mitgliederverwaltung

Author	SHA1	Message	Date
Moritz	14fa873640	Restrict User.update_user to admin; allow :update for email only - Add ActorIsAdmin policy check (admin permission set only) - User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin - User: primary :update action accept [:email] for non-admin profile edit	2026-01-30 11:13:23 +01:00
Moritz	d318dad612	Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user - read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only) - normal_user: allow /members/:id/show/edit - Fixes redirect loop when sidebar links to profile	2026-01-30 10:22:27 +01:00
Moritz	626e8a872e	feat: restrict own_data to profile and linked member pages - Remove "/" from own_data pages (Mitglied redirected to profile at root). - Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages for own_data so members can access own profile and linked member only.	2026-01-30 00:00:31 +01:00
Simon	3eb4cde0b7	Merge remote-tracking branch 'origin/main' into feature/372-groups-management All checks were successful continuous-integration/drone/push Build is passing Details	2026-01-27 23:48:31 +01:00
Simon	6faa9847f4	feat: add groups administration #372	2026-01-27 21:55:17 +01:00
Moritz	7d33acde9f	feat(system_actor): add system_user?/1 and normalize email Case-insensitive email comparison for system-actor detection.	2026-01-27 17:39:04 +01:00
Moritz	4d3a249b0c	HasPermission: remove unused _authorizer from strict_check helper	2026-01-27 16:07:01 +01:00
Moritz	7153af23ee	CustomFieldValueCreateScope: use get_argument_or_attribute for member_id - Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works when set as attribute or argument - Remove unused require Logger - Document member_id source in moduledoc	2026-01-27 16:07:01 +01:00
Moritz	bf2d0352c1	Add authorization policies to CustomFieldValue resource - Authorizer and policies: bypass for read (member_id == actor.member_id), CustomFieldValueCreateScope for create, HasPermission for read/update/destroy. - HasPermission: pass authorizer into strict_check helper; document that create must use a dedicated check (no filter).	2026-01-27 16:07:01 +01:00
Moritz	c7c6b318ac	Add CustomFieldValueCreateScope check for create actions Ash cannot apply filters to create; this check enforces :linked/:all scope via strict_check only (no filter).	2026-01-27 16:07:01 +01:00
Moritz	8f5f69744c	Add CustomFieldValue create/destroy :linked to own_data permission set Allows members to create and delete custom field values for their linked member.	2026-01-27 16:07:01 +01:00
Moritz	1d0ac6d280	Improve CSV import error messages Include email address in duplicate email error messages. Add German translation for email uniqueness errors. Ensure locale is set for translations in async tasks.	2026-01-25 18:33:28 +01:00
Moritz	562265f212	Security: Require actor parameter in CSV import Remove fallback to system_actor in process_chunk to prevent unauthorized access. Actor must now be explicitly provided.	2026-01-25 18:33:25 +01:00
carla	bf7e47ce5c	refactor	2026-01-25 17:31:42 +01:00
carla	04b0916c1e	refactor	2026-01-25 17:30:07 +01:00
carla	092fd99d48	fat: adds csv import live view to settings	2026-01-25 17:30:03 +01:00
Moritz	5c0786ebca	Fix HasPermission check to handle nil member_id gracefully	2026-01-24 19:15:46 +01:00
Moritz	403eda3908	Add Role helper function and create_role_with_system_flag action - Add get_mitglied_role/0 helper to avoid code duplication - Add create_role_with_system_flag action for seeds/migrations - Allows setting is_system_role flag (required for 'Mitglied' role)	2026-01-24 19:15:05 +01:00
Moritz	b545d2b9e1	Remove NoActor module, improve Member validation, update docs	2026-01-24 11:59:18 +01:00
Moritz	0f48a9b15a	Add actor parameter to all tests requiring authorization This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-24 02:21:02 +01:00
Moritz	686f69c9e9	Add authorize?: false to SystemActor bootstrap operations - Role lookup and creation (find_admin_role, create_admin_role) - System user creation and role assignment - Role loading during initialization	2026-01-24 02:12:31 +01:00
Simon	672b4a8250	Merge branch 'main' into feature/filter-boolean-custom-fields Some checks failed continuous-integration/drone/push Build is failing Details	2026-01-23 14:41:48 +01:00
Moritz	427608578f	Restrict Actor.ensure_loaded to Mv.Accounts.User only All checks were successful continuous-integration/drone/push Build is passing Details Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-22 23:17:55 +01:00
Moritz	f3abade7ad	Add authorize?: false to Actor.ensure_loaded SECURITY: Skip authorization for role loading to avoid circular dependency. Actor loads their OWN role, needed for authorization itself. Documented why this is safe.	2026-01-22 23:04:56 +01:00
Moritz	e60bb6926f	Remove unused PolicyHelpers macro and PolicyConsistency test All checks were successful continuous-integration/drone/push Build is passing Details Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-22 22:37:09 +01:00
Moritz	f2def20fce	Add centralized Actor.ensure_loaded helper Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-22 22:37:07 +01:00
Moritz	05c71132e4	Replace NoActor runtime Mix.env with compile-time config Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-22 22:37:04 +01:00
Moritz	a834bdc4ff	Add PolicyHelpers macro for standard user policies Encapsulate two-tier policy pattern (bypass + HasPermission). Promote consistency across resource policy definitions.	2026-01-22 21:36:18 +01:00
Moritz	f1e6a1e9db	Clarify User.update :own in permission sets Add explicit comments explaining why all permission sets grant User.update with scope :own for password changes.	2026-01-22 21:36:11 +01:00
Moritz	56144a7696	Add role loading fallback to HasPermission check Extract ash_resource? helper to reduce nesting depth. Add ensure_role_loaded fallback for unloaded actor roles.	2026-01-22 21:36:10 +01:00
Moritz	93216f3ee6	Harden NoActor check with runtime environment guard Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.	2026-01-22 21:36:09 +01:00
Moritz	429042cbba	feat(auth): add User resource authorization policies Implement bypass for READ + HasPermission for UPDATE pattern Extend HasPermission check to support User resource scope :own	2026-01-22 19:19:22 +01:00
Moritz	d07f1984cd	Move require Logger to module level All checks were successful continuous-integration/drone/push Build is passing Details Move require Logger statements from function/case level to module level for better code organization and consistency with Elixir best practices	2026-01-21 08:35:34 +01:00
Moritz	7e9de8e95b	Add logging for fail-open email uniqueness validations Log warnings when query errors occur in email uniqueness checks to improve visibility of data integrity issues	2026-01-21 08:02:33 +01:00
Moritz	006b1aaf06	Replace Mix.env() with Config.sql_sandbox?() in SystemActor Use Application config instead of Mix.env() to prevent runtime crashes in production releases where Mix is not available	2026-01-21 08:02:31 +01:00
Moritz	c5bd58e7d3	Add @spec type annotations to SystemActor functions Add type specifications for all private functions to improve static analysis with Dialyzer and documentation quality.	2026-01-20 23:16:39 +01:00
Moritz	a3cf8571ff	Document System Actor pattern in code guidelines Add section explaining when and how to use system actor for systemic operations. Include examples and distinction between user mode and system mode.	2026-01-20 22:10:11 +01:00
Moritz	c64b74588f	Use system actor for cycle generation Update cycle generator, member hooks, and job to use system actor. Remove actor parameters as cycle generation is a mandatory side effect.	2026-01-20 22:09:20 +01:00
Moritz	f0169c95b7	Use system actor for email uniqueness validation Update email validation modules to use system actor for queries. This ensures data integrity checks always run regardless of user permissions.	2026-01-20 22:09:19 +01:00
Moritz	8acd92e8d4	Use system actor for email synchronization Update email sync loader and changes to use system actor instead of user actor. This ensures email sync always works regardless of user permissions.	2026-01-20 22:09:18 +01:00
Moritz	ddb1252831	Add System Actor helper for systemic operations Introduce Mv.Helpers.SystemActor module with lazy loading for operations that must always run regardless of user permissions. System actor has admin role and auto-creates in test environment.	2026-01-20 22:09:16 +01:00
Simon	01dea8bb8b	Merge branch 'main' into feature/filter-boolean-custom-fields Some checks failed continuous-integration/drone/push Build is failing Details	2026-01-20 18:13:20 +01:00
Moritz	433f008af8	refactor: Reduce function complexity and nesting depth - Extract helper functions from process_chunk to reduce nesting - Extract format_error_message from extract_changeset_error - Split extract_error_message into smaller functions to reduce complexity - Fixes Credo refactoring opportunities	2026-01-20 16:05:32 +01:00
Simon	37e1553a02	feat: add custom boolean field state & URL-Parameter	2026-01-20 15:55:08 +01:00
Moritz	9c2cff6307	docs: Update domain Public API documentation	2026-01-20 15:50:08 +01:00
carla	ac0e272cca	refactor: change length for performance	2026-01-19 12:37:39 +01:00
carla	3cbd90ecdd	feat: adds error capping	2026-01-19 12:02:28 +01:00
carla	7da037d81d	refactor: adds schemales changeset and validation constant	2026-01-19 11:43:51 +01:00
carla	8b3cc6a6b2	feat: adds row validation	2026-01-19 11:22:11 +01:00
carla	6dc398fa5a	refactor: reduce complexity	2026-01-15 17:00:17 +01:00

1 2 3

131 commits