Add actor and domain parameters to recalculate_user_count and
load_user_count to ensure consistent authorization. Clarify that
load_user_count is for initial display while recalculate_user_count
is for fresh count before deletion.
Add actor parameter to load_user_counts and recalculate_user_count
in Index LiveView to ensure consistent authorization and policy
enforcement. Also add domain parameter for clarity.
Move duplicate ensure_user_role_loaded logic into MvWeb.LiveHelpers
on_mount hook to eliminate code duplication across RoleLive modules
and centralize security-related user role loading.
- Convert Settings menu item to dropdown (similar to Contributions)
- Add Global Settings and Roles as sub-items
- Update German translations: 'Global Settings' and 'Roles'
- Add Users column showing number of users assigned to each role
- Load user counts efficiently in single query to avoid N+1
- Similar implementation to membership fee types member count
- Add text labels to Edit and Delete buttons in index page
- Change button size from btn-xs to btn-sm for better visibility
- Add Delete button to show page for non-system roles
- Implement handle_event for delete in show page
- Add format_error helper to show page
Add complete CRUD interface for role management under /admin/roles.
- Index page with table showing name, description, permission_set_name, is_system_role
- Show page for role details
- Form component for create/edit with permission_set_name dropdown
- System role badge and disabled delete button
- Flash messages for success/error
- Authorization checks using MvWeb.Authorization helpers
- Comprehensive test coverage (22 tests)
Routes added under /admin scope. All LiveViews load user role
for authorization checks. Form uses custom dropdown for permission sets.
Implement MvWeb.Authorization module with can?/3 and can_access_page?/2
functions for conditional rendering in LiveView templates.
- can?/3 supports both resource atoms and record structs with scope checking
- can_access_page?/2 checks page access permissions
- All functions use PermissionSets module for consistency with backend
- Graceful handling of nil users and invalid permission sets
- Comprehensive test coverage with 17 test cases
- Add /custom_field_values/:id to read_only pages (users can view list, should also view details)
- Add /custom_field_values/:id to normal_user pages
- Refactor tests to reduce duplication (use for-comprehension for structure tests)
- Add tests for invalid input types in valid_permission_set?/1
- Update @spec for valid_permission_set?/1 to accept any() type
- Add explicit ArgumentError for invalid permission set names with helpful message
- Soften performance claim in documentation (intended to be constant-time)
- Add tests for error handling
- Improve maintainability with guard clause for invalid inputs
Both permission sets allow User:update :own, so users should be able
to access their profile page. This makes the implementation consistent
with the documentation and the logical permission model.
- Add types for scope, action, resource_permission, permission_set
- Implement get_permissions/1 for all 4 sets (own_data, read_only, normal_user, admin)
- Implement valid_permission_set?/1 for string and atom validation
- Implement permission_set_name_to_atom/1 with error handling
Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.
Create Role resource with name, description, permission_set_name,
and is_system_role fields. Add validations for permission_set_name
and system role deletion protection.
Replace assign_new with assign for cycles and available_fee_types. Set regenerating flag at event start. Fix create_cycle parsing with explicit error handling. Use atomic bulk delete for all cycles. Improve delete confirmation robustness. Fix unless/else pattern for Credo compliance.
Replace after_action hooks with after_transaction to ensure async tasks only run after successful commit. Extract common cycle generation logic into handle_cycle_generation/2 to reduce duplication. Add structured error logging with context.
