This commit is contained in:
parent
883e7a3e62
commit
e7393e32d8
GPG key ID:
40E7A58C4AA1EDB2
6 changed files with 344 additions and 2 deletions
|
|
@ -168,12 +168,12 @@ The feature is split into a small number of well-bounded subtasks. **Resend conf
|
|||
|
||||
### Prio 1 – Public Join (4 subtasks)
|
||||
|
||||
#### 1. JoinRequest resource and public policies
|
||||
#### 1. JoinRequest resource and public policies ✅
|
||||
|
||||
- **Scope:** Ash resource `JoinRequest` per §2.3.2 (email, payload/schema_version, status, submitted_at, approved_at, rejected_at, reviewed_by_user_id, source, optional abuse metadata); migration; idempotency key (e.g. unique_index on confirmation_token_hash).
|
||||
- **Policies:** Explicit public actions (e.g. `confirm`) allowed with `actor: nil`; no system-actor fallback, no undocumented `authorize?: false`.
|
||||
- **Boundary:** No UI, no emails, no pre-confirmation logic – only resource, persistence, and “creatable with nil actor”.
|
||||
- **Done:** Resource and migration in place; tests for create/read with `actor: nil` and for idempotency (same token twice → no second record).
|
||||
- **Done:** Resource and migration in place; tests in `test/mv/membership/join_request_test.exs` for create/read with `actor: nil` and for idempotency (same token twice → no second record).
|
||||
|
||||
#### 2. Pre-confirmation store and confirm flow
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue