Fix /change-domain page permissions (#5939)

* Add test case

* Fix change domain permissions

* Update changelog

* Add more comprehensive tests for other roles

CHANGELOG.md

@@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
 ### Fixed
 
 - To make internal stats API requests for password-protected shared links, shared link auth cookie must be set in the requests
+- Fix issue with site guests in Editor role and team members in Editor role not being able to change the domain of site
 
 ## v3.1.0 - 2025-11-13
 

lib/plausible_web/live/change_domain.ex

@@ -28,6 +28,7 @@ defmodule PlausibleWeb.Live.ChangeDomain do
     site =
       Plausible.Sites.get_for_user!(socket.assigns.current_user, domain,
         roles: [
+          :editor,
           :owner,
           :admin,
           :super_admin

test/plausible_web/live/change_domain_test.exs

@@ -82,22 +82,38 @@ defmodule PlausibleWeb.Live.ChangeDomainTest do
       assert is_nil(site.domain_changed_from)
     end
 
-    test "successful form submission updates database", %{conn: conn, site: site} do
+    for {role, membership_type} <- [
-      original_domain = site.domain
+          {:editor, :site_guest},
-      new_domain = "new.#{site.domain}"
+          {:editor, :team_member},
-      {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain")
+          {:admin, :team_member},
+          {:owner, :team_member}
+        ] do
+      test "#{Phoenix.Naming.humanize(membership_type)} with role #{role} can submit the form and it changes the record in the database",
+           %{conn: conn, user: user} do
+        site = new_site()
 
-      lv
+        add_site_guest_or_team_member(site,
-      |> element("form")
+          user: user,
-      |> render_submit(%{site: %{domain: new_domain}})
+          role: unquote(role),
+          membership_type: unquote(membership_type)
+        )
 
-      on_ee do
+        original_domain = site.domain
-        render_async(lv, 500)
+        new_domain = "new.#{site.domain}"
+        {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain")
+
+        lv
+        |> element("form")
+        |> render_submit(%{site: %{domain: new_domain}})
+
+        on_ee do
+          render_async(lv, 500)
+        end
+
+        site = Repo.reload!(site)
+        assert site.domain == new_domain
+        assert site.domain_changed_from == original_domain
       end
-
-      site = Repo.reload!(site)
-      assert site.domain == new_domain
-      assert site.domain_changed_from == original_domain
     end
 
     test "successful form submission navigates to success page", %{conn: conn, site: site} do

test/support/teams/test.ex

@@ -112,6 +112,13 @@ defmodule Plausible.Teams.Test do
     end
   end
 
+  def add_site_guest_or_team_member(site, args \\ []) do
+    case Keyword.pop!(args, :membership_type) do
+      {:site_guest, args} -> add_guest(site, args)
+      {:team_member, args} -> add_member(site.team, args)
+    end
+  end
+
   def add_guest(site, args \\ []) do
     user = Keyword.get(args, :user, new_user())
     role = Keyword.fetch!(args, :role)