Merge branch 'main' into feat/299_plz

lib/membership/member.ex

@@ -116,6 +116,9 @@ defmodule Mv.Membership.Member do
       # Requires both join_date and membership_fee_type_id to be present
       change Mv.MembershipFees.Changes.SetMembershipFeeStartDate
 
+      # Sync member to Vereinfacht as finance contact (if configured)
+      change Mv.Vereinfacht.Changes.SyncContact
+
       # Trigger cycle generation after member creation
       # Only runs if membership_fee_type_id is set
       # Note: Cycle generation runs asynchronously to not block the action,
@@ -189,6 +192,9 @@ defmodule Mv.Membership.Member do
         where [changing(:membership_fee_type_id)]
       end
 
+      # Sync member to Vereinfacht as finance contact (if configured)
+      change Mv.Vereinfacht.Changes.SyncContact
+
       # Trigger cycle regeneration when membership_fee_type_id changes
       # This deletes future unpaid cycles and regenerates them with the new type/amount
       # Note: Cycle regeneration runs synchronously in the same transaction to ensure atomicity
@@ -242,6 +248,13 @@ defmodule Mv.Membership.Member do
              end)
     end
 
+    # Internal: set vereinfacht_contact_id after syncing with Vereinfacht API.
+    # Not exposed via code interface; used only by Mv.Vereinfacht.Changes.SyncContact.
+    update :set_vereinfacht_contact_id do
+      require_atomic? false
+      accept [:vereinfacht_contact_id]
+    end
+
     # Action to handle fuzzy search on specific fields
     read :search do
       argument :query, :string, allow_nil?: true
@@ -319,6 +332,12 @@ defmodule Mv.Membership.Member do
       authorize_if Mv.Authorization.Checks.HasPermission
     end
 
+    # Internal sync action: only SystemActor may set vereinfacht_contact_id (used by SyncContact change).
+    policy action(:set_vereinfacht_contact_id) do
+      description "Only system actor may set Vereinfacht contact ID"
+      authorize_if Mv.Authorization.Checks.ActorIsSystemUser
+    end
+
     # CREATE/UPDATE: Forbid member–user link unless admin, then check permissions
     # ForbidMemberUserLinkUnlessAdmin: only admins may pass :user (link or unlink via nil/empty).
     # HasPermission: :own_data → update linked; :read_only → no update; :normal_user/admin → update all.
@@ -475,48 +494,97 @@ defmodule Mv.Membership.Member do
       end
     end
 
-    # Validate required custom fields (actor from validation context only; no fallback)
+    # Validate required custom fields (actor from validation context only; no fallback).
+    # Only for create_member/update_member; skip for set_vereinfacht_contact_id (internal sync
+    # only sets vereinfacht_contact_id; custom fields were already validated and saved).
     validate fn changeset, context ->
-      provided_values = provided_custom_field_values(changeset)
-      actor = context.actor
+               provided_values = provided_custom_field_values(changeset)
+               actor = context.actor
 
-      case Mv.Membership.list_required_custom_fields(actor: actor) do
-        {:ok, required_custom_fields} ->
-          missing_fields = missing_required_fields(required_custom_fields, provided_values)
+               case Mv.Membership.list_required_custom_fields(actor: actor) do
+                 {:ok, required_custom_fields} ->
+                   missing_fields =
+                     missing_required_fields(required_custom_fields, provided_values)
 
-          if Enum.empty?(missing_fields) do
-            :ok
-          else
-            build_custom_field_validation_error(missing_fields)
-          end
+                   if Enum.empty?(missing_fields) do
+                     :ok
+                   else
+                     build_custom_field_validation_error(missing_fields)
+                   end
 
-        {:error, %Ash.Error.Forbidden{}} ->
-          Logger.warning(
-            "Required custom fields validation: actor not authorized to read CustomField"
-          )
+                 {:error, %Ash.Error.Forbidden{}} ->
+                   Logger.warning(
+                     "Required custom fields validation: actor not authorized to read CustomField"
+                   )
 
-          {:error,
-           field: :custom_field_values,
-           message:
-             "You are not authorized to perform this action. Please sign in again or contact support."}
+                   {:error,
+                    field: :custom_field_values,
+                    message:
+                      "You are not authorized to perform this action. Please sign in again or contact support."}
 
-        {:error, :missing_actor} ->
-          Logger.warning("Required custom fields validation: no actor in context")
+                 {:error, :missing_actor} ->
+                   Logger.warning("Required custom fields validation: no actor in context")
 
-          {:error,
-           field: :custom_field_values,
-           message:
-             "You are not authorized to perform this action. Please sign in again or contact support."}
+                   {:error,
+                    field: :custom_field_values,
+                    message:
+                      "You are not authorized to perform this action. Please sign in again or contact support."}
 
-        {:error, error} ->
-          Logger.error(
-            "Failed to load custom fields for validation: #{inspect(error)}. Required field validation cannot be performed."
-          )
+                 {:error, error} ->
+                   Logger.error(
+                     "Failed to load custom fields for validation: #{inspect(error)}. Required field validation cannot be performed."
+                   )
 
-          {:error,
-           field: :custom_field_values,
-           message:
-             "Unable to validate required custom fields. Please try again or contact support."}
+                   {:error,
+                    field: :custom_field_values,
+                    message:
+                      "Unable to validate required custom fields. Please try again or contact support."}
+               end
+             end,
+             where: [action_is([:create_member, :update_member])]
+
+    # Validate member fields that are marked as required in settings or by Vereinfacht.
+    # When settings cannot be loaded, we still enforce email + Vereinfacht-required fields.
+    validate fn changeset, _context ->
+      vereinfacht_required? = Mv.Config.vereinfacht_configured?()
+
+      required_fields =
+        case Mv.Membership.get_settings() do
+          {:ok, settings} ->
+            required_config = settings.member_field_required || %{}
+            normalized = VisibilityConfig.normalize(required_config)
+
+            Enum.filter(Mv.Constants.member_fields(), fn field ->
+              field == :email ||
+                (vereinfacht_required? && Mv.Constants.vereinfacht_required_field?(field)) ||
+                Map.get(normalized, field, false)
+            end)
+
+          {:error, reason} ->
+            Logger.warning(
+              "Member required-fields validation: could not load settings (#{inspect(reason)}). " <>
+                "Enforcing only email and Vereinfacht-required fields."
+            )
+
+            Enum.filter(Mv.Constants.member_fields(), fn field ->
+              field == :email ||
+                (vereinfacht_required? && Mv.Constants.vereinfacht_required_field?(field))
+            end)
+        end
+
+      missing =
+        Enum.filter(required_fields, fn field ->
+          value = Ash.Changeset.get_attribute(changeset, field)
+          not member_field_value_present?(field, value)
+        end)
+
+      if Enum.empty?(missing) do
+        :ok
+      else
+        field = hd(missing)
+
+        {:error,
+         field: field, message: Gettext.dgettext(MvWeb.Gettext, "default", "can't be blank")}
       end
     end
   end
@@ -591,6 +659,14 @@ defmodule Mv.Membership.Member do
       public? true
       description "Date from which membership fees should be calculated"
     end
+
+    # Vereinfacht accounting software integration: ID of the finance contact synced via API.
+    # Set by Mv.Vereinfacht.Changes.SyncContact; not accepted in create/update actions.
+    attribute :vereinfacht_contact_id, :string do
+      allow_nil? true
+      public? true
+      description "ID of the finance contact in Vereinfacht (set by sync)"
+    end
   end
 
   relationships do
@@ -1272,17 +1348,24 @@ defmodule Mv.Membership.Member do
     end
   end
 
-  # Extracts custom field values from existing member data (update scenario)
+  # Extracts custom field values from existing member data (update scenario).
+  # Actor must come from context; no system-actor fallback (per guidelines).
+  # When no actor is present we skip the load and return empty map.
   defp extract_existing_values(member_data, changeset) do
-    actor = Map.get(changeset.context, :actor)
-    opts = Helpers.ash_actor_opts(actor)
-
-    case Ash.load(member_data, :custom_field_values, opts) do
-      {:ok, %{custom_field_values: existing_values}} ->
-        Enum.reduce(existing_values, %{}, &extract_value_from_cfv/2)
-
-      _ ->
+    case Map.get(changeset.context, :actor) do
+      nil ->
         %{}
+
+      actor ->
+        opts = Helpers.ash_actor_opts(actor)
+
+        case Ash.load(member_data, :custom_field_values, opts) do
+          {:ok, %{custom_field_values: existing_values}} ->
+            Enum.reduce(existing_values, %{}, &extract_value_from_cfv/2)
+
+          _ ->
+            %{}
+        end
     end
   end
 
@@ -1385,4 +1468,14 @@ defmodule Mv.Membership.Member do
   defp value_present?(_value, :email), do: false
 
   defp value_present?(_value, _type), do: false
+
+  # Used by member-field-required validation (settings-driven required fields)
+  defp member_field_value_present?(_field, nil), do: false
+
+  defp member_field_value_present?(_, value) when is_binary(value),
+    do: String.trim(value) != ""
+
+  defp member_field_value_present?(_, %Date{}), do: true
+  defp member_field_value_present?(_, value) when is_struct(value, Date), do: true
+  defp member_field_value_present?(_, _), do: false
 end