local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 59 Pull requests 3 Projects 2 Releases Packages 1 Activity Actions

feat: join request backend
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse source
This commit is contained in:
Simon 2026-02-20 17:37:51 +01:00
parent 883e7a3e62
commit e7393e32d8
Signed by: simon
GPG key ID: 40E7A58C4AA1EDB2
6 changed files with 344 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/development-progress-log.md
View file

@ -335,6 +335,15 @@ end
- show custom fields in member overview per default
- can be set to false in the settings for the specific custom field
---
**Onboarding / Public Join (Issue #308) Subtask 1: JoinRequest resource and public policies**
- JoinRequest Ash resource (`lib/membership/join_request.ex`) per concept §2.3.2: email, confirmation_token_hash, status, submitted_at, source, schema_version, payload, approved_at, rejected_at, reviewed_by_user_id
- Migration `20260220120000_add_join_requests.exs` with unique index on `confirmation_token_hash` for idempotency
- Public policies: `:confirm` and `:read` allowed with `actor: nil`; generic `:create` requires HasPermission
- Domain interface: `confirm_join_request/2`, `list_join_requests/1`, `get_join_request/2`, `update_join_request/2`, `destroy_join_request/1`
- Tests: `test/mv/membership/join_request_test.exs` public create/read with nil, idempotency, validations (no UI/email yet)
## Implementation Decisions
### Architecture Patterns

4
docs/onboarding-join-concept.md
View file

@ -168,12 +168,12 @@ The feature is split into a small number of well-bounded subtasks. **Resend conf
### Prio 1 Public Join (4 subtasks)
#### 1. JoinRequest resource and public policies
#### 1. JoinRequest resource and public policies
- **Scope:** Ash resource `JoinRequest` per §2.3.2 (email, payload/schema_version, status, submitted_at, approved_at, rejected_at, reviewed_by_user_id, source, optional abuse metadata); migration; idempotency key (e.g. unique_index on confirmation_token_hash).
- **Policies:** Explicit public actions (e.g. `confirm`) allowed with `actor: nil`; no system-actor fallback, no undocumented `authorize?: false`.
- **Boundary:** No UI, no emails, no pre-confirmation logic only resource, persistence, and “creatable with nil actor”.
- **Done:** Resource and migration in place; tests for create/read with `actor: nil` and for idempotency (same token twice → no second record).
- **Done:** Resource and migration in place; tests in `test/mv/membership/join_request_test.exs` for create/read with `actor: nil` and for idempotency (same token twice → no second record).
#### 2. Pre-confirmation store and confirm flow