From c36812bf3fb3b410b4b2b6bd5688c3698f99eabf Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 3 Feb 2026 17:16:09 +0100
Subject: [PATCH] Authorization: document can_access_page? nil-safety

Doc and example for nil user returning false.
---
 lib/mv_web/authorization.ex | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/mv_web/authorization.ex b/lib/mv_web/authorization.ex
index d20be7d..d821416 100644
--- a/lib/mv_web/authorization.ex
+++ b/lib/mv_web/authorization.ex
@@ -97,12 +97,18 @@ defmodule MvWeb.Authorization do
   @doc """
   Checks if user can access a specific page.
 
+  Nil-safe: returns false when user is nil (e.g. unauthenticated or layout
+  assigns regression), so callers do not need to guard.
+
   ## Examples
 
       iex> admin = %{role: %{permission_set_name: "admin"}}
       iex> can_access_page?(admin, "/admin/roles")
       true
 
+      iex> can_access_page?(nil, "/members")
+      false
+
       iex> mitglied = %{role: %{permission_set_name: "own_data"}}
       iex> can_access_page?(mitglied, "/members")
       false