local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 4 Projects 2 Releases Packages 1 Activity Actions
1313 commits 12 branches 0 tags 16 MiB
Commit graph

127 commits

Author SHA1 Message Date
Moritz
1188320844
Restrict set_vereinfacht_contact_id to system actor 
- Add ActorIsSystemUser policy check
- Member set_vereinfacht_contact_id only allowed for system user
 2026-02-23 19:54:43 +01:00
Moritz
9d3c72acff
Add Vereinfacht app URL setting and contact view URL 
- Setting attribute vereinfacht_app_url, migration, .env.example
- Config: vereinfacht_app_url() from env/setting or derived from API URL
- Contact view URL uses app URL with /en/admin/finances/contacts/{id}
- Global settings: App URL field, read-only when VEREINFACHT_APP_URL set
- Tests: update contact view URL expectations
 2026-02-23 19:54:43 +01:00
Moritz
a008cf381a
feat(vereinfacht): add client, sync flash and SyncContact change 
- Application: create SyncFlash ETS table on start
- Vereinfacht: Client, SyncFlash, sync_member, format_error, sync_members_without_contact
- SyncContact change on Member create_member and update_member
- Member: attribute vereinfacht_contact_id, internal action set_vereinfacht_contact_id
 2026-02-23 19:51:31 +01:00
Moritz
a5a4d66655
feat(vereinfacht): add DB schema, config and setting attributes 
- Migrations: vereinfacht_contact_id on members, vereinfacht_* on settings
- Mv.Config: Vereinfacht ENV/Settings helpers, vereinfacht_configured?, contact_view_url
- Setting: vereinfacht_api_url, api_key, club_id
 2026-02-23 19:51:31 +01:00
carla
9b1aad884e style: use same disabled field as for memberfield 2026-02-18 17:01:43 +01:00
carla
e47e266570 feat: type not editable 2026-02-18 16:42:54 +01:00
Moritz
95472424b1
Fix member unlink: use User update_user action
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
UnrelateUserWhenArgumentNil used User :update which only accepts :email.
Switch to :update_user with member: nil so manage_relationship clears member_id.
 2026-02-04 14:46:23 +01:00
Moritz
5194b20b5c
Fix unlink-by-omission: on_missing :ignore, test, doc, string-key
Some checks failed
continuous-integration/drone/push Build is failing
Details 
- Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted)
- Test: normal_user update linked member without :user keeps link
- Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note
- Check: defense-in-depth for "user" string key
 2026-02-04 14:07:39 +01:00
Moritz
543fded102
Harden member user-link check: argument presence, nil actor, policy scope 
- Forbid on :user argument presence (not value) to block unlink via nil/empty
- Defensive nil actor handling; policy restricted to create/update only
- Test: Ash.load with actor; test non-admin cannot unlink via user: nil
- Docs: unlink behaviour and policy split
 2026-02-04 14:07:39 +01:00
Moritz
26fbafdd9d
Restrict member user link to admins (forbid policy) 
Add ForbidMemberUserLinkUnlessAdmin check; forbid_if on Member create/update.
Fix member user-link tests: pass :user in params, assert via reload.
 2026-02-04 14:07:38 +01:00
Moritz
503401f2e6 Setting: remove unused actor in default_fee_type validation 
- Docs: Regenerate Cycles server-side enforcement note in membership-fee-architecture.
 2026-02-04 11:40:19 +01:00
Moritz
890a4d3752 MemberGroup: restrict bypass to own_data via MemberGroupReadLinkedForOwnData 
- ActorPermissionSetIs check; bypass policy filters by member_id for own_data only.
- Admin with member_id still gets :all via HasPermission. Tests added.
 2026-02-04 09:19:57 +01:00
Moritz
5ed41555e9 Member/Setting/validations: domain, actor, and seeds 
- setting.ex: domain/authorize for default_membership_fee_type_id check
- validate_same_interval: require membership_fee_type (no None)
- set_membership_fee_start_date: domain/actor for fee type lookup
- Validations: domain/authorize for cross-resource checks
- helpers.ex, email_sync change, seeds.exs actor/authorize fixes
- Update related tests
 2026-02-03 23:52:16 +01:00
Moritz
5889683854 Add resource policies for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Group/MemberGroup/MembershipFeeType/MembershipFeeCycle: HasPermission policy
- normal_user: Group and MembershipFeeCycle create/update/destroy; pages /groups/new, /groups/:slug/edit
- Add policy tests for all four resources
 2026-02-03 23:52:12 +01:00
Moritz
4ea31f0f37 Add email-change permission validation for linked members
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.
 2026-02-03 14:35:32 +01:00
Moritz
5a2f035ecc CustomField policies: actor required, no system-actor fallback, error handling 
- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format
 2026-01-29 16:10:12 +01:00
Moritz
1d17c4f2dd fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 16:10:12 +01:00
Moritz
36b5d5880b Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 16:10:12 +01:00
Simon
ddc8335cc0
refactor: improve groups LiveView based on code review feedback
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:33:27 +01:00
Simon
6faa9847f4
feat: add groups administration #372 2026-01-27 21:55:17 +01:00
simon
5df1da1573 Merge branch 'main' into feature/371-groups-resource
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 17:16:34 +01:00
Simon
e92c98b559
refactor: fix review issues - member_count aggregate, migration down, docs, actor handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 17:09:07 +01:00
Simon
fc8306cfee
test: resolve warnings
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 16:38:17 +01:00
Moritz
3f95a2dd84 CustomFieldValue: remove unused require Ash.Query 2026-01-27 16:07:01 +01:00
Moritz
bf2d0352c1 Add authorization policies to CustomFieldValue resource 
- Authorizer and policies: bypass for read (member_id == actor.member_id),
  CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
  must use a dedicated check (no filter).
 2026-01-27 16:07:01 +01:00
Simon
6db64bf996
feat: add groups resource #371
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 16:03:21 +01:00
Moritz
b545d2b9e1
Remove NoActor module, improve Member validation, update docs 2026-01-24 11:59:18 +01:00
Moritz
9e20766ef2
Use authorize?: false for integrity checks in validations 2026-01-24 02:21:09 +01:00
Moritz
e72b7ab2e8
Remove NoActor bypass from User and Member policies 
This removes the NoActor bypass that was masking authorization bugs in tests.
All operations now require an explicit actor for authorization.
 2026-01-24 02:12:31 +01:00
Moritz
079d270768 Fix authorization bypass in seeds and validations
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add authorize?: false to all bootstrap operations in seeds.exs
- Fix user-linking validation to respect authorize? context flag
- Prevents authorization errors during initial setup when no actor exists yet
 2026-01-23 02:08:11 +01:00
Moritz
d07f1984cd Move require Logger to module level
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
 2026-01-21 08:35:34 +01:00
Moritz
5c3657fed1 Use SystemActor opts for cycle deletion operations 
Pass actor_opts to delete_cycles/1 to ensure proper authorization
when MembershipFeeCycle policies are enforced
 2026-01-21 08:02:32 +01:00
Moritz
c64b74588f Use system actor for cycle generation 
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
 2026-01-20 22:09:20 +01:00
Moritz
9c2cff6307
docs: Update domain Public API documentation 2026-01-20 15:50:08 +01:00
carla
7da037d81d refactor: adds schemales changeset and validation constant 2026-01-19 11:43:51 +01:00
Moritz
897677a782
refactor: Replace actor option patterns with ash_actor_opts helper 
- Replace if actor, do: [actor: actor], else: [] with Mv.Helpers.ash_actor_opts/1
- Update email_sync/loader.ex, member validations, member.ex, cycle_generator.ex
- Consistent actor handling across non-LiveView modules
 2026-01-13 15:17:06 +01:00
Moritz
dbd79075f5
Pass actor parameter through cycle generation 
Extract actor from changeset context in Member hooks and pass it
through all cycle generation functions to ensure proper authorization.
 2026-01-13 15:15:59 +01:00
Moritz
42a463f422
Security: Fix critical deny-filter bug and improve authorization 
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
 2026-01-13 15:01:55 +01:00
Moritz
6846363132
Refactor: NoActor to SimpleCheck with compile-time environment check 
This prevents security issues where :create/:read without actor would
be allowed in production. Now all operations require an actor in production.
 2026-01-13 15:01:54 +01:00
Moritz
4192922fd3
feat: implement authorization policies for Member resource 2026-01-13 15:01:53 +01:00
carla
6311eebb0c fix linting
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-08 11:41:24 +01:00
carla
4a1042ab1a feat: add atomic update for single member field visibility 2026-01-08 11:28:27 +01:00
carla
38d106a69e fix: exit date as default hidden column 2026-01-07 12:14:41 +01:00
carla
17540c6b1d feat: removes phoen number as member field and makes name optional 2026-01-02 16:19:06 +01:00
carla
850f00fe22 formatting
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-02 13:53:24 +01:00
carla
08f563a412 Merge branch 'main' into bugfix/274_required_custom_fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-02 13:47:24 +01:00
Moritz
5318b2c07d docs: add typespec for SetDefaultMembershipFeeType.change/3 2025-12-26 21:40:32 +01:00
Moritz
d02add75ef fix: convert after_action to after_transaction for cycle generation 
Replace after_action hooks with after_transaction to ensure async tasks only run after successful commit. Extract common cycle generation logic into handle_cycle_generation/2 to reduce duplication. Add structured error logging with context.
 2025-12-26 21:40:22 +01:00
carla
1dd68bcaf2 feat: coherent required boolean handling
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-12-23 18:08:31 +01:00
carla
e3ff3e610c feat: optimize required custom fields query 2025-12-23 17:01:50 +01:00