local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1128 commits 13 branches 0 tags 7.9 MiB
Commit graph

1128 commits

This branch
This branch
All branches
Author SHA1 Message Date
carla
9fd617e45a tests: add tests for config 2026-02-02 09:48:37 +01:00
moritz
b9dd990f52 Merge pull request 'Page Permission Router Plug closes #388' (#390) from feature/388_page_permissions into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #390
 2026-01-30 12:19:58 +01:00
Moritz
f8f6583679 PermissionSetsTest: assert /users/:id instead of /profile in pages
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
Profile is reachable at /users/:id; /profile was removed from PermissionSets.
 2026-01-30 11:37:34 +01:00
Moritz
6e13a3aa34
Docs: note User-Member Linking enforcement in code
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:28:41 +01:00
Moritz
cf6bd4a6a1 UserPoliciesTest: use :update for non-admin own-email and forbid-other 
- own_data, read_only, normal_user: can update own email via :update
- cannot update other users: use :update (scope :own forbids)
 2026-01-30 11:13:34 +01:00
Moritz
06d6531569 UserLive.Form: gate Member-Linking to admin, use :update for non-admin 
- Show Member-Linking UI only when can_manage_member_linking (admin)
- perform_member_link_action runs only for admin
- assign_form: non-admin uses :update (email), admin uses :update_user
- Load members for linking only when can_manage_member_linking
 2026-01-30 11:13:28 +01:00
Moritz
14fa873640 Restrict User.update_user to admin; allow :update for email only 
- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit
 2026-01-30 11:13:23 +01:00
Moritz
faee780aab Tests: read_only/normal_user /users/:id, Ash.read! actor, Authorization own/other
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Integration: read_only and normal_user GET /users/:id (own) and edit/show/edit return 200
- Integration: read_only GET /users/:id (other) redirects
- Plug test: use group_fixture in setup instead of Ash.read!() without actor
- Authorization: tests for own/other profile and reserved 'new'
 2026-01-30 10:22:34 +01:00
Moritz
a1fe36b7f2 Delegate can_access_page? to CheckPagePermission 
- UI uses same rules as plug (reserved 'new', own/linked path checks)
 2026-01-30 10:22:31 +01:00
Moritz
ea1d01fcea Docs: align route matrix with PermissionSets, add Role-Load note 
- Table: own_data/read_only/normal_user /users/:id and edit/show/edit; members edit/show/edit
- Integration test sections updated for read_only and normal_user
- Add note on plug reloading role and member_id when needed
 2026-01-30 10:22:30 +01:00
Moritz
d318dad612 Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user 
- read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only)
- normal_user: allow /members/:id/show/edit
- Fixes redirect loop when sidebar links to profile
 2026-01-30 10:22:27 +01:00
Moritz
3a7e4000c0
fix: fix warning of unused variable in UserLive.IndexTest
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-30 00:13:40 +01:00
Moritz
28d134b2b0
chore: remove unused aliases in tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
- Drop unused Member alias from membership and membership_fees test files.
 2026-01-30 00:00:33 +01:00
Moritz
f66cd2933a
docs: add page permission route and test coverage 
- page-permission-route-coverage.md: route matrix, test coverage per role,
  reserved segments.
 2026-01-30 00:00:33 +01:00
Moritz
b55f356762
fix: handle nil member in MembershipFeeHelpers 
- get_last_completed_cycle/2 and get_current_cycle/2 return nil when member is nil.
- Avoids FunctionClauseError when MemberLive.Show receives no member (e.g. after
  redirect or policy filter). Add unit tests for nil member.
 2026-01-30 00:00:32 +01:00
Moritz
ad00e8e7b6
test: add page permission tests and ConnCase role tags 
- ConnCase: add :read_only and :normal_user role tags for tests.
- Add CheckPagePermission plug tests (unit + integration for member, read_only,
  normal_user, admin). Update permission_sets_test (refute "/" for own_data).
- Profile navigation, global_settings, role_live, membership_fee_type: use
  users with role for "/" access; expect redirect for own_data on /settings
  and /admin/roles.
 2026-01-30 00:00:32 +01:00
Moritz
626e8a872e
feat: restrict own_data to profile and linked member pages 
- Remove "/" from own_data pages (Mitglied redirected to profile at root).
- Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages
  for own_data so members can access own profile and linked member only.
 2026-01-30 00:00:31 +01:00
Moritz
b10b9c893c
feat: add CheckPagePermission plug for page-level authorization 
- Plug checks PermissionSets page list; redirects unauthorized to profile or sign-in.
- Router: add plug to :browser pipeline; LiveHelpers: check_page_permission_on_params
  for client-side navigation (push_patch).
 2026-01-30 00:00:31 +01:00
simon
d7f6d1c03c Merge pull request 'Change Logo closes #385' (#389) from feature/385-mila-logo into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #389
 2026-01-29 16:20:34 +01:00
moritz
34019d07a4 Merge pull request 'CustomField Resource Policies closes #386' (#387) from feature/386_customfield_policy into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #387
 2026-01-29 16:17:10 +01:00
Moritz
4473cfd372 Tests: use code interface for Member create/update (actor propagation)
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 16:10:12 +01:00
Moritz
5a2f035ecc CustomField policies: actor required, no system-actor fallback, error handling 
- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format
 2026-01-29 16:10:12 +01:00
Moritz
c9431caabe Add gettext strings for custom field load error and not authorized 2026-01-29 16:10:12 +01:00
Moritz
9a7622ebed fix: pass actor to CustomFieldLive.FormComponent for save 
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
 2026-01-29 16:10:12 +01:00
Moritz
1d17c4f2dd fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 16:10:12 +01:00
Moritz
36b5d5880b Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 16:10:12 +01:00
Simon
8fa337bd81
feat: change logo
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:55:15 +01:00
simon
ca88a230b9 Merge pull request 'Minor test refactoring to improve on performance closes #383' (#384) from test-performance-optimization into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #384
 2026-01-29 15:43:59 +01:00
Simon
709cf010c6
docs: consolidate test performance docs
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:34:14 +01:00
Simon
9b314a9806
fix: credo error
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:26:45 +01:00
Simon
b4adf63e83
feix: optimize queries for groups
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-29 15:22:40 +01:00
Simon
124ab295a6
fix: select all checkbox handling 2026-01-29 15:14:36 +01:00
Simon
bb7e3cbe77
fix: make sure all tests run
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-29 14:49:39 +01:00
Simon
dddad69e88
chore: remove pr trigger again
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is failing
Details
2026-01-29 14:42:47 +01:00
Simon
0a1b52d978
test: fix tests
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/pr Build is failing
Details
2026-01-29 14:39:31 +01:00
Simon
17974d7a12
chore: change pr merge workflow
Some checks reported errors
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build was killed
Details
2026-01-29 14:30:09 +01:00
Simon
1019914d50
docs: update coding guidelines
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-29 12:59:35 +01:00
Simon
0b29fbbd21
test: restore removed tests including optimizations 2026-01-29 12:59:06 +01:00
Simon
25da6a6820
chore: update drone nightly pipeline
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 15:04:24 +01:00
Simon
3f0dc868c9
chore: disable test performance output again
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:54:59 +01:00
Simon
c3ad8894b0
refactor: implement more review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:47:30 +01:00
Simon
ea3bdcaa65
refactor: apply review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:42:16 +01:00
Simon
050ca4a13c
test: move slow and less critical tests to nightly suite
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:34:05 +01:00
Simon
eb2b2436be
docs: add performance analysis on policy tests 2026-01-28 14:01:41 +01:00
Simon
91f8bb03bc
refactor: remove tests against basic framework functionalities
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 13:46:18 +01:00
Simon
15d328afbf
test: optimize single test and update docs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 13:33:39 +01:00
Simon
6efad280bd
refactor: apply review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 12:36:19 +01:00
Simon
858a0fc0d0
chore: allow manual nightly-tests pipeline run
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 12:07:51 +01:00
Simon
67e06e12ce
refactor: move slow performance tests to extra test suite
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 12:00:32 +01:00
Simon
fce01ddf83
style: fix formatting
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 11:32:46 +01:00