fix: add missing /profile page to read_only and normal_user permission sets

Both permission sets allow User:update :own, so users should be able to access their profile page. This makes the implementation consistent with the documentation and the logical permission model.
2026-01-06 21:55:13 +01:00 · 2026-01-06 21:55:13 +01:00 · 9b0d022767
commit 9b0d022767
parent 4bd08e85bb
2 changed files with 6 additions and 0 deletions
--- a/lib/mv/authorization/permission_sets.ex
+++ b/lib/mv/authorization/permission_sets.ex
@ -132,6 +132,8 @@ defmodule Mv.Authorization.PermissionSets do
      ],
      pages: [
        "/",
+        # Own profile
+        "/profile",
        # Member list
        "/members",
        # Member detail
@ -166,6 +168,8 @@ defmodule Mv.Authorization.PermissionSets do
      ],
      pages: [
        "/",
+        # Own profile
+        "/profile",
        "/members",
        # Create member
        "/members/new",