local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Fix HasPermission check to handle nil member_id gracefully

Browse source
This commit is contained in:
Moritz 2026-01-24 19:13:07 +01:00
parent 403eda3908
commit 5c0786ebca
Signed by: moritz
GPG key ID: 1020A035E5DD0824
1 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
lib/mv/authorization/checks/has_permission.ex
View file

@ -348,12 +348,22 @@ defmodule Mv.Authorization.Checks.HasPermission do
"Member" -> "Member" ->
# User.member_id → Member.id (inverse relationship) # User.member_id → Member.id (inverse relationship)
# Filter: member.id == actor.member_id # Filter: member.id == actor.member_id
{:filter, expr(id == ^actor.member_id)} # If actor has no member_id, return no results (use false or impossible condition)
if is_nil(actor.member_id) do
{:filter, expr(false)}
else
{:filter, expr(id == ^actor.member_id)}
end
"CustomFieldValue" -> "CustomFieldValue" ->
# CustomFieldValue.member_id → Member.id → User.member_id # CustomFieldValue.member_id → Member.id → User.member_id
# Filter: custom_field_value.member_id == actor.member_id # Filter: custom_field_value.member_id == actor.member_id
{:filter, expr(member_id == ^actor.member_id)} # If actor has no member_id, return no results
if is_nil(actor.member_id) do
{:filter, expr(false)}
else
{:filter, expr(member_id == ^actor.member_id)}
end
_ -> _ ->
# Fallback for other resources # Fallback for other resources