feat: email uniqueness constraint between user and member

lib/accounts/user.ex

@@ -66,14 +66,17 @@ defmodule Mv.Accounts.User do
   end
 
   actions do
-    # Default actions kept for framework/tooling integration:
-    # - :create -> Used by AshAdmin's generated "Create" UI and by generic
-    #              AshPhoenix helpers that assume a default create action.
-    #              It does NOT manage the :member relationship. For admin
-    #              flows that may link an existing member, use :create_user.
+    # Default actions for framework/tooling integration:
     # - :read   -> Standard read used across the app and by admin tooling.
     # - :destroy-> Standard delete used by admin tooling and maintenance tasks.
-    defaults [:read, :create, :destroy]
+    # 
+    # NOTE: :create is INTENTIONALLY excluded from defaults!
+    #       Using a default :create would bypass email-synchronization logic.
+    #       Always use one of these explicit create actions instead:
+    #       - :create_user (for manual user creation with optional member link)
+    #       - :register_with_password (for password-based registration)
+    #       - :register_with_rauthy (for OIDC-based registration)
+    defaults [:read, :destroy]
 
     # Primary generic update action:
     # - Selected by AshAdmin's generated "Edit" UI and generic AshPhoenix
@@ -209,6 +212,10 @@ defmodule Mv.Accounts.User do
       where: [action_is([:register_with_password, :admin_set_password])],
       message: "must have length of at least 8"
 
+    # Email uniqueness check for all actions that change the email attribute
+    # Validates that user email is not already used by another (unlinked) member
+    validate Mv.Accounts.User.Validations.EmailNotUsedByOtherMember
+
     # Email validation with EctoCommons.EmailValidator (same as Member)
     # This ensures consistency between User and Member email validation
     validate fn changeset, _ ->

lib/membership/member.ex

@@ -108,6 +108,10 @@ defmodule Mv.Membership.Member do
     validate present(:last_name)
     validate present(:email)
 
+    # Email uniqueness check for all actions that change the email attribute
+    # Validates that member email is not already used by another (unlinked) user
+    validate Mv.Membership.Member.Validations.EmailNotUsedByOtherUser
+
     # Prevent linking to a user that already has a member
     # This validation prevents "stealing" users from other members by checking
     # if the target user is already linked to a different member

lib/mv/accounts/user/validations/email_not_used_by_other_member.ex

@@ -0,0 +1,52 @@
+defmodule Mv.Accounts.User.Validations.EmailNotUsedByOtherMember do
+  @moduledoc """
+  Validates that the user's email is not already used by another member
+  (unless that member is linked to this user).
+
+  This prevents email conflicts when syncing between users and members.
+  """
+  use Ash.Resource.Validation
+
+  @impl true
+  def validate(changeset, _opts, _context) do
+    case Ash.Changeset.fetch_change(changeset, :email) do
+      {:ok, new_email} ->
+        check_email_not_used_by_other_member(changeset, new_email)
+
+      :error ->
+        # Email not being changed
+        :ok
+    end
+  end
+
+  defp check_email_not_used_by_other_member(changeset, new_email) do
+    member_id = Ash.Changeset.get_attribute(changeset, :member_id)
+
+    # Check if any member has this email
+    # Exclude the member linked to this user (if any)
+    query =
+      Mv.Membership.Member
+      |> Ash.Query.filter(email == ^to_string(new_email))
+      |> then(fn q ->
+        if member_id do
+          Ash.Query.filter(q, id != ^member_id)
+        else
+          q
+        end
+      end)
+
+    case Ash.read(query) do
+      {:ok, []} ->
+        # No conflicting member found
+        :ok
+
+      {:ok, members} when is_list(members) and length(members) > 0 ->
+        # Email is already used by another member
+        {:error, field: :email, message: "is already used by another member", value: new_email}
+
+      {:error, _} ->
+        # Error reading members - be safe and allow
+        :ok
+    end
+  end
+end

lib/mv/membership/member/validations/email_not_used_by_other_user.ex

@@ -0,0 +1,59 @@
+defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do
+  @moduledoc """
+  Validates that the member's email is not already used by another user
+  (unless that user is linked to this member).
+
+  This prevents email conflicts when syncing between users and members.
+  """
+  use Ash.Resource.Validation
+
+  @impl true
+  def validate(changeset, _opts, _context) do
+    case Ash.Changeset.fetch_change(changeset, :email) do
+      {:ok, new_email} ->
+        check_email_not_used_by_other_user(changeset, new_email)
+
+      :error ->
+        # Email not being changed
+        :ok
+    end
+  end
+
+  defp check_email_not_used_by_other_user(changeset, new_email) do
+    # Load the user relationship to check if this member is linked to a user
+    member_with_user =
+      case Ash.load(changeset.data, :user) do
+        {:ok, loaded} -> loaded
+        {:error, _} -> changeset.data
+      end
+
+    linked_user_id = if member_with_user.user, do: member_with_user.user.id, else: nil
+
+    # Check if any user has this email (case-insensitive)
+    # Exclude the user linked to this member (if any)
+    query =
+      Mv.Accounts.User
+      |> Ash.Query.filter(email == ^new_email)
+      |> then(fn q ->
+        if linked_user_id do
+          Ash.Query.filter(q, id != ^linked_user_id)
+        else
+          q
+        end
+      end)
+
+    case Ash.read(query) do
+      {:ok, []} ->
+        # No conflicting user found
+        :ok
+
+      {:ok, users} when is_list(users) and length(users) > 0 ->
+        # Email is already used by another user
+        {:error, field: :email, message: "is already used by another user", value: new_email}
+
+      {:error, _} ->
+        # Error reading users - be safe and allow
+        :ok
+    end
+  end
+end