42a463f422
Security: Fix critical deny-filter bug and improve authorization
...
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
2026-01-13 15:01:55 +01:00
70729bdd73
Fix: HasPermission auto_filter and strict_check implementation
...
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
2026-01-13 15:01:54 +01:00
93190d558f
test: add Member resource policy tests
2026-01-13 15:01:53 +01:00
db0a187058
fix: correct relationship filter paths in HasPermission check
...
continuous-integration/drone/push Build is passing
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
2026-01-08 17:45:02 +01:00
cba471dcac
test: add tests for HasPermission policy check
...
Add comprehensive test suite for the HasPermission Ash Policy Check
covering permission lookup, scope application, error handling, and logging.
2026-01-08 16:48:42 +01:00
