f3abade7ad
Add authorize?: false to Actor.ensure_loaded
...
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
2026-01-22 23:04:56 +01:00
e60bb6926f
Remove unused PolicyHelpers macro and PolicyConsistency test
...
continuous-integration/drone/push Build is passing
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
2026-01-22 22:37:09 +01:00
f2def20fce
Add centralized Actor.ensure_loaded helper
...
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
2026-01-22 22:37:07 +01:00
05c71132e4
Replace NoActor runtime Mix.env with compile-time config
...
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
2026-01-22 22:37:04 +01:00
811a276d92
Update documentation for User credentials strategy
...
continuous-integration/drone/push Build is passing
Clarify that User.update :own is handled by HasPermission.
Fix file path references from lib/mv/accounts to lib/accounts.
2026-01-22 21:36:22 +01:00
d97f6f4004
Add policy consistency tests
...
Enforce User.update :own across all permission sets.
Verify READ bypass + UPDATE HasPermission pattern.
2026-01-22 21:36:19 +01:00
a834bdc4ff
Add PolicyHelpers macro for standard user policies
...
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
2026-01-22 21:36:18 +01:00
7d0f5fde86
Replace for comprehension with explicit describe blocks
...
Fix Credo parsing error by removing for comprehension.
Duplicate tests for own_data, read_only, normal_user sets.
2026-01-22 21:36:16 +01:00
47c938cc50
Centralize role preloading in global LiveView on_mount
...
Add ensure_user_role_loaded to global live_view quote block.
Remove redundant on_mount calls from individual LiveViews.
2026-01-22 21:36:15 +01:00
797452a76e
Shorten User policy comments to state what only
...
Move why explanations to documentation files.
Keep policy comments concise and focused.
2026-01-22 21:36:12 +01:00
f1e6a1e9db
Clarify User.update :own in permission sets
...
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
2026-01-22 21:36:11 +01:00
56144a7696
Add role loading fallback to HasPermission check
...
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
2026-01-22 21:36:10 +01:00
93216f3ee6
Harden NoActor check with runtime environment guard
...
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
2026-01-22 21:36:09 +01:00
5506b5b2dc
docs(auth): document User policies and bypass pattern
...
continuous-integration/drone/push Build is passing
Add bypass vs HasPermission pattern documentation
Update architecture and implementation plan docs
2026-01-22 19:19:27 +01:00
63d8c4668d
test(auth): add User policies test suite
...
31 tests covering all 4 permission sets and bypass scenarios
Update HasPermission tests to expect false for scope :own without record
2026-01-22 19:19:25 +01:00
429042cbba
feat(auth): add User resource authorization policies
...
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
2026-01-22 19:19:22 +01:00
a9f9cab96a
Merge pull request 'System Actor Mode for Systemic Flows closes #348 ' ( #361 ) from feature/348_system_actor into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #361
2026-01-21 08:36:39 +01:00
d07f1984cd
Move require Logger to module level
...
continuous-integration/drone/push Build is passing
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
2026-01-21 08:35:34 +01:00
1c5bd04661
Update gettext translations for new UI strings
continuous-integration/drone/push Build is passing
2026-01-21 08:09:34 +01:00
b0ddf99117
Add admin authorization check for regenerate cycles button
...
Restrict UI access to cycle regeneration to administrators only
to prevent policy bypass via user interface
2026-01-21 08:02:38 +01:00
ea399612be
Make system actor email configurable via SYSTEM_ACTOR_EMAIL
...
Allow system user email to be configured via environment variable
with fallback to default 'system@mila.local'
2026-01-21 08:02:35 +01:00
7e9de8e95b
Add logging for fail-open email uniqueness validations
...
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
2026-01-21 08:02:33 +01:00
5c3657fed1
Use SystemActor opts for cycle deletion operations
...
Pass actor_opts to delete_cycles/1 to ensure proper authorization
when MembershipFeeCycle policies are enforced
2026-01-21 08:02:32 +01:00
006b1aaf06
Replace Mix.env() with Config.sql_sandbox?() in SystemActor
...
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
2026-01-21 08:02:31 +01:00
a92f503752
fix: credo warning
continuous-integration/drone/push Build is passing
2026-01-21 01:24:43 +01:00
4b67039a78
test: add more filter component tests
continuous-integration/drone/push Build is failing
2026-01-21 01:14:26 +01:00
f996aee6b2
feat: add new filter component to members view
continuous-integration/drone/push Build is passing
2026-01-21 00:47:01 +01:00
5eadd5f090
Refactor test setup into helper functions
...
continuous-integration/drone/push Build is passing
Extract setup code into reusable helper functions to reduce
duplication and improve maintainability.
2026-01-20 23:16:40 +01:00
c5bd58e7d3
Add @spec type annotations to SystemActor functions
...
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
2026-01-20 23:16:39 +01:00
a3cf8571ff
Document System Actor pattern in code guidelines
...
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
2026-01-20 22:10:11 +01:00
f1bb6a0f9a
Add tests for System Actor helper
...
Test system actor retrieval, caching, fallback behavior,
and auto-creation in test environment.
2026-01-20 22:09:21 +01:00
c64b74588f
Use system actor for cycle generation
...
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
2026-01-20 22:09:20 +01:00
f0169c95b7
Use system actor for email uniqueness validation
...
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
2026-01-20 22:09:19 +01:00
8acd92e8d4
Use system actor for email synchronization
...
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
2026-01-20 22:09:18 +01:00
d993bd3913
Create system user in seeds
...
Add system@mila.local user with admin role for systemic operations.
This user is used by SystemActor helper for mandatory side effects.
2026-01-20 22:09:17 +01:00
ddb1252831
Add System Actor helper for systemic operations
...
Introduce Mv.Helpers.SystemActor module with lazy loading
for operations that must always run regardless of user permissions.
System actor has admin role and auto-creates in test environment.
2026-01-20 22:09:16 +01:00
1011b94acf
feat: load boolean custom fields
continuous-integration/drone/push Build is passing
2026-01-20 19:12:13 +01:00
fbf3b64192
refactor: fix credo issues
continuous-integration/drone/push Build is passing
2026-01-20 18:34:17 +01:00
01dea8bb8b
Merge branch 'main' into feature/filter-boolean-custom-fields
continuous-integration/drone/push Build is failing
2026-01-20 18:13:20 +01:00
ff8b29cffe
feat: implement filter logic for boolean ustom fields
continuous-integration/drone/push Build is failing
2026-01-20 18:08:41 +01:00
264323504f
Merge pull request 'Small refactoring' ( #360 ) from refactor into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #360
2026-01-20 17:59:22 +01:00
2dc0bce8cb
chore: rm todo list
continuous-integration/drone/push Build is passing
2026-01-20 17:04:42 +01:00
d65da2f498
test: add tdd tests for custom boolean field filter logic
continuous-integration/drone/push Build was killed
2026-01-20 17:03:58 +01:00
235154a102
test: Remove outdated TODO for auto-assignment feature
...
continuous-integration/drone/push Build was killed
Auto-assignment of default membership fee type is already implemented
via SetDefaultMembershipFeeType change. Test assertion is now active.
2026-01-20 16:33:50 +01:00
c6dd0cd09d
i18n: Add missing German translations for member form errors
...
- Add translations for validation error messages
- Add translations for save failure messages
2026-01-20 16:30:43 +01:00
0d8141837e
chore: update gettext
2026-01-20 16:15:01 +01:00
433f008af8
refactor: Reduce function complexity and nesting depth
...
- Extract helper functions from process_chunk to reduce nesting
- Extract format_error_message from extract_changeset_error
- Split extract_error_message into smaller functions to reduce complexity
- Fixes Credo refactoring opportunities
2026-01-20 16:05:32 +01:00
0abcf540bb
refactor: Replace length/1 with empty list comparison
...
Replace expensive length/1 calls with direct list comparison
to fix Credo warnings about performance
2026-01-20 15:58:15 +01:00
37e1553a02
feat: add custom boolean field state & URL-Parameter
2026-01-20 15:55:08 +01:00
32e0adb664
test: Add tests for UserLive.Show and RoleLive.Show
...
- Add comprehensive tests for UserLive.Show
- Add comprehensive tests for RoleLive.Show
- Cover mount, display, navigation, and error handling
2026-01-20 15:50:08 +01:00
