mitgliederverwaltung

Author	SHA1	Message	Date
Moritz	29dc97fde1	Update gettext: extract and add DE/EN for statistics strings Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-10 22:31:49 +01:00
Moritz	babe26a33a	Pass actor through CycleGenerator so seeds can use admin - get_actor(opts): use opts[:actor] or system actor - load_member, do_generate_cycles, create_cycles pass opts - Seeds pass admin_user_with_role for Ash.load! and cycle updates Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-10 22:31:45 +01:00
Moritz	fd8894f577	Add StatisticsLive: overview, bars by year, pie chart - Summary cards: active/inactive members, open amount - Joins and exits by year (horizontal bars) - Contributions by year: table with stacked bar above amounts - Column order: Paid, Unpaid, Suspended, Total; color dots for legend - All years combined pie chart - LiveView tests Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-10 22:31:40 +01:00
Moritz	cf79bbd1c4	Add statistics route, permissions, and sidebar entry - /statistics route and PagePaths.statistics - Permission sets: viewer and admin can access /statistics - Sidebar link with can_access_page check - Plug and sidebar tests updated Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-10 22:31:35 +01:00
Moritz	7b83011dcb	Add Statistics module for member and cycle aggregates - first_join_year, active/inactive counts, joins/exits by year - cycle_totals_by_year, open_amount_total - Unit tests for Statistics Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-10 22:29:26 +01:00
carla	496e2e438f	Merge pull request 'Implements CSV export closes #285 ' (#408 ) from feature/export_csv into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #408	2026-02-09 15:17:49 +01:00
carla	e68a7cf8c7	fix linting All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/promote/production Build is passing Details	2026-02-09 14:08:12 +01:00
carla	80fe73a561	docs: update docs	2026-02-09 14:08:04 +01:00
carla	31624e460b	i18n: update translations	2026-02-09 13:37:37 +01:00
carla	9115d53198	tests: add tests	2026-02-09 13:34:57 +01:00
carla	e1266944b1	feat: add membership fee status to columns and dropdown	2026-02-09 13:34:38 +01:00
carla	36e57b24be	Merge branch 'main' into feature/export_csv Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-06 08:02:05 +01:00
carla	8e387d8e17	tests: update tests Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-05 15:03:36 +01:00
carla	9b9e7ec995	fix: sorting and filter for export	2026-02-05 15:03:25 +01:00
moritz	cc02748cc6	Merge pull request 'Fix prod admin initialisation' (#410 ) from fix/admin_init into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #410	2026-02-04 21:41:38 +01:00
Moritz	ad54b0c462	Release.seed_admin: ensure app started when run via bin/mv eval Some checks reported errors continuous-integration/drone/push Build was killed Details continuous-integration/drone/promote/production Build is passing Details Application.ensure_all_started(:mv) so Ash/Telemetry work (ETS table exists). Fixes Unknown Error / telemetry_handler_table in production entrypoint.	2026-02-04 21:33:41 +01:00
moritz	6ab0365a8c	Merge pull request 'Init an admin user in prod closes #381 ' (#409 ) from feature/381_init_admin into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #409	2026-02-04 20:53:00 +01:00
Moritz	ad42a53919	OIDC sign-in: robust after_action for get? result, non-bang role sync All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/promote/production Build is passing Details - sign_in_with_rauthy after_action normalizes result (nil/struct/list) to list before Enum.each. - OidcRoleSync.do_set_role uses Ash.update and swallows errors so auth is not blocked; skip update if role already correct.	2026-02-04 20:25:54 +01:00
Moritz	c5f1fdce0a	Code-review follow-ups: policy, docs, seed_admin behaviour All checks were successful continuous-integration/drone/push Build is passing Details - Use OidcRoleSyncContext for set_role_from_oidc_sync; document JWT peek risk. - seed_admin without password sets Admin role on existing user (OIDC-only); update docs and test. - Fix DE translation for 'access this page'; add get? true comment in User.	2026-02-04 19:44:43 +01:00
Moritz	d573a22769	Tests: accept single user or list from read_sign_in_with_rauthy (get? true) All checks were successful continuous-integration/drone/push Build is passing Details Handle {:ok, user}, {:ok, nil} in addition to {:ok, [user]}, {:ok, []}.	2026-02-04 18:13:30 +01:00
Moritz	58a5b086ad	OIDC: pass oauth_tokens to role sync; get? true for sign_in; return record in register - sign_in_with_rauthy: get? true so Ash returns single user; pass oauth_tokens to OidcRoleSync. - register_with_rauthy: pass oauth_tokens to OidcRoleSync; return {:ok, record} to preserve token.	2026-02-04 18:13:30 +01:00
Moritz	d441009c8a	Refactor: remove debug instrumentation from OidcRoleSync Drop temporary logging used to diagnose OIDC groups sync in dev.	2026-02-04 18:13:30 +01:00
Moritz	d37fc03a37	Fix: load OIDC role sync config from ENV in all environments OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM were only set in prod block; in dev admin_group was nil so role sync never ran. Move config outside prod block so dev/test get ENV values.	2026-02-04 18:13:30 +01:00
Moritz	55fef5a993	Docs and .env.example for admin bootstrap and OIDC role sync Documents ADMIN_EMAIL/PASSWORD, seed_admin, entrypoint; OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM and role sync on register/sign-in.	2026-02-04 18:13:30 +01:00
Moritz	99722dee26	Add OidcRoleSync: apply Admin/Mitglied from OIDC groups Register and sign-in call apply_admin_role_from_user_info; users in configured admin group get Admin role, others get Mitglied. Internal User action + bypass policy.	2026-02-04 18:13:30 +01:00
Moritz	a6e35da0f7	Add OIDC role sync config (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM) Mv.OidcRoleSyncConfig reads from config; runtime.exs overrides from ENV in prod.	2026-02-04 18:13:30 +01:00
Moritz	50c8a0dc9a	Seeds: call Mv.Release.seed_admin to avoid duplication Replaces inline admin creation with seed_admin(); exercises same path as entrypoint. Dev/test: set ADMIN_EMAIL default and ADMIN_PASSWORD fallback before calling.	2026-02-04 18:13:30 +01:00
Moritz	e065b39ed4	Add Mv.Release.seed_admin for admin bootstrap from ENV Creates/updates admin user from ADMIN_EMAIL and ADMIN_PASSWORD or ADMIN_PASSWORD_FILE. Idempotent; no fallback password in production. Called from docker entrypoint and seeds.	2026-02-04 18:13:30 +01:00
Moritz	b177e41882	Add Role.get_admin_role for Release.seed_admin Used by Mv.Release to resolve Admin role when creating/updating admin user from ENV.	2026-02-04 18:13:30 +01:00
Moritz	09a4b7c937	Seeds: use ADMIN_PASSWORD/ADMIN_PASSWORD_FILE; fallback only in dev/test No fallback in production; prod uses Release.seed_admin in entrypoint.	2026-02-04 18:13:30 +01:00
Moritz	7a56a0920b	Call seed_admin in docker entrypoint after migrate Ensures admin user is created/updated from ENV on every container start.	2026-02-04 18:13:30 +01:00
carla	e7d63b9b0a	fix linting Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-04 16:55:24 +01:00
carla	59d94cf1c6	Merge pull request 'Polishs import UI closes #337 ' (#398 ) from feature/337_polish_import into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #398	2026-02-04 16:50:43 +01:00
carla	b429a4dbb6	test: adds tests Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-04 16:43:12 +01:00
carla	c82f4b7fd7	feat: add csv export Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-04 16:40:41 +01:00
carla	361331b76e	fix linting errors All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/promote/production Build is passing Details	2026-02-04 16:36:13 +01:00
carla	3415faeb21	Merge branch 'main' into feature/337_polish_import Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-04 16:28:55 +01:00
carla	d34ff57531	refactor All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/promote/production Build is passing Details	2026-02-04 15:52:00 +01:00
moritz	82b3182267	Merge pull request 'Permission system hardening: Role policies and member user-link restriction closes #406 ' (#407 ) from feature/406_permission_hardening into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #407	2026-02-04 14:52:49 +01:00
Moritz	95472424b1	Fix member unlink: use User update_user action Some checks reported errors continuous-integration/drone/push Build was killed Details continuous-integration/drone/promote/production Build is passing Details UnrelateUserWhenArgumentNil used User :update which only accepts :email. Switch to :update_user with member: nil so manage_relationship clears member_id.	2026-02-04 14:46:23 +01:00
Moritz	5194b20b5c	Fix unlink-by-omission: on_missing :ignore, test, doc, string-key Some checks failed continuous-integration/drone/push Build is failing Details - Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted) - Test: normal_user update linked member without :user keeps link - Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note - Check: defense-in-depth for "user" string key	2026-02-04 14:07:39 +01:00
Moritz	543fded102	Harden member user-link check: argument presence, nil actor, policy scope - Forbid on :user argument presence (not value) to block unlink via nil/empty - Defensive nil actor handling; policy restricted to create/update only - Test: Ash.load with actor; test non-admin cannot unlink via user: nil - Docs: unlink behaviour and policy split	2026-02-04 14:07:39 +01:00
Moritz	34e049ef32	Refactor member user-link tests: shared setup Use describe-level setup for normal_user, admin, unlinked_member.	2026-02-04 14:07:39 +01:00
Moritz	54e419ed4c	Docs: permission hardening Role and member user link Role: Ash policies (HasPermission); read for all, create/update/destroy admin only. User–member link: only admins may set :user on Member create/update (ForbidMemberUserLinkUnlessAdmin).	2026-02-04 14:07:39 +01:00
Moritz	26fbafdd9d	Restrict member user link to admins (forbid policy) Add ForbidMemberUserLinkUnlessAdmin check; forbid_if on Member create/update. Fix member user-link tests: pass :user in params, assert via reload.	2026-02-04 14:07:38 +01:00
Moritz	4d3a64c177	Add Role resource policies (defense-in-depth) - PermissionSets: Role read :all for own_data, read_only, normal_user; admin keeps full CRUD - Role resource: authorizers and policies with HasPermission - Tests: role_policies_test.exs (read all, create/update/destroy admin only) - Fix existing tests to pass actor or authorize?: false for Role operations	2026-02-04 14:07:38 +01:00
moritz	10f37a1246	Merge pull request 'Update Mix dependencies' (#392 ) from renovate/mix-dependencies into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #392	2026-02-04 14:06:30 +01:00
Moritz	40e75f4066	refactor: reduce nesting in HasPermission.strict_check_with_permissions Some checks reported errors continuous-integration/drone/push Build was killed Details continuous-integration/drone/promote/production Build is passing Details Extract strict_check_filter_scope/4 to satisfy Credo max depth 2.	2026-02-04 13:29:41 +01:00
Moritz	f7ba98c36b	refactor: reduce nesting in SyncUserEmailToMember.sync_email Some checks failed continuous-integration/drone/push Build is failing Details Extract apply_sync/1 and sync_by_record_type/4 to satisfy Credo max depth 2.	2026-02-04 13:03:36 +01:00
Renovate Bot	6aadf4f93b	Update Mix dependencies Some checks failed continuous-integration/drone/push Build is failing Details	2026-02-04 12:13:20 +01:00

1 2 3 4 5 ...

1204 commits