local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 72 Pull requests 3 Projects 4 Releases Packages 1 Activity Actions

fix: add missing /profile page to read_only and normal_user permission sets

Browse source 
Both permission sets allow User:update :own, so users should be able
to access their profile page. This makes the implementation consistent
with the documentation and the logical permission model.
This commit is contained in:
Moritz 2026-01-06 21:55:13 +01:00
parent 4bd08e85bb
commit 9b0d022767
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/mv/authorization/permission_sets.ex
View file

@ -132,6 +132,8 @@ defmodule Mv.Authorization.PermissionSets do
],
pages: [
"/",
# Own profile
"/profile",
# Member list
"/members",
# Member detail
@ -166,6 +168,8 @@ defmodule Mv.Authorization.PermissionSets do
],
pages: [
"/",
# Own profile
"/profile",
"/members",
# Create member
"/members/new",

2
test/mv/authorization/permission_sets_test.exs
View file

@ -247,6 +247,7 @@ defmodule Mv.Authorization.PermissionSetsTest do
permissions = PermissionSets.get_permissions(:read_only)
assert "/" in permissions.pages
assert "/profile" in permissions.pages
assert "/members" in permissions.pages
assert "/members/:id" in permissions.pages
assert "/custom_field_values" in permissions.pages
@ -349,6 +350,7 @@ defmodule Mv.Authorization.PermissionSetsTest do
permissions = PermissionSets.get_permissions(:normal_user)
assert "/" in permissions.pages
assert "/profile" in permissions.pages
assert "/members" in permissions.pages
assert "/members/new" in permissions.pages
assert "/members/:id" in permissions.pages