local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1110 commits 13 branches 0 tags 7.9 MiB
Commit graph

356 commits

Author SHA1 Message Date
Moritz
f779fd61e0
Gate sidebar menu items by can_access_page? 
Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.
 2026-02-03 16:56:52 +01:00
Moritz
2f67c7099d
Apply UI authorization to User LiveViews (Index and Show) 
Gate New User button, Edit and Delete links with can?/3.
Edit button on User Show visible only when user can update the user.
 2026-02-03 16:56:51 +01:00
Moritz
505e31653a
Apply UI authorization to Member LiveViews (Index and Show) 
Gate New Member button, Edit and Delete links with can?/3.
Edit button on Member Show visible only when user can update the member.
 2026-02-03 16:56:51 +01:00
carla
71db9cf3c1 formatting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:54:27 +01:00
carla
9e27de84cb Merge branch 'main' into feature/338_import_custom_fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:46:05 +01:00
carla
f5591c392a i18n: add translation 2026-02-02 13:42:16 +01:00
carla
3f8797c356 feat: import custom fields via CSV 2026-02-02 11:42:07 +01:00
carla
e74154581c feat: changes UI info based on config for limits 2026-02-02 10:10:02 +01:00
carla
3f551c5f8d feat: add configs for impor tlimits
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 09:49:13 +01:00
Moritz
6e13a3aa34
Docs: note User-Member Linking enforcement in code
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:28:41 +01:00
Moritz
06d6531569 UserLive.Form: gate Member-Linking to admin, use :update for non-admin 
- Show Member-Linking UI only when can_manage_member_linking (admin)
- perform_member_link_action runs only for admin
- assign_form: non-admin uses :update (email), admin uses :update_user
- Load members for linking only when can_manage_member_linking
 2026-01-30 11:13:28 +01:00
Moritz
a1fe36b7f2 Delegate can_access_page? to CheckPagePermission 
- UI uses same rules as plug (reserved 'new', own/linked path checks)
 2026-01-30 10:22:31 +01:00
Moritz
b55f356762
fix: handle nil member in MembershipFeeHelpers 
- get_last_completed_cycle/2 and get_current_cycle/2 return nil when member is nil.
- Avoids FunctionClauseError when MemberLive.Show receives no member (e.g. after
  redirect or policy filter). Add unit tests for nil member.
 2026-01-30 00:00:32 +01:00
Moritz
b10b9c893c
feat: add CheckPagePermission plug for page-level authorization 
- Plug checks PermissionSets page list; redirects unauthorized to profile or sign-in.
- Router: add plug to :browser pipeline; LiveHelpers: check_page_permission_on_params
  for client-side navigation (push_patch).
 2026-01-30 00:00:31 +01:00
simon
d7f6d1c03c Merge pull request 'Change Logo closes #385' (#389) from feature/385-mila-logo into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #389
 2026-01-29 16:20:34 +01:00
Moritz
5a2f035ecc CustomField policies: actor required, no system-actor fallback, error handling 
- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format
 2026-01-29 16:10:12 +01:00
Moritz
9a7622ebed fix: pass actor to CustomFieldLive.FormComponent for save 
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
 2026-01-29 16:10:12 +01:00
Moritz
1d17c4f2dd fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 16:10:12 +01:00
Simon
8fa337bd81
feat: change logo
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:55:15 +01:00
Simon
b4adf63e83
feix: optimize queries for groups
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-29 15:22:40 +01:00
Simon
124ab295a6
fix: select all checkbox handling 2026-01-29 15:14:36 +01:00
Simon
bb7e3cbe77
fix: make sure all tests run
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-29 14:49:39 +01:00
Simon
59aefe9521
fix: minor bugs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:45:05 +01:00
Simon
ddc8335cc0
refactor: improve groups LiveView based on code review feedback
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:33:27 +01:00
Simon
3eb4cde0b7
Merge remote-tracking branch 'origin/main' into feature/372-groups-management
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 23:48:31 +01:00
Simon
9991291b2f
test: adapt tests to reflect implementation details
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 23:40:12 +01:00
Simon
5e0b6580ae
refactor: fix credo warnings, update gettext
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 22:32:37 +01:00
Simon
05c81af6e9
feat: add groups to sidebar #372 2026-01-27 22:05:21 +01:00
Simon
6faa9847f4
feat: add groups administration #372 2026-01-27 21:55:17 +01:00
Moritz
cbcb93418e feat(user_live): handle system user in form and show 
Early return / load_user_or_redirect, use system_user? to avoid editing system actor.
 2026-01-27 17:39:04 +01:00
Moritz
41bc031cc6 refactor(web): extract format_ash_error to MvWeb.ErrorHelpers 
Use shared ErrorHelpers in UserLive.Index for consistent Ash error formatting.
 2026-01-27 17:39:04 +01:00
Moritz
8ad5201e1a Hide system actor from user list and block show/edit 
Index: filter out SystemActor.system_user_email() in query. Show/Form:
redirect to /users with flash when viewing or editing system actor user.
Index format_error: handle Ash errors without :message field.
 2026-01-27 17:39:04 +01:00
Moritz
5195fd0d45 Fix missing max_errors assign in GlobalSettingsLive
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Set max_errors as socket assign in mount/3 to make it
available in templates. Fixes KeyError in CSV import UI.
 2026-01-25 18:36:33 +01:00
Moritz
5acb5e304d Fix CSV upload file reading 
Handle consume_uploaded_entries returning [content] directly
instead of [{:ok, content}]. Add locale support for translations
in background tasks.
 2026-01-25 18:33:27 +01:00
carla
79361c72d2
fix tests and linting 2026-01-25 17:31:49 +01:00
carla
b841c306fc
formatting 2026-01-25 17:31:49 +01:00
carla
0fe4a55e80
formatting and refactoring 2026-01-25 17:31:48 +01:00
carla
bf7e47ce5c
refactor 2026-01-25 17:31:42 +01:00
carla
04b0916c1e
refactor 2026-01-25 17:30:07 +01:00
carla
092fd99d48
fat: adds csv import live view to settings 2026-01-25 17:30:03 +01:00
Moritz
86c8b23c77
chore: increase test timeout and cleanup unused code
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-25 13:42:54 +01:00
Simon
1b44730b95
Fix: Ensure members are loaded in handle_params when signature unchanged
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-23 14:48:37 +01:00
Simon
672b4a8250
Merge branch 'main' into feature/filter-boolean-custom-fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:41:48 +01:00
Simon
20c96123e1
fix: failing test
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:33:54 +01:00
Simon
1d46fd1baf
feat: improve filter performance by reducing Ash.read! calls
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:22:57 +01:00
Simon
b4657cae23
fix: resolve pr remarks 2026-01-23 14:00:18 +01:00
Moritz
41e342a1d6 Fix OIDC account linking by using SystemActor in LinkOidcAccountLive
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add SystemActor to all Ash operations in LinkOidcAccountLive
- Enables user lookup, reload, and oidc_id linking during OIDC flow
- User is not yet logged in during linking, so SystemActor provides authorization
 2026-01-23 02:14:59 +01:00
Moritz
f2def20fce Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-22 22:37:07 +01:00
Moritz
47c938cc50 Centralize role preloading in global LiveView on_mount 
Add ensure_user_role_loaded to global live_view quote block.
Remove redundant on_mount calls from individual LiveViews.
 2026-01-22 21:36:15 +01:00
Moritz
b0ddf99117 Add admin authorization check for regenerate cycles button 
Restrict UI access to cycle regeneration to administrators only
to prevent policy bypass via user interface
 2026-01-21 08:02:38 +01:00