154 commits

Author	SHA1	Message	Date
Moritz	4d3a64c177	Add Role resource policies (defense-in-depth) ... - PermissionSets: Role read :all for own_data, read_only, normal_user; admin keeps full CRUD - Role resource: authorizers and policies with HasPermission - Tests: role_policies_test.exs (read all, create/update/destroy admin only) - Fix existing tests to pass actor or authorize?: false for Role operations	2026-02-04 14:07:38 +01:00
Moritz	40e75f4066	refactor: reduce nesting in HasPermission.strict_check_with_permissions ... Extract strict_check_filter_scope/4 to satisfy Credo max depth 2.	2026-02-04 13:29:41 +01:00
Moritz	f7ba98c36b	refactor: reduce nesting in SyncUserEmailToMember.sync_email ... Extract apply_sync/1 and sync_by_record_type/4 to satisfy Credo max depth 2.	2026-02-04 13:03:36 +01:00
Moritz	178f5a01c7	MembershipFeeCycle: own_data read :linked via bypass and HasPermission scope ... - own_data gets read scope :linked; apply_scope in HasPermission; bypass check for own_data. - PermissionSetsTest expects own_data :linked, others :all for MFC read.	2026-02-04 09:20:10 +01:00
Moritz	890a4d3752	MemberGroup: restrict bypass to own_data via MemberGroupReadLinkedForOwnData ... - ActorPermissionSetIs check; bypass policy filters by member_id for own_data only. - Admin with member_id still gets :all via HasPermission. Tests added.	2026-02-04 09:19:57 +01:00
Moritz	e799f0271c	Refactor PermissionSets: define admin permissions via perm_all() ... Use perm/3 helper for admin resource permissions (DRY). MemberGroup keeps read/create/destroy only (no update in domain).	2026-02-04 00:33:58 +01:00
Moritz	5ed41555e9	Member/Setting/validations: domain, actor, and seeds ... - setting.ex: domain/authorize for default_membership_fee_type_id check - validate_same_interval: require membership_fee_type (no None) - set_membership_fee_start_date: domain/actor for fee type lookup - Validations: domain/authorize for cross-resource checks - helpers.ex, email_sync change, seeds.exs actor/authorize fixes - Update related tests	2026-02-03 23:52:16 +01:00
Moritz	893f9453bd	Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle ... - Extend permission_sets.ex with resources and pages for new domains - Adjust HasPermission check for resource/action/scope - Update roles-and-permissions and implementation-plan docs - Add permission_sets_test.exs coverage	2026-02-03 23:52:09 +01:00
Moritz	47b6a16177	Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin	2026-02-03 16:07:39 +01:00
Moritz	60a4181255	Validation: error message admin or linked user; resolve_actor fallback	2026-02-03 16:07:26 +01:00
Moritz	4e6b7305b6	Doc: Loader auth-independent for link checks; email-sync rule rationale	2026-02-03 16:07:13 +01:00
Moritz	4ea31f0f37	Add email-change permission validation for linked members ... Only admins or the linked user may change a linked member's email. - New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user). - Register on Member update_member; docs and gettext.	2026-02-03 14:35:32 +01:00
Moritz	ad02f8914f	Use EmailSync.Loader.get_linked_user in EmailNotUsedByOtherUser ... Remove duplicate get_linked_user_id; reuse Loader for linked user lookup.	2026-02-03 14:35:08 +01:00
Moritz	3d46ba655f	Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks ... - Actor.permission_set_name(actor) returns role's permission set (supports nil role load). - Actor.admin?(actor) returns true for system user or admin permission set. - ActorIsAdmin policy check delegates to Actor.admin?/1.	2026-02-03 14:34:24 +01:00
carla	960506d16a	refactoring	2026-02-02 16:56:07 +01:00
carla	b21c3df7ef	refactoring	2026-02-02 14:34:12 +01:00
carla	9e27de84cb	Merge branch 'main' into feature/338_import_custom_fields	2026-02-02 13:46:05 +01:00
carla	12715f3d85	refactoring	2026-02-02 13:07:08 +01:00
carla	3f8797c356	feat: import custom fields via CSV	2026-02-02 11:42:07 +01:00
carla	4997819c73	feat: validate config	2026-02-02 10:22:21 +01:00
carla	e74154581c	feat: changes UI info based on config for limits	2026-02-02 10:10:02 +01:00
carla	3f551c5f8d	feat: add configs for impor tlimits	2026-02-02 09:49:13 +01:00
Moritz	6e13a3aa34	Docs: note User-Member Linking enforcement in code ... - update_user restricted via ActorIsAdmin; Form gates Member-Linking UI	2026-01-30 11:28:41 +01:00
Moritz	14fa873640	Restrict User.update_user to admin; allow :update for email only ... - Add ActorIsAdmin policy check (admin permission set only) - User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin - User: primary :update action accept [:email] for non-admin profile edit	2026-01-30 11:13:23 +01:00
Moritz	d318dad612	Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user ... - read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only) - normal_user: allow /members/:id/show/edit - Fixes redirect loop when sidebar links to profile	2026-01-30 10:22:27 +01:00
Moritz	626e8a872e	feat: restrict own_data to profile and linked member pages ... - Remove "/" from own_data pages (Mitglied redirected to profile at root). - Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages for own_data so members can access own profile and linked member only.	2026-01-30 00:00:31 +01:00
Simon	3eb4cde0b7	Merge remote-tracking branch 'origin/main' into feature/372-groups-management	2026-01-27 23:48:31 +01:00
Simon	6faa9847f4	feat: add groups administration #372	2026-01-27 21:55:17 +01:00
Moritz	7d33acde9f	feat(system_actor): add system_user?/1 and normalize email ... Case-insensitive email comparison for system-actor detection.	2026-01-27 17:39:04 +01:00
Moritz	4d3a249b0c	HasPermission: remove unused _authorizer from strict_check helper	2026-01-27 16:07:01 +01:00
Moritz	7153af23ee	CustomFieldValueCreateScope: use get_argument_or_attribute for member_id ... - Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works when set as attribute or argument - Remove unused require Logger - Document member_id source in moduledoc	2026-01-27 16:07:01 +01:00
Moritz	bf2d0352c1	Add authorization policies to CustomFieldValue resource ... - Authorizer and policies: bypass for read (member_id == actor.member_id), CustomFieldValueCreateScope for create, HasPermission for read/update/destroy. - HasPermission: pass authorizer into strict_check helper; document that create must use a dedicated check (no filter).	2026-01-27 16:07:01 +01:00
Moritz	c7c6b318ac	Add CustomFieldValueCreateScope check for create actions ... Ash cannot apply filters to create; this check enforces :linked/:all scope via strict_check only (no filter).	2026-01-27 16:07:01 +01:00
Moritz	8f5f69744c	Add CustomFieldValue create/destroy :linked to own_data permission set ... Allows members to create and delete custom field values for their linked member.	2026-01-27 16:07:01 +01:00
Moritz	1d0ac6d280	Improve CSV import error messages ... Include email address in duplicate email error messages. Add German translation for email uniqueness errors. Ensure locale is set for translations in async tasks.	2026-01-25 18:33:28 +01:00
Moritz	562265f212	Security: Require actor parameter in CSV import ... Remove fallback to system_actor in process_chunk to prevent unauthorized access. Actor must now be explicitly provided.	2026-01-25 18:33:25 +01:00
carla	bf7e47ce5c	refactor	2026-01-25 17:31:42 +01:00
carla	04b0916c1e	refactor	2026-01-25 17:30:07 +01:00
carla	092fd99d48	fat: adds csv import live view to settings	2026-01-25 17:30:03 +01:00
Moritz	5c0786ebca	Fix HasPermission check to handle nil member_id gracefully	2026-01-24 19:15:46 +01:00
Moritz	403eda3908	Add Role helper function and create_role_with_system_flag action ... - Add get_mitglied_role/0 helper to avoid code duplication - Add create_role_with_system_flag action for seeds/migrations - Allows setting is_system_role flag (required for 'Mitglied' role)	2026-01-24 19:15:05 +01:00
Moritz	b545d2b9e1	Remove NoActor module, improve Member validation, update docs	2026-01-24 11:59:18 +01:00
Moritz	0f48a9b15a	Add actor parameter to all tests requiring authorization ... This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-24 02:21:02 +01:00
Moritz	686f69c9e9	Add authorize?: false to SystemActor bootstrap operations ... - Role lookup and creation (find_admin_role, create_admin_role) - System user creation and role assignment - Role loading during initialization	2026-01-24 02:12:31 +01:00
Simon	672b4a8250	Merge branch 'main' into feature/filter-boolean-custom-fields	2026-01-23 14:41:48 +01:00
Moritz	427608578f	Restrict Actor.ensure_loaded to Mv.Accounts.User only ... Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-22 23:17:55 +01:00
Moritz	f3abade7ad	Add authorize?: false to Actor.ensure_loaded ... SECURITY: Skip authorization for role loading to avoid circular dependency. Actor loads their OWN role, needed for authorization itself. Documented why this is safe.	2026-01-22 23:04:56 +01:00
Moritz	e60bb6926f	Remove unused PolicyHelpers macro and PolicyConsistency test ... Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-22 22:37:09 +01:00
Moritz	f2def20fce	Add centralized Actor.ensure_loaded helper ... Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-22 22:37:07 +01:00
Moritz	05c71132e4	Replace NoActor runtime Mix.env with compile-time config ... Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-22 22:37:04 +01:00