Integrate AssignDefaultRole change into user creation actions
This commit is contained in:
parent
4b10fd2702
commit
0dbbc96353
GPG key ID:
1020A035E5DD0824
1 changed files with 16 additions and 0 deletions
|
|
@ -67,6 +67,13 @@ defmodule Mv.Accounts.User do
|
||||||
identity_field :email
|
identity_field :email
|
||||||
hash_provider AshAuthentication.BcryptProvider
|
hash_provider AshAuthentication.BcryptProvider
|
||||||
confirmation_required? false
|
confirmation_required? false
|
||||||
|
|
||||||
|
# NOTE: The auto-generated :register_with_password action does NOT assign a default role.
|
||||||
|
# This is intentional because:
|
||||||
|
# - In production, users are created via OIDC (:register_with_rauthy), which DOES assign roles
|
||||||
|
# - Manual user creation via :create_user DOES assign roles
|
||||||
|
# - Tests that need a role can use :create_user or manually assign via fixtures
|
||||||
|
# - The migration ensures existing users without roles get the "Mitglied" role
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -115,6 +122,9 @@ defmodule Mv.Accounts.User do
|
||||||
argument :member, :map, allow_nil?: true
|
argument :member, :map, allow_nil?: true
|
||||||
upsert? true
|
upsert? true
|
||||||
|
|
||||||
|
# Assign default "Mitglied" role to new users
|
||||||
|
change Mv.Accounts.User.Changes.AssignDefaultRole
|
||||||
|
|
||||||
# Manage the member relationship during user creation
|
# Manage the member relationship during user creation
|
||||||
change manage_relationship(:member, :member,
|
change manage_relationship(:member, :member,
|
||||||
# Look up existing member and relate to it
|
# Look up existing member and relate to it
|
||||||
|
|
@ -239,6 +249,8 @@ defmodule Mv.Accounts.User do
|
||||||
upsert? true
|
upsert? true
|
||||||
# Upsert based on oidc_id (primary match for existing OIDC users)
|
# Upsert based on oidc_id (primary match for existing OIDC users)
|
||||||
upsert_identity :unique_oidc_id
|
upsert_identity :unique_oidc_id
|
||||||
|
# On upsert, only update email - preserve existing role_id
|
||||||
|
upsert_fields [:email]
|
||||||
|
|
||||||
validate &__MODULE__.validate_oidc_id_present/2
|
validate &__MODULE__.validate_oidc_id_present/2
|
||||||
|
|
||||||
|
|
@ -261,6 +273,10 @@ defmodule Mv.Accounts.User do
|
||||||
# - The LinkOidcAccountLive will auto-link passwordless users without password prompt
|
# - The LinkOidcAccountLive will auto-link passwordless users without password prompt
|
||||||
validate Mv.Accounts.User.Validations.OidcEmailCollision
|
validate Mv.Accounts.User.Validations.OidcEmailCollision
|
||||||
|
|
||||||
|
# Assign default "Mitglied" role to new OIDC users
|
||||||
|
# Note: upsert_fields [:email] ensures this doesn't overwrite existing users' roles
|
||||||
|
change Mv.Accounts.User.Changes.AssignDefaultRole
|
||||||
|
|
||||||
# Sync user email to member when linking (User → Member)
|
# Sync user email to member when linking (User → Member)
|
||||||
change Mv.EmailSync.Changes.SyncUserEmailToMember
|
change Mv.EmailSync.Changes.SyncUserEmailToMember
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue