145a76348c
Pass actor parameter in seeds and update test setup
...
Ensure cycle generation in seeds uses admin actor and update test
to use global admin_user from ConnCase setup.
2026-01-13 15:17:05 +01:00
9ecfe784db
Add missing Gettext translations for member deletion errors
...
Add German and English translations for member deletion success and
error messages.
2026-01-13 15:17:03 +01:00
cd7e6b0843
Use current_actor/1 helper in all LiveViews
...
Replace inconsistent actor access patterns with current_actor/1 helper
and ensure actor is passed to all Ash operations for proper authorization.
2026-01-13 15:16:00 +01:00
74fe60f768
Pass actor parameter to member email validation
...
Extract actor from changeset context and pass it to Ash.read and
Ash.load calls in email uniqueness validation.
2026-01-13 15:16:00 +01:00
5ffd2b334e
Pass actor parameter through email sync operations
...
Extract actor from changeset context and pass it to all email sync
loader functions to ensure proper authorization when loading linked
users and members.
2026-01-13 15:16:00 +01:00
dbd79075f5
Pass actor parameter through cycle generation
...
Extract actor from changeset context in Member hooks and pass it
through all cycle generation functions to ensure proper authorization.
2026-01-13 15:15:59 +01:00
01cc5aa3a1
Add current_actor/1 helper for consistent actor access
...
Provides a single function to access current_user from socket assigns
across all LiveViews, ensuring consistent access pattern.
2026-01-13 15:15:59 +01:00
075a06ba6f
Refactor test setup: use global setup and fix MembershipFees domain alias
...
- Remove redundant setup blocks from member_live tests
- Add build_unauthenticated_conn helper for AuthController tests
- Add global setup in conn_case.ex
2026-01-13 15:15:56 +01:00
bc87893134
Integrate Member policies in LiveViews
...
- Add on_mount hook to ensure user role is loaded in all Member LiveViews
- Pass actor parameter to all Ash operations (read, get, create, update, destroy, load)
2026-01-13 15:12:24 +01:00
dc3268cbf4
Fix: Update comment in auto_filter to reflect expr(false) usage
...
Update comment from 'id IN [] = never matches' to 'expr(false) = match none'
to match the actual implementation of deny_filter().
2026-01-13 15:01:56 +01:00
c95a6fac69
Improve: Make deny_filter robust and add regression test
...
- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records
2026-01-13 15:01:55 +01:00
42a463f422
Security: Fix critical deny-filter bug and improve authorization
...
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
2026-01-13 15:01:55 +01:00
b3eb6c9223
Docs: Correct :linked scope documentation
2026-01-13 15:01:55 +01:00
4fffeeaaa0
Fix: Seeds use admin actor instead of NoActor bypass
...
This ensures seeds work correctly with the new fail-closed NoActor
policy in production, using proper authorization instead of bypass.
2026-01-13 15:01:55 +01:00
6846363132
Refactor: NoActor to SimpleCheck with compile-time environment check
...
This prevents security issues where :create/:read without actor would
be allowed in production. Now all operations require an actor in production.
2026-01-13 15:01:54 +01:00
70729bdd73
Fix: HasPermission auto_filter and strict_check implementation
...
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
2026-01-13 15:01:54 +01:00
4192922fd3
feat: implement authorization policies for Member resource
2026-01-13 15:01:53 +01:00
93190d558f
test: add Member resource policy tests
2026-01-13 15:01:53 +01:00
22d50d6c46
Merge pull request 'add CSV teplate closes #329 ' ( #347 ) from feature/329_csv_specification into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #347
2026-01-13 11:02:52 +01:00
469c4c0c1d
i18n: update translations
continuous-integration/drone/push Build is passing
2026-01-13 10:55:09 +01:00
6fe75db56d
formatting
continuous-integration/drone/push Build is failing
2026-01-13 10:50:33 +01:00
35895ac7fd
fix tests
continuous-integration/drone/push Build is failing
2026-01-13 10:48:44 +01:00
720a43a38c
feat: added csv templates
continuous-integration/drone/push Build is failing
2026-01-12 17:36:15 +01:00
3fd6410bb4
style: fix linting
continuous-integration/drone/push Build is failing
2026-01-12 15:37:58 +01:00
a1b0f65233
Merge pull request 'Add sidebar' ( #260 ) from sidebar into main
...
continuous-integration/drone/push Build is failing
Reviewed-on: #260
2026-01-12 15:17:28 +01:00
8a1b14fc79
fix: fix tests and remove navbar remainings
continuous-integration/drone/push Build is failing
2026-01-12 15:16:31 +01:00
30805b07ca
chore: remove compose incompatibility with wsl2
continuous-integration/drone/push Build is failing
2026-01-12 14:16:08 +01:00
e7515b5450
Merge remote-tracking branch 'origin/main' into sidebar
2026-01-12 14:15:12 +01:00
06a05fcaad
Merge pull request 'Implements settings for member fields closes #223 ' ( #300 ) from feature/223_memberfields_settings into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #300
2026-01-12 13:24:52 +01:00
922f9f93d0
Merge branch 'main' into feature/223_memberfields_settings
continuous-integration/drone/push Build is passing
2026-01-12 13:15:40 +01:00
77908a1467
fix tests
continuous-integration/drone/push Build is passing
2026-01-12 11:45:44 +01:00
e38de7d690
chore: rename custom to data field in the UI
continuous-integration/drone/push Build is failing
2026-01-12 09:50:51 +01:00
35aff50bea
Merge pull request 'Custom Policy Check - HasPermission closes #343 ' ( #344 ) from feature/343_haspermission into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #344
2026-01-08 18:05:14 +01:00
db0a187058
fix: correct relationship filter paths in HasPermission check
...
continuous-integration/drone/push Build is passing
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
2026-01-08 17:45:02 +01:00
288002f404
feat: implement HasPermission policy check
...
continuous-integration/drone/push Build is passing
Implement custom Ash Policy Check that reads permissions from
PermissionSets module and applies scope filters to Ash queries.
2026-01-08 16:48:43 +01:00
cba471dcac
test: add tests for HasPermission policy check
...
Add comprehensive test suite for the HasPermission Ash Policy Check
covering permission lookup, scope application, error handling, and logging.
2026-01-08 16:48:42 +01:00
05b611d880
Merge pull request 'Role CRUD LiveViews closes #325 ' ( #326 ) from feature/325_role_view into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #326
2026-01-08 16:21:40 +01:00
68c09b761e
perf: optimize load_user_counts with DB-side aggregation
...
continuous-integration/drone/push Build is passing
Replace Elixir-side counting with Ecto GROUP BY COUNT query for
better performance. This avoids loading all users into memory and
performs the aggregation directly in the database.
2026-01-08 16:20:27 +01:00
5ac9ab7ff9
refactor: add opts_with_actor helper and improve error formatting
...
Add opts_with_actor helper function to reduce duplication when building
Ash options with actor and domain. Improve format_error documentation
and ensure consistent error message formatting.
2026-01-08 16:20:27 +01:00
34afe798ec
fix: use verified routes in navbar and improve can_access_page?
...
Use ~p verified routes instead of string paths in navbar template.
Update can_access_page? to handle both string and verified route paths
for better type safety.
2026-01-08 16:20:27 +01:00
ad0a3cd458
fix: add ensure_user_role_loaded to router live_session globally
2026-01-08 16:20:27 +01:00
675ab14fce
fix: correct German translations for role management
...
Fix incorrect translations:
- 'Listing Roles' -> 'Rollen auflisten' (was 'Benutzer*innen auflisten')
- 'Custom' -> 'Benutzerdefiniert' (was 'Benutzerdefinierte Felder')
2026-01-08 16:20:27 +01:00
59d656a07c
fix: add authorization check for Roles link in navbar
...
Only show Roles link in Settings dropdown for users with admin
permissions, preventing unauthorized access attempts.
2026-01-08 16:20:26 +01:00
32296625fe
refactor: extract shared helpers for RoleLive modules
...
Extract format_error and permission_set_badge_class functions into
MvWeb.RoleLive.Helpers module to eliminate code duplication between
Index and Show LiveViews.
2026-01-08 16:20:26 +01:00
e3cd400899
fix: add actor parameter to Ash.load in LiveHelpers
...
Use self as actor when loading user role relationship to ensure
proper authorization and policy enforcement.
2026-01-08 16:20:26 +01:00
d9dd936ae3
fix: add actor and domain parameters to user count functions in Show
...
Add actor and domain parameters to recalculate_user_count and
load_user_count to ensure consistent authorization. Clarify that
load_user_count is for initial display while recalculate_user_count
is for fresh count before deletion.
2026-01-08 16:20:26 +01:00
548bad6703
fix: add actor and domain parameters to user count functions
...
Add actor parameter to load_user_counts and recalculate_user_count
in Index LiveView to ensure consistent authorization and policy
enforcement. Also add domain parameter for clarity.
2026-01-08 16:20:25 +01:00
37a2fc3e83
refactor: replace cond with if in handle_delete_role functions
2026-01-08 16:20:25 +01:00
75ab046be4
refactor: extract ensure_user_role_loaded into shared on_mount hook
...
Move duplicate ensure_user_role_loaded logic into MvWeb.LiveHelpers
on_mount hook to eliminate code duplication across RoleLive modules
and centralize security-related user role loading.
2026-01-08 16:20:25 +01:00
ac67b8073d
fix: eliminate duplicate user_count queries in delete handlers
...
Calculate user_count once and reuse the value instead of calling
recalculate_user_count twice, reducing unnecessary database queries.
2026-01-08 16:20:25 +01:00
