local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
905 commits 13 branches 0 tags 7.9 MiB
Commit graph

10 commits

Author SHA1 Message Date
Moritz
05c71132e4 Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-22 22:37:04 +01:00
Moritz
56144a7696 Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-22 21:36:10 +01:00
Moritz
93216f3ee6 Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-22 21:36:09 +01:00
Moritz
63d8c4668d test(auth): add User policies test suite 
31 tests covering all 4 permission sets and bypass scenarios
Update HasPermission tests to expect false for scope :own without record
 2026-01-22 19:19:25 +01:00
Moritz
c95a6fac69
Improve: Make deny_filter robust and add regression test 
- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records
 2026-01-13 15:01:55 +01:00
Moritz
42a463f422
Security: Fix critical deny-filter bug and improve authorization 
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
 2026-01-13 15:01:55 +01:00
Moritz
70729bdd73
Fix: HasPermission auto_filter and strict_check implementation 
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
 2026-01-13 15:01:54 +01:00
Moritz
93190d558f
test: add Member resource policy tests 2026-01-13 15:01:53 +01:00
Moritz
db0a187058
fix: correct relationship filter paths in HasPermission check
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
 2026-01-08 17:45:02 +01:00
Moritz
cba471dcac test: add tests for HasPermission policy check 
Add comprehensive test suite for the HasPermission Ash Policy Check
covering permission lookup, scope application, error handling, and logging.
 2026-01-08 16:48:42 +01:00