local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 4 Projects 2 Releases Packages 1 Activity Actions
1215 commits 12 branches 0 tags 16 MiB
Commit graph

1215 commits

This branch
This branch
All branches
Author SHA1 Message Date
Simon
3b87db6ad1 test: add tdd tests for group integration in member view #373 2026-02-13 09:39:53 +01:00
Simon
dce4b2cf33
feat: add groups to member overview 2026-02-13 09:28:16 +01:00
simon
82e908a7e4 Merge pull request 'UI for adding and removing members on the group show page' (#401) from feature/ui-for-adding-members-groups into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #401
 2026-02-12 15:41:15 +01:00
Simon
2f8a6a2768
Merge remote-tracking branch 'origin/main' into feature/ui-for-adding-members-groups
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-12 15:16:35 +01:00
Simon
900f322422
fix: pr comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-12 15:08:40 +01:00
moritz
962e12b644 Merge pull request 'Update renovate/renovate Docker tag to v42.96' (#414) from renovate/renovate-renovate-42.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #414
 2026-02-10 17:26:39 +01:00
Renovate Bot
022e33773e chore(deps): update renovate/renovate docker tag to v42.97
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2026-02-10 17:26:20 +01:00
moritz
a88fdaf96f Merge pull request 'chore(deps): update ghcr.io/sebadob/rauthy docker tag to v0.34.3' (#412) from renovate/ghcr.io-sebadob-rauthy-0.x into main
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
Reviewed-on: #412
 2026-02-10 17:25:21 +01:00
Renovate Bot
74dfd93fb8 Update ghcr.io/sebadob/rauthy Docker tag to v0.34.3
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2026-02-10 17:25:00 +01:00
moritz
c9ea784c14 Merge pull request 'chore(deps): update mix dependencies' (#411) from renovate/mix-dependencies into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #411
 2026-02-10 16:46:04 +01:00
Renovate Bot
b142a3a66a chore(deps): update mix dependencies
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-10 00:27:05 +00:00
carla
496e2e438f Merge pull request 'Implements CSV export closes #285' (#408) from feature/export_csv into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #408
 2026-02-09 15:17:49 +01:00
carla
e68a7cf8c7 fix linting
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-09 14:08:12 +01:00
carla
80fe73a561 docs: update docs 2026-02-09 14:08:04 +01:00
carla
31624e460b i18n: update translations 2026-02-09 13:37:37 +01:00
carla
9115d53198 tests: add tests 2026-02-09 13:34:57 +01:00
carla
e1266944b1 feat: add membership fee status to columns and dropdown 2026-02-09 13:34:38 +01:00
carla
36e57b24be Merge branch 'main' into feature/export_csv
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-06 08:02:05 +01:00
carla
8e387d8e17 tests: update tests
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-05 15:03:36 +01:00
carla
9b9e7ec995 fix: sorting and filter for export 2026-02-05 15:03:25 +01:00
moritz
cc02748cc6 Merge pull request 'Fix prod admin initialisation' (#410) from fix/admin_init into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #410
 2026-02-04 21:41:38 +01:00
Moritz
ad54b0c462 Release.seed_admin: ensure app started when run via bin/mv eval
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
Application.ensure_all_started(:mv) so Ash/Telemetry work (ETS table exists).
Fixes Unknown Error / telemetry_handler_table in production entrypoint.
 2026-02-04 21:33:41 +01:00
moritz
6ab0365a8c Merge pull request 'Init an admin user in prod closes #381' (#409) from feature/381_init_admin into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #409
 2026-02-04 20:53:00 +01:00
Moritz
ad42a53919 OIDC sign-in: robust after_action for get? result, non-bang role sync
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
- sign_in_with_rauthy after_action normalizes result (nil/struct/list) to list before Enum.each.
- OidcRoleSync.do_set_role uses Ash.update and swallows errors so auth is not blocked; skip update if role already correct.
 2026-02-04 20:25:54 +01:00
Moritz
c5f1fdce0a Code-review follow-ups: policy, docs, seed_admin behaviour
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Use OidcRoleSyncContext for set_role_from_oidc_sync; document JWT peek risk.
- seed_admin without password sets Admin role on existing user (OIDC-only); update docs and test.
- Fix DE translation for 'access this page'; add get? true comment in User.
 2026-02-04 19:44:43 +01:00
Moritz
d573a22769 Tests: accept single user or list from read_sign_in_with_rauthy (get? true)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Handle {:ok, user}, {:ok, nil} in addition to {:ok, [user]}, {:ok, []}.
 2026-02-04 18:13:30 +01:00
Moritz
58a5b086ad OIDC: pass oauth_tokens to role sync; get? true for sign_in; return record in register 
- sign_in_with_rauthy: get? true so Ash returns single user; pass oauth_tokens to OidcRoleSync.
- register_with_rauthy: pass oauth_tokens to OidcRoleSync; return {:ok, record} to preserve token.
 2026-02-04 18:13:30 +01:00
Moritz
d441009c8a Refactor: remove debug instrumentation from OidcRoleSync 
Drop temporary logging used to diagnose OIDC groups sync in dev.
 2026-02-04 18:13:30 +01:00
Moritz
d37fc03a37 Fix: load OIDC role sync config from ENV in all environments 
OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM were only set in prod block;
in dev admin_group was nil so role sync never ran. Move config outside
prod block so dev/test get ENV values.
 2026-02-04 18:13:30 +01:00
Moritz
55fef5a993 Docs and .env.example for admin bootstrap and OIDC role sync 
Documents ADMIN_EMAIL/PASSWORD, seed_admin, entrypoint; OIDC_ADMIN_GROUP_NAME,
OIDC_GROUPS_CLAIM and role sync on register/sign-in.
 2026-02-04 18:13:30 +01:00
Moritz
99722dee26 Add OidcRoleSync: apply Admin/Mitglied from OIDC groups 
Register and sign-in call apply_admin_role_from_user_info; users in configured
admin group get Admin role, others get Mitglied. Internal User action + bypass policy.
 2026-02-04 18:13:30 +01:00
Moritz
a6e35da0f7 Add OIDC role sync config (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM) 
Mv.OidcRoleSyncConfig reads from config; runtime.exs overrides from ENV in prod.
 2026-02-04 18:13:30 +01:00
Moritz
50c8a0dc9a Seeds: call Mv.Release.seed_admin to avoid duplication 
Replaces inline admin creation with seed_admin(); exercises same path as entrypoint.
Dev/test: set ADMIN_EMAIL default and ADMIN_PASSWORD fallback before calling.
 2026-02-04 18:13:30 +01:00
Moritz
e065b39ed4 Add Mv.Release.seed_admin for admin bootstrap from ENV 
Creates/updates admin user from ADMIN_EMAIL and ADMIN_PASSWORD or ADMIN_PASSWORD_FILE.
Idempotent; no fallback password in production. Called from docker entrypoint and seeds.
 2026-02-04 18:13:30 +01:00
Moritz
b177e41882 Add Role.get_admin_role for Release.seed_admin 
Used by Mv.Release to resolve Admin role when creating/updating admin user from ENV.
 2026-02-04 18:13:30 +01:00
Moritz
09a4b7c937 Seeds: use ADMIN_PASSWORD/ADMIN_PASSWORD_FILE; fallback only in dev/test 
No fallback in production; prod uses Release.seed_admin in entrypoint.
 2026-02-04 18:13:30 +01:00
Moritz
7a56a0920b Call seed_admin in docker entrypoint after migrate 
Ensures admin user is created/updated from ENV on every container start.
 2026-02-04 18:13:30 +01:00
carla
e7d63b9b0a fix linting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-04 16:55:24 +01:00
carla
59d94cf1c6 Merge pull request 'Polishs import UI closes #337' (#398) from feature/337_polish_import into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #398
 2026-02-04 16:50:43 +01:00
carla
b429a4dbb6 test: adds tests
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-04 16:43:12 +01:00
carla
c82f4b7fd7 feat: add csv export
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-04 16:40:41 +01:00
carla
361331b76e fix linting errors
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-04 16:36:13 +01:00
carla
3415faeb21 Merge branch 'main' into feature/337_polish_import
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-04 16:28:55 +01:00
carla
d34ff57531 refactor
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-04 15:52:00 +01:00
moritz
82b3182267 Merge pull request 'Permission system hardening: Role policies and member user-link restriction closes #406' (#407) from feature/406_permission_hardening into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #407
 2026-02-04 14:52:49 +01:00
Moritz
95472424b1
Fix member unlink: use User update_user action
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
UnrelateUserWhenArgumentNil used User :update which only accepts :email.
Switch to :update_user with member: nil so manage_relationship clears member_id.
 2026-02-04 14:46:23 +01:00
Moritz
5194b20b5c
Fix unlink-by-omission: on_missing :ignore, test, doc, string-key
Some checks failed
continuous-integration/drone/push Build is failing
Details 
- Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted)
- Test: normal_user update linked member without :user keeps link
- Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note
- Check: defense-in-depth for "user" string key
 2026-02-04 14:07:39 +01:00
Moritz
543fded102
Harden member user-link check: argument presence, nil actor, policy scope 
- Forbid on :user argument presence (not value) to block unlink via nil/empty
- Defensive nil actor handling; policy restricted to create/update only
- Test: Ash.load with actor; test non-admin cannot unlink via user: nil
- Docs: unlink behaviour and policy split
 2026-02-04 14:07:39 +01:00
Moritz
34e049ef32
Refactor member user-link tests: shared setup 
Use describe-level setup for normal_user, admin, unlinked_member.
 2026-02-04 14:07:39 +01:00
Moritz
54e419ed4c
Docs: permission hardening Role and member user link 
Role: Ash policies (HasPermission); read for all, create/update/destroy admin only.
User–member link: only admins may set :user on Member create/update (ForbidMemberUserLinkUnlessAdmin).
 2026-02-04 14:07:39 +01:00