33 commits

Author	SHA1	Message	Date
Moritz	403eda3908	Add Role helper function and create_role_with_system_flag action ... - Add get_mitglied_role/0 helper to avoid code duplication - Add create_role_with_system_flag action for seeds/migrations - Allows setting is_system_role flag (required for 'Mitglied' role)	2026-01-24 19:15:05 +01:00
Moritz	b545d2b9e1	Remove NoActor module, improve Member validation, update docs	2026-01-24 11:59:18 +01:00
Moritz	427608578f	Restrict Actor.ensure_loaded to Mv.Accounts.User only ... Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-22 23:17:55 +01:00
Moritz	f3abade7ad	Add authorize?: false to Actor.ensure_loaded ... SECURITY: Skip authorization for role loading to avoid circular dependency. Actor loads their OWN role, needed for authorization itself. Documented why this is safe.	2026-01-22 23:04:56 +01:00
Moritz	e60bb6926f	Remove unused PolicyHelpers macro and PolicyConsistency test ... Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-22 22:37:09 +01:00
Moritz	f2def20fce	Add centralized Actor.ensure_loaded helper ... Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-22 22:37:07 +01:00
Moritz	05c71132e4	Replace NoActor runtime Mix.env with compile-time config ... Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-22 22:37:04 +01:00
Moritz	a834bdc4ff	Add PolicyHelpers macro for standard user policies ... Encapsulate two-tier policy pattern (bypass + HasPermission). Promote consistency across resource policy definitions.	2026-01-22 21:36:18 +01:00
Moritz	f1e6a1e9db	Clarify User.update :own in permission sets ... Add explicit comments explaining why all permission sets grant User.update with scope :own for password changes.	2026-01-22 21:36:11 +01:00
Moritz	56144a7696	Add role loading fallback to HasPermission check ... Extract ash_resource? helper to reduce nesting depth. Add ensure_role_loaded fallback for unloaded actor roles.	2026-01-22 21:36:10 +01:00
Moritz	93216f3ee6	Harden NoActor check with runtime environment guard ... Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.	2026-01-22 21:36:09 +01:00
Moritz	429042cbba	feat(auth): add User resource authorization policies ... Implement bypass for READ + HasPermission for UPDATE pattern Extend HasPermission check to support User resource scope :own	2026-01-22 19:19:22 +01:00
Moritz	9c2cff6307	docs: Update domain Public API documentation	2026-01-20 15:50:08 +01:00
Moritz	dc3268cbf4	Fix: Update comment in auto_filter to reflect expr(false) usage ... Update comment from 'id IN [] = never matches' to 'expr(false) = match none' to match the actual implementation of deny_filter().	2026-01-13 15:01:56 +01:00
Moritz	c95a6fac69	Improve: Make deny_filter robust and add regression test ... - Change deny_filter from [id: {:in, []}] to expr(false) - Add regression test to ensure deny-filter matches 0 records	2026-01-13 15:01:55 +01:00
Moritz	42a463f422	Security: Fix critical deny-filter bug and improve authorization ... CRITICAL FIX: Deny-filter was allowing all records instead of denying Fix: User validation in Member now uses actor from changeset.context	2026-01-13 15:01:55 +01:00
Moritz	6846363132	Refactor: NoActor to SimpleCheck with compile-time environment check ... This prevents security issues where :create/:read without actor would be allowed in production. Now all operations require an actor in production.	2026-01-13 15:01:54 +01:00
Moritz	70729bdd73	Fix: HasPermission auto_filter and strict_check implementation ... Fixes security issue where auto_filter returned nil instead of proper filter expressions, which could lead to incorrect authorization behavior.	2026-01-13 15:01:54 +01:00
Moritz	4192922fd3	feat: implement authorization policies for Member resource	2026-01-13 15:01:53 +01:00
Moritz	db0a187058	fix: correct relationship filter paths in HasPermission check ... - Use user.id instead of user_id for Member linked scope - Use member.user.id for CustomFieldValue linked scope - Add lazy logger evaluation - Improve action nil handling - Add integration tests for filter expressions	2026-01-08 17:45:02 +01:00
Moritz	288002f404	feat: implement HasPermission policy check ... Implement custom Ash Policy Check that reads permissions from PermissionSets module and applies scope filters to Ash queries.	2026-01-08 16:48:43 +01:00
Moritz	18ec4bfd16	fix: add missing /custom_field_values/:id page to read_only and normal_user ... - Add /custom_field_values/:id to read_only pages (users can view list, should also view details) - Add /custom_field_values/:id to normal_user pages - Refactor tests to reduce duplication (use for-comprehension for structure tests) - Add tests for invalid input types in valid_permission_set?/1 - Update @spec for valid_permission_set?/1 to accept any() type	2026-01-06 22:17:33 +01:00
Moritz	7845117fad	refactor: improve error handling and documentation in PermissionSets ... - Add explicit ArgumentError for invalid permission set names with helpful message - Soften performance claim in documentation (intended to be constant-time) - Add tests for error handling - Improve maintainability with guard clause for invalid inputs	2026-01-06 21:55:52 +01:00
Moritz	9b0d022767	fix: add missing /profile page to read_only and normal_user permission sets ... Both permission sets allow User:update :own, so users should be able to access their profile page. This makes the implementation consistent with the documentation and the logical permission model.	2026-01-06 21:55:13 +01:00
Moritz	3a0fb4e84f	feat: implement PermissionSets module with all 4 permission sets ... - Add types for scope, action, resource_permission, permission_set - Implement get_permissions/1 for all 4 sets (own_data, read_only, normal_user, admin) - Implement valid_permission_set?/1 for string and atom validation - Implement permission_set_name_to_atom/1 with error handling	2026-01-06 21:33:39 +01:00
Moritz	5f13901ca5	security: remove is_system_role from public API ... Remove is_system_role from accept lists in create_role and update_role actions. This field should only be set via seeds or internal actions to prevent users from creating unkillable roles through the public API.	2026-01-06 19:04:03 +01:00
Moritz	f63405052f	feat: add get_role action to Authorization domain ... Add get_role action for retrieving single role by ID through code interface.	2026-01-06 18:37:35 +01:00
Moritz	557eb4d27d	refactor: simplify system role deletion validation ... Remove redundant action_type check since validation already runs only on destroy actions. Add field to error for better error handling.	2026-01-06 18:37:34 +01:00
Moritz	12c08cabee	docs: clean up PermissionSets documentation ... Remove issue number references from moduledoc	2026-01-06 18:14:19 +01:00
Moritz	82ec4e565a	refactor: use UUIDv7 and improve Role validations ... - Change id from uuid_primary_key to uuid_v7_primary_key - Replace custom validation with built-in one_of validation - Add explicit on_delete: :restrict for users foreign key - Update postgres references configuration	2026-01-06 18:14:16 +01:00
Moritz	4535551b8d	feat: add Role resource with validations ... Create Role resource with name, description, permission_set_name, and is_system_role fields. Add validations for permission_set_name and system role deletion protection.	2026-01-06 17:18:32 +01:00
Moritz	1b2927ce40	feat: create Authorization domain ... Add Mv.Authorization domain with AshAdmin and AshPhoenix extensions. Register domain in config for role management.	2026-01-06 17:18:30 +01:00
Moritz	37d1655227	feat: add PermissionSets stub module for role validation ... Add minimal PermissionSets module with all_permission_sets/0 function to support permission_set_name validation in Role resource.	2026-01-06 17:18:29 +01:00