25 commits

Author	SHA1	Message	Date
Moritz	131904f172	Test: assert on error field :email instead of message string	2026-02-03 16:07:47 +01:00
Moritz	4ea31f0f37	Add email-change permission validation for linked members ... Only admins or the linked user may change a linked member's email. - New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user). - Register on Member update_member; docs and gettext.	2026-02-03 14:35:32 +01:00
carla	86a3c4e50e	tests: add tests for import	2026-02-02 13:07:00 +01:00
Moritz	4473cfd372	Tests: use code interface for Member create/update (actor propagation)	2026-01-29 16:10:12 +01:00
Moritz	36b5d5880b	Add CustomField resource policies and tests ... - Add policies block with HasPermission for read/create/update/destroy - Add authorizers: [Ash.Policy.Authorizer] to CustomField resource - Add custom_field_policies_test.exs (read all roles, write admin only) - Fix CustomField path in roles-and-permissions doc (lib/membership)	2026-01-29 16:10:12 +01:00
Moritz	0219073d33	CFV policies test: system_actor for setup, verify destroy with actor ... - create_linked_member_for_user and create_unlinked_member use actor (system_actor) directly instead of creating admin user per call - Remove create_admin_user helper - After destroy, verify with Ash.get(..., actor: actor) to avoid false positive from Forbidden vs NotFound	2026-01-27 16:07:01 +01:00
Moritz	4e032ea778	Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin) ... Covers read/update/create/destroy for linked vs unlinked members and CRUD permissions per permission set.	2026-01-27 16:07:01 +01:00
Moritz	17831a0948	Pass actor to CustomFieldValue destroy and load in existing tests ... Required after CustomFieldValue gained authorization policies.	2026-01-27 16:07:01 +01:00
Moritz	562265f212	Security: Require actor parameter in CSV import ... Remove fallback to system_actor in process_chunk to prevent unauthorized access. Actor must now be explicitly provided.	2026-01-25 18:33:25 +01:00
Moritz	b9d68a3417	Fix test helpers: Use actor parameter correctly	2026-01-24 02:21:09 +01:00
Moritz	0f48a9b15a	Add actor parameter to all tests requiring authorization ... This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-24 02:21:02 +01:00
Moritz	0abcf540bb	refactor: Replace length/1 with empty list comparison ... Replace expensive length/1 calls with direct list comparison to fix Credo warnings about performance	2026-01-20 15:58:15 +01:00
carla	3cbd90ecdd	feat: adds error capping	2026-01-19 12:02:28 +01:00
carla	7da037d81d	refactor: adds schemales changeset and validation constant	2026-01-19 11:43:51 +01:00
carla	8b3cc6a6b2	feat: adds row validation	2026-01-19 11:22:11 +01:00
carla	6dc398fa5a	refactor: reduce complexity	2026-01-15 17:00:17 +01:00
carla	0673684cc1	test: adds tests for header normalization	2026-01-15 16:11:02 +01:00
carla	3bbe9895ee	fix: improve CSV parser error handling	2026-01-15 11:08:22 +01:00
carla	31cf07c071	test: updated tests	2026-01-15 10:10:14 +01:00
carla	4b41ab37bb	Merge branch 'main' into feature/330_import_service_skeleton	2026-01-14 12:30:40 +01:00
carla	aa3fb0c49b	fix linting	2026-01-14 10:48:36 +01:00
carla	aa62e03409	skip test for now	2026-01-14 09:11:44 +01:00
Moritz	70729bdd73	Fix: HasPermission auto_filter and strict_check implementation ... Fixes security issue where auto_filter returned nil instead of proper filter expressions, which could lead to incorrect authorization behavior.	2026-01-13 15:01:54 +01:00
Moritz	93190d558f	test: add Member resource policy tests	2026-01-13 15:01:53 +01:00
carla	cc6d72b6b1	feat: add service skeleton and tests	2026-01-13 11:44:40 +01:00