From 9b0d022767a258b2195764c7a1588a043cd6e686 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 6 Jan 2026 21:55:13 +0100 Subject: [PATCH] fix: add missing /profile page to read_only and normal_user permission sets Both permission sets allow User:update :own, so users should be able to access their profile page. This makes the implementation consistent with the documentation and the logical permission model. --- lib/mv/authorization/permission_sets.ex | 4 ++++ test/mv/authorization/permission_sets_test.exs | 2 ++ 2 files changed, 6 insertions(+) diff --git a/lib/mv/authorization/permission_sets.ex b/lib/mv/authorization/permission_sets.ex index 22b1648..6139f7f 100644 --- a/lib/mv/authorization/permission_sets.ex +++ b/lib/mv/authorization/permission_sets.ex @@ -132,6 +132,8 @@ defmodule Mv.Authorization.PermissionSets do ], pages: [ "/", + # Own profile + "/profile", # Member list "/members", # Member detail @@ -166,6 +168,8 @@ defmodule Mv.Authorization.PermissionSets do ], pages: [ "/", + # Own profile + "/profile", "/members", # Create member "/members/new", diff --git a/test/mv/authorization/permission_sets_test.exs b/test/mv/authorization/permission_sets_test.exs index 84bdc2f..06e2110 100644 --- a/test/mv/authorization/permission_sets_test.exs +++ b/test/mv/authorization/permission_sets_test.exs @@ -247,6 +247,7 @@ defmodule Mv.Authorization.PermissionSetsTest do permissions = PermissionSets.get_permissions(:read_only) assert "/" in permissions.pages + assert "/profile" in permissions.pages assert "/members" in permissions.pages assert "/members/:id" in permissions.pages assert "/custom_field_values" in permissions.pages @@ -349,6 +350,7 @@ defmodule Mv.Authorization.PermissionSetsTest do permissions = PermissionSets.get_permissions(:normal_user) assert "/" in permissions.pages + assert "/profile" in permissions.pages assert "/members" in permissions.pages assert "/members/new" in permissions.pages assert "/members/:id" in permissions.pages