82 commits

Author	SHA1	Message	Date
carla	6dc398fa5a	refactor: reduce complexity	2026-01-15 17:00:17 +01:00
carla	67072f0c52	feat: adds header header normalization	2026-01-15 16:11:09 +01:00
carla	8a5d012895	refactor parser	2026-01-15 12:15:22 +01:00
carla	3bbe9895ee	fix: improve CSV parser error handling	2026-01-15 11:08:22 +01:00
carla	68e19bea18	feat: add csv parser	2026-01-15 10:10:02 +01:00
carla	4b41ab37bb	Merge branch 'main' into feature/330_import_service_skeleton	2026-01-14 12:30:40 +01:00
carla	fb71b7ddb1	fix struct inconsistencies	2026-01-14 09:49:40 +01:00
Moritz	897677a782	refactor: Replace actor option patterns with ash_actor_opts helper ... - Replace if actor, do: [actor: actor], else: [] with Mv.Helpers.ash_actor_opts/1 - Update email_sync/loader.ex, member validations, member.ex, cycle_generator.ex - Consistent actor handling across non-LiveView modules	2026-01-13 15:17:06 +01:00
Moritz	555ae15173	feat: Add shared helper functions for actor handling ... - Add Mv.Helpers module with ash_actor_opts/1 helper - Add current_actor/1 with @spec to LiveHelpers - Add ash_actor_opts/1 delegate and submit_form/3 wrapper to LiveHelpers - Standardize actor access pattern across LiveViews	2026-01-13 15:17:06 +01:00
Moritz	74fe60f768	Pass actor parameter to member email validation ... Extract actor from changeset context and pass it to Ash.read and Ash.load calls in email uniqueness validation.	2026-01-13 15:16:00 +01:00
Moritz	5ffd2b334e	Pass actor parameter through email sync operations ... Extract actor from changeset context and pass it to all email sync loader functions to ensure proper authorization when loading linked users and members.	2026-01-13 15:16:00 +01:00
Moritz	dbd79075f5	Pass actor parameter through cycle generation ... Extract actor from changeset context in Member hooks and pass it through all cycle generation functions to ensure proper authorization.	2026-01-13 15:15:59 +01:00
Moritz	dc3268cbf4	Fix: Update comment in auto_filter to reflect expr(false) usage ... Update comment from 'id IN [] = never matches' to 'expr(false) = match none' to match the actual implementation of deny_filter().	2026-01-13 15:01:56 +01:00
Moritz	c95a6fac69	Improve: Make deny_filter robust and add regression test ... - Change deny_filter from [id: {:in, []}] to expr(false) - Add regression test to ensure deny-filter matches 0 records	2026-01-13 15:01:55 +01:00
Moritz	42a463f422	Security: Fix critical deny-filter bug and improve authorization ... CRITICAL FIX: Deny-filter was allowing all records instead of denying Fix: User validation in Member now uses actor from changeset.context	2026-01-13 15:01:55 +01:00
Moritz	6846363132	Refactor: NoActor to SimpleCheck with compile-time environment check ... This prevents security issues where :create/:read without actor would be allowed in production. Now all operations require an actor in production.	2026-01-13 15:01:54 +01:00
Moritz	70729bdd73	Fix: HasPermission auto_filter and strict_check implementation ... Fixes security issue where auto_filter returned nil instead of proper filter expressions, which could lead to incorrect authorization behavior.	2026-01-13 15:01:54 +01:00
Moritz	4192922fd3	feat: implement authorization policies for Member resource	2026-01-13 15:01:53 +01:00
carla	cc6d72b6b1	feat: add service skeleton and tests	2026-01-13 11:44:40 +01:00
carla	922f9f93d0	Merge branch 'main' into feature/223_memberfields_settings	2026-01-12 13:15:40 +01:00
Moritz	db0a187058	fix: correct relationship filter paths in HasPermission check ... - Use user.id instead of user_id for Member linked scope - Use member.user.id for CustomFieldValue linked scope - Add lazy logger evaluation - Improve action nil handling - Add integration tests for filter expressions	2026-01-08 17:45:02 +01:00
Moritz	288002f404	feat: implement HasPermission policy check ... Implement custom Ash Policy Check that reads permissions from PermissionSets module and applies scope filters to Ash queries.	2026-01-08 16:48:43 +01:00
carla	9af7381843	refactor: extract helper modules to remove code duplication	2026-01-08 11:22:44 +01:00
carla	0c8a255476	Merge branch 'main' into feature/273_member_fields	2026-01-07 10:22:18 +01:00
Moritz	18ec4bfd16	fix: add missing /custom_field_values/:id page to read_only and normal_user ... - Add /custom_field_values/:id to read_only pages (users can view list, should also view details) - Add /custom_field_values/:id to normal_user pages - Refactor tests to reduce duplication (use for-comprehension for structure tests) - Add tests for invalid input types in valid_permission_set?/1 - Update @spec for valid_permission_set?/1 to accept any() type	2026-01-06 22:17:33 +01:00
Moritz	7845117fad	refactor: improve error handling and documentation in PermissionSets ... - Add explicit ArgumentError for invalid permission set names with helpful message - Soften performance claim in documentation (intended to be constant-time) - Add tests for error handling - Improve maintainability with guard clause for invalid inputs	2026-01-06 21:55:52 +01:00
Moritz	9b0d022767	fix: add missing /profile page to read_only and normal_user permission sets ... Both permission sets allow User:update :own, so users should be able to access their profile page. This makes the implementation consistent with the documentation and the logical permission model.	2026-01-06 21:55:13 +01:00
Moritz	3a0fb4e84f	feat: implement PermissionSets module with all 4 permission sets ... - Add types for scope, action, resource_permission, permission_set - Implement get_permissions/1 for all 4 sets (own_data, read_only, normal_user, admin) - Implement valid_permission_set?/1 for string and atom validation - Implement permission_set_name_to_atom/1 with error handling	2026-01-06 21:33:39 +01:00
Moritz	5f13901ca5	security: remove is_system_role from public API ... Remove is_system_role from accept lists in create_role and update_role actions. This field should only be set via seeds or internal actions to prevent users from creating unkillable roles through the public API.	2026-01-06 19:04:03 +01:00
Moritz	f63405052f	feat: add get_role action to Authorization domain ... Add get_role action for retrieving single role by ID through code interface.	2026-01-06 18:37:35 +01:00
Moritz	557eb4d27d	refactor: simplify system role deletion validation ... Remove redundant action_type check since validation already runs only on destroy actions. Add field to error for better error handling.	2026-01-06 18:37:34 +01:00
Moritz	12c08cabee	docs: clean up PermissionSets documentation ... Remove issue number references from moduledoc	2026-01-06 18:14:19 +01:00
Moritz	82ec4e565a	refactor: use UUIDv7 and improve Role validations ... - Change id from uuid_primary_key to uuid_v7_primary_key - Replace custom validation with built-in one_of validation - Add explicit on_delete: :restrict for users foreign key - Update postgres references configuration	2026-01-06 18:14:16 +01:00
Moritz	4535551b8d	feat: add Role resource with validations ... Create Role resource with name, description, permission_set_name, and is_system_role fields. Add validations for permission_set_name and system role deletion protection.	2026-01-06 17:18:32 +01:00
Moritz	1b2927ce40	feat: create Authorization domain ... Add Mv.Authorization domain with AshAdmin and AshPhoenix extensions. Register domain in config for role management.	2026-01-06 17:18:30 +01:00
Moritz	37d1655227	feat: add PermissionSets stub module for role validation ... Add minimal PermissionSets module with all_permission_sets/0 function to support permission_set_name validation in Role resource.	2026-01-06 17:18:29 +01:00
carla	17540c6b1d	feat: removes phoen number as member field and makes name optional	2026-01-02 16:19:06 +01:00
Moritz	b2c2013b4d	refactor: extract sql_sandbox config to Mv.Config module ... Centralize application-wide configuration values for better maintainability.	2025-12-26 21:40:12 +01:00
Moritz	961261eff2	feat: add Task.Supervisor to supervision tree ... Add Task.Supervisor for supervised async task execution in cycle generation.	2025-12-26 21:40:04 +01:00
Moritz	a8ea121800	Refactor cycle generator and update translations ... Extract error handling into separate functions to reduce nesting depth.	2025-12-26 21:01:17 +01:00
Moritz	3241dd7d96	Fix cycle end calculation for misaligned cycle_start dates ... Make cycle generation idempotent by skipping existing cycles	2025-12-22 16:39:49 +01:00
Moritz	098b3b0a2a	Remove paid field from members ... Remove paid field from Member resource, database migration, tests, seeds, and UI. This field is no longer needed as payment status is now tracked via membership fee cycles.	2025-12-18 15:11:02 +01:00
Moritz	017ee5bc0c	refactor: reduce nesting depth in process_batch function	2025-12-18 15:00:45 +01:00
Moritz	d720670fd2	fix: address notification handling review feedback ... 1. Fix misleading comment in async create_member path 2. Use skip_lock?: true in test case for create_member 3. Fix generate_cycles_for_all_members/1	2025-12-18 15:00:45 +01:00
Moritz	c25ffdc034	refactor: implement proper notification handling via after_action hooks ... Refactor notification handling according to Ash best practices	2025-12-18 15:00:44 +01:00
Moritz	98b56fc406	fix: resolve notification handling and maintain after_action for cycle regeneration	2025-12-18 15:00:44 +01:00
Moritz	ba0ece9dc6	fix: correct return_notifications? logic to prevent missed notifications ... Fix the logic for return_notifications? in create_cycles	2025-12-18 15:00:44 +01:00
Moritz	66d0c9a702	fix: address code review points for cycle regeneration ... 1. Fix critical notifications bug 2. Fix today inconsistency 3. Add advisory lock around deletion 4. Improve helper function documentation 5. Improve error message UX	2025-12-18 15:00:44 +01:00
Moritz	6158602598	refactor: reduce complexity of with_advisory_lock function ... Split the complex with_advisory_lock function into smaller, focused functions to improve readability and reduce cyclomatic complexity	2025-12-18 15:00:43 +01:00
Moritz	d8e9c157bf	fix: prevent deadlocks by detecting existing transactions	2025-12-18 15:00:43 +01:00