local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1152 commits 13 branches 0 tags 7.9 MiB
Commit graph

1152 commits

This branch
This branch
All branches
Author SHA1 Message Date
Moritz
47b6a16177
Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin 2026-02-03 16:07:39 +01:00
Moritz
60a4181255
Validation: error message admin or linked user; resolve_actor fallback 2026-02-03 16:07:26 +01:00
Moritz
4e6b7305b6
Doc: Loader auth-independent for link checks; email-sync rule rationale 2026-02-03 16:07:13 +01:00
Moritz
4ea31f0f37 Add email-change permission validation for linked members
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.
 2026-02-03 14:35:32 +01:00
Moritz
ad02f8914f Use EmailSync.Loader.get_linked_user in EmailNotUsedByOtherUser 
Remove duplicate get_linked_user_id; reuse Loader for linked user lookup.
 2026-02-03 14:35:08 +01:00
Moritz
3d46ba655f Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks 
- Actor.permission_set_name(actor) returns role's permission set (supports nil role load).
- Actor.admin?(actor) returns true for system user or admin permission set.
- ActorIsAdmin policy check delegates to Actor.admin?/1.
 2026-02-03 14:34:24 +01:00
carla
c998d14b95 Merge pull request 'Implements custom field CSV import closes #338' (#395) from feature/338_import_custom_fields into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #395
 2026-02-02 17:05:29 +01:00
carla
960506d16a refactoring
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-02 16:56:07 +01:00
carla
aef3aa299f fix test
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-02 15:04:07 +01:00
carla
b21c3df7ef refactoring 2026-02-02 14:34:12 +01:00
carla
71db9cf3c1 formatting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:54:27 +01:00
carla
9e27de84cb Merge branch 'main' into feature/338_import_custom_fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:46:05 +01:00
carla
c56ca68922 docs: update docs
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:42:24 +01:00
carla
f5591c392a i18n: add translation 2026-02-02 13:42:16 +01:00
carla
aab5666f46 Merge pull request 'Adds config for import limits closes #336' (#394) from feature/336_import_auth into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #394
 2026-02-02 13:15:22 +01:00
carla
12715f3d85 refactoring 2026-02-02 13:07:08 +01:00
carla
86a3c4e50e tests: add tests for import 2026-02-02 13:07:00 +01:00
carla
3f8797c356 feat: import custom fields via CSV 2026-02-02 11:42:07 +01:00
carla
ce6240133d i18n: update translations
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is failing
Details
2026-02-02 10:23:49 +01:00
carla
4997819c73 feat: validate config 2026-02-02 10:22:21 +01:00
carla
b6d53d2826 refactor: add test to seperate async false module 2026-02-02 10:22:05 +01:00
carla
e74154581c feat: changes UI info based on config for limits 2026-02-02 10:10:02 +01:00
carla
d61a939deb formatting
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-02 09:50:47 +01:00
carla
3f551c5f8d feat: add configs for impor tlimits
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 09:49:13 +01:00
carla
9fd617e45a tests: add tests for config 2026-02-02 09:48:37 +01:00
moritz
b9dd990f52 Merge pull request 'Page Permission Router Plug closes #388' (#390) from feature/388_page_permissions into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #390
 2026-01-30 12:19:58 +01:00
Moritz
f8f6583679 PermissionSetsTest: assert /users/:id instead of /profile in pages
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
Profile is reachable at /users/:id; /profile was removed from PermissionSets.
 2026-01-30 11:37:34 +01:00
Moritz
6e13a3aa34
Docs: note User-Member Linking enforcement in code
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:28:41 +01:00
Moritz
cf6bd4a6a1 UserPoliciesTest: use :update for non-admin own-email and forbid-other 
- own_data, read_only, normal_user: can update own email via :update
- cannot update other users: use :update (scope :own forbids)
 2026-01-30 11:13:34 +01:00
Moritz
06d6531569 UserLive.Form: gate Member-Linking to admin, use :update for non-admin 
- Show Member-Linking UI only when can_manage_member_linking (admin)
- perform_member_link_action runs only for admin
- assign_form: non-admin uses :update (email), admin uses :update_user
- Load members for linking only when can_manage_member_linking
 2026-01-30 11:13:28 +01:00
Moritz
14fa873640 Restrict User.update_user to admin; allow :update for email only 
- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit
 2026-01-30 11:13:23 +01:00
Moritz
faee780aab Tests: read_only/normal_user /users/:id, Ash.read! actor, Authorization own/other
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Integration: read_only and normal_user GET /users/:id (own) and edit/show/edit return 200
- Integration: read_only GET /users/:id (other) redirects
- Plug test: use group_fixture in setup instead of Ash.read!() without actor
- Authorization: tests for own/other profile and reserved 'new'
 2026-01-30 10:22:34 +01:00
Moritz
a1fe36b7f2 Delegate can_access_page? to CheckPagePermission 
- UI uses same rules as plug (reserved 'new', own/linked path checks)
 2026-01-30 10:22:31 +01:00
Moritz
ea1d01fcea Docs: align route matrix with PermissionSets, add Role-Load note 
- Table: own_data/read_only/normal_user /users/:id and edit/show/edit; members edit/show/edit
- Integration test sections updated for read_only and normal_user
- Add note on plug reloading role and member_id when needed
 2026-01-30 10:22:30 +01:00
Moritz
d318dad612 Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user 
- read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only)
- normal_user: allow /members/:id/show/edit
- Fixes redirect loop when sidebar links to profile
 2026-01-30 10:22:27 +01:00
Moritz
3a7e4000c0
fix: fix warning of unused variable in UserLive.IndexTest
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-30 00:13:40 +01:00
Moritz
28d134b2b0
chore: remove unused aliases in tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
- Drop unused Member alias from membership and membership_fees test files.
 2026-01-30 00:00:33 +01:00
Moritz
f66cd2933a
docs: add page permission route and test coverage 
- page-permission-route-coverage.md: route matrix, test coverage per role,
  reserved segments.
 2026-01-30 00:00:33 +01:00
Moritz
b55f356762
fix: handle nil member in MembershipFeeHelpers 
- get_last_completed_cycle/2 and get_current_cycle/2 return nil when member is nil.
- Avoids FunctionClauseError when MemberLive.Show receives no member (e.g. after
  redirect or policy filter). Add unit tests for nil member.
 2026-01-30 00:00:32 +01:00
Moritz
ad00e8e7b6
test: add page permission tests and ConnCase role tags 
- ConnCase: add :read_only and :normal_user role tags for tests.
- Add CheckPagePermission plug tests (unit + integration for member, read_only,
  normal_user, admin). Update permission_sets_test (refute "/" for own_data).
- Profile navigation, global_settings, role_live, membership_fee_type: use
  users with role for "/" access; expect redirect for own_data on /settings
  and /admin/roles.
 2026-01-30 00:00:32 +01:00
Moritz
626e8a872e
feat: restrict own_data to profile and linked member pages 
- Remove "/" from own_data pages (Mitglied redirected to profile at root).
- Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages
  for own_data so members can access own profile and linked member only.
 2026-01-30 00:00:31 +01:00
Moritz
b10b9c893c
feat: add CheckPagePermission plug for page-level authorization 
- Plug checks PermissionSets page list; redirects unauthorized to profile or sign-in.
- Router: add plug to :browser pipeline; LiveHelpers: check_page_permission_on_params
  for client-side navigation (push_patch).
 2026-01-30 00:00:31 +01:00
simon
d7f6d1c03c Merge pull request 'Change Logo closes #385' (#389) from feature/385-mila-logo into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #389
 2026-01-29 16:20:34 +01:00
moritz
34019d07a4 Merge pull request 'CustomField Resource Policies closes #386' (#387) from feature/386_customfield_policy into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #387
 2026-01-29 16:17:10 +01:00
Moritz
4473cfd372 Tests: use code interface for Member create/update (actor propagation)
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 16:10:12 +01:00
Moritz
5a2f035ecc CustomField policies: actor required, no system-actor fallback, error handling 
- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format
 2026-01-29 16:10:12 +01:00
Moritz
c9431caabe Add gettext strings for custom field load error and not authorized 2026-01-29 16:10:12 +01:00
Moritz
9a7622ebed fix: pass actor to CustomFieldLive.FormComponent for save 
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
 2026-01-29 16:10:12 +01:00
Moritz
1d17c4f2dd fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 16:10:12 +01:00
Moritz
36b5d5880b Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 16:10:12 +01:00