- PermissionSets: Role read :all for own_data, read_only, normal_user; admin keeps full CRUD
- Role resource: authorizers and policies with HasPermission
- Tests: role_policies_test.exs (read all, create/update/destroy admin only)
- Fix existing tests to pass actor or authorize?: false for Role operations
- Policy tests: use Fixtures where applicable; create_custom_field() fix in custom_field_value.
- Replace unused actor with _actor, remove unused alias Accounts in policy tests.
- profile_navigation_test: disable Credo for intentional TODO comment.
- membership_fee_settings_live: current_actor(socket), Ash.read! with actor
- membership_fee_type_live/form: Ash.get! with actor in mount
- check_page_permission_test: normal_user /groups/new and /groups/:slug/edit allowed
- membership_fee_type_live form_test: actor for Ash.read_one!/get!
Member/User auth tests use data-testid and #row-id selectors.
Sidebar auth tests assert on data-testid=sidebar-administration.
Sidebar test expects data-testid in expanded-menu-group markup.
- ConnCase: add :read_only and :normal_user role tags for tests.
- Add CheckPagePermission plug tests (unit + integration for member, read_only,
normal_user, admin). Update permission_sets_test (refute "/" for own_data).
- Profile navigation, global_settings, role_live, membership_fee_type: use
users with role for "/" access; expect redirect for own_data on /settings
and /admin/roles.
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
Add complete CRUD interface for role management under /admin/roles.
- Index page with table showing name, description, permission_set_name, is_system_role
- Show page for role details
- Form component for create/edit with permission_set_name dropdown
- System role badge and disabled delete button
- Flash messages for success/error
- Authorization checks using MvWeb.Authorization helpers
- Comprehensive test coverage (22 tests)
Routes added under /admin scope. All LiveViews load user role
for authorization checks. Form uses custom dropdown for permission sets.
- Fix get_last_completed_cycle to find most recent completed cycle
- Fix create_cycle helpers to delete auto-generated cycles first
- Fix Ash.destroy return value handling
- Fix form selectors to use specific IDs
- Fix URL parameter names for filters
- Fix Ash.read_one return value expectations in tests
