
member = create_member_fixture()
|
||||
fee_type = create_fee_type_fixture()
|
||||
|
||||
{:ok, cycle} =
|
||||
MembershipFees.create_membership_fee_cycle(
|
||||
|
|
@ -114,8 +71,8 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
|
||||
describe "read_only permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
cycle = create_cycle_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
cycle = create_cycle_fixture()
|
||||
%{actor: actor, user: user, cycle: cycle}
|
||||
end
|
||||
|
||||
|
|
@ -139,9 +96,9 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
|> Ash.update(actor: user, domain: Mv.MembershipFees)
|
||||
end
|
||||
|
||||
test "cannot create cycle (returns forbidden)", %{user: user, actor: actor} do
|
||||
member = create_member_fixture(actor)
|
||||
fee_type = create_fee_type_fixture(actor)
|
||||
test "cannot create cycle (returns forbidden)", %{user: user, actor: _actor} do
|
||||
member = create_member_fixture()
|
||||
fee_type = create_fee_type_fixture()
|
||||
|
||||
assert {:error, %Ash.Error.Forbidden{}} =
|
||||
MembershipFees.create_membership_fee_cycle(
|
||||
|
|
@ -164,8 +121,8 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
|
||||
describe "normal_user permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
cycle = create_cycle_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
cycle = create_cycle_fixture()
|
||||
%{actor: actor, user: user, cycle: cycle}
|
||||
end
|
||||
|
||||
|
|
@ -193,9 +150,9 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
assert updated.status == :paid
|
||||
end
|
||||
|
||||
test "can create cycle", %{user: user, actor: actor} do
|
||||
member = create_member_fixture(actor)
|
||||
fee_type = create_fee_type_fixture(actor)
|
||||
test "can create cycle", %{user: user, actor: _actor} do
|
||||
member = create_member_fixture()
|
||||
fee_type = create_fee_type_fixture()
|
||||
|
||||
assert {:ok, created} =
|
||||
MembershipFees.create_membership_fee_cycle(
|
||||
|
|
@ -219,8 +176,8 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
|
||||
describe "admin permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
cycle = create_cycle_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
cycle = create_cycle_fixture()
|
||||
%{actor: actor, user: user, cycle: cycle}
|
||||
end
|
||||
|
||||
|
|
@ -253,9 +210,9 @@ defmodule Mv.MembershipFees.MembershipFeeCyclePoliciesTest do
|
|||
assert updated.status == :paid
|
||||
end
|
||||
|
||||
test "can create cycle", %{user: user, actor: actor} do
|
||||
member = create_member_fixture(actor)
|
||||
fee_type = create_fee_type_fixture(actor)
|
||||
test "can create cycle", %{user: user, actor: _actor} do
|
||||
member = create_member_fixture()
|
||||
fee_type = create_fee_type_fixture()
|
||||
|
||||
assert {:ok, created} =
|
||||
MembershipFees.create_membership_fee_cycle(
|
||||
|
|
|
|||
|
|
@ -8,57 +8,14 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.MembershipFees
|
||||
alias Mv.Accounts
|
||||
alias Mv.Authorization
|
||||
|
||||
setup do
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
%{actor: system_actor}
|
||||
end
|
||||
|
||||
defp create_role_with_permission_set(permission_set_name, actor) do
|
||||
role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}"
|
||||
|
||||
case Authorization.create_role(
|
||||
%{
|
||||
name: role_name,
|
||||
description: "Test role for #{permission_set_name}",
|
||||
permission_set_name: permission_set_name
|
||||
},
|
||||
actor: actor
|
||||
) do
|
||||
{:ok, role} -> role
|
||||
{:error, error} -> raise "Failed to create role: #{inspect(error)}"
|
||||
end
|
||||
end
|
||||
|
||||
defp create_user_with_permission_set(permission_set_name, actor) do
|
||||
role = create_role_with_permission_set(permission_set_name, actor)
|
||||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_password, %{
|
||||
email: "user#{System.unique_integer([:positive])}@example.com",
|
||||
password: "testpassword123"
|
||||
})
|
||||
|> Ash.create(actor: actor)
|
||||
|
||||
{:ok, user} =
|
||||
user
|
||||
|> Ash.Changeset.for_update(:update, %{})
|
||||
|> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove)
|
||||
|> Ash.update(actor: actor)
|
||||
|
||||
{:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor)
|
||||
user_with_role
|
||||
end
|
||||
|
||||
defp create_admin_user(actor) do
|
||||
create_user_with_permission_set("admin", actor)
|
||||
end
|
||||
|
||||
defp create_membership_fee_type_fixture(actor) do
|
||||
admin = create_admin_user(actor)
|
||||
defp create_membership_fee_type_fixture do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, fee_type} =
|
||||
MembershipFees.create_membership_fee_type(
|
||||
|
|
@ -76,8 +33,8 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
|
||||
describe "own_data permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("own_data", actor)
|
||||
fee_type = create_membership_fee_type_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("own_data")
|
||||
fee_type = create_membership_fee_type_fixture()
|
||||
%{actor: actor, user: user, fee_type: fee_type}
|
||||
end
|
||||
|
||||
|
|
@ -121,9 +78,9 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
)
|
||||
end
|
||||
|
||||
test "cannot destroy membership_fee_type (returns forbidden)", %{user: user, actor: actor} do
|
||||
test "cannot destroy membership_fee_type (returns forbidden)", %{user: user, actor: _actor} do
|
||||
# Use a fee type with no members/cycles so destroy would succeed if authorized
|
||||
admin = create_admin_user(actor)
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, isolated} =
|
||||
MembershipFees.create_membership_fee_type(
|
||||
|
|
@ -142,8 +99,8 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
|
||||
describe "read_only permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("read_only", actor)
|
||||
fee_type = create_membership_fee_type_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("read_only")
|
||||
fee_type = create_membership_fee_type_fixture()
|
||||
%{actor: actor, user: user, fee_type: fee_type}
|
||||
end
|
||||
|
||||
|
|
@ -177,8 +134,8 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
)
|
||||
end
|
||||
|
||||
test "cannot destroy membership_fee_type (returns forbidden)", %{user: user, actor: actor} do
|
||||
admin = create_admin_user(actor)
|
||||
test "cannot destroy membership_fee_type (returns forbidden)", %{user: user, actor: _actor} do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, isolated} =
|
||||
MembershipFees.create_membership_fee_type(
|
||||
|
|
@ -197,8 +154,8 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
|
||||
describe "normal_user permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("normal_user", actor)
|
||||
fee_type = create_membership_fee_type_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("normal_user")
|
||||
fee_type = create_membership_fee_type_fixture()
|
||||
%{actor: actor, user: user, fee_type: fee_type}
|
||||
end
|
||||
|
||||
|
|
@ -232,8 +189,8 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
)
|
||||
end
|
||||
|
||||
test "cannot destroy membership_fee_type (returns forbidden)", %{user: user, actor: actor} do
|
||||
admin = create_admin_user(actor)
|
||||
test "cannot destroy membership_fee_type (returns forbidden)", %{user: user, actor: _actor} do
|
||||
admin = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
|
||||
{:ok, isolated} =
|
||||
MembershipFees.create_membership_fee_type(
|
||||
|
|
@ -252,8 +209,8 @@ defmodule Mv.MembershipFees.MembershipFeeTypePoliciesTest do
|
|||
|
||||
describe "admin permission set" do
|
||||
setup %{actor: actor} do
|
||||
user = create_user_with_permission_set("admin", actor)
|
||||
fee_type = create_membership_fee_type_fixture(actor)
|
||||
user = Mv.Fixtures.user_with_role_fixture("admin")
|
||||
fee_type = create_membership_fee_type_fixture()
|
||||
%{actor: actor, user: user, fee_type: fee_type}
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ defmodule MvWeb.ProfileNavigationTest do
|
|||
end
|
||||
|
||||
@tag :skip
|
||||
# credo:disable-for-next-line Credo.Check.Design.TagTODO
|
||||
# TODO: Implement user initials in navbar avatar - see issue #170
|
||||
test "shows user initials in avatar", %{conn: conn} do
|
||||
# Setup: Create and login a user
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue