local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1154 commits 13 branches 0 tags 7.9 MiB
Commit graph

6 commits

Author SHA1 Message Date
Moritz
4d3a64c177
Add Role resource policies (defense-in-depth) 
- PermissionSets: Role read :all for own_data, read_only, normal_user; admin keeps full CRUD
- Role resource: authorizers and policies with HasPermission
- Tests: role_policies_test.exs (read all, create/update/destroy admin only)
- Fix existing tests to pass actor or authorize?: false for Role operations
 2026-02-04 14:07:38 +01:00
Moritz
403eda3908
Add Role helper function and create_role_with_system_flag action 
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
 2026-01-24 19:15:05 +01:00
Moritz
5f13901ca5 security: remove is_system_role from public API 
Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.
 2026-01-06 19:04:03 +01:00
Moritz
557eb4d27d refactor: simplify system role deletion validation 
Remove redundant action_type check since validation already
runs only on destroy actions. Add field to error for better
error handling.
 2026-01-06 18:37:34 +01:00
Moritz
82ec4e565a refactor: use UUIDv7 and improve Role validations 
- Change id from uuid_primary_key to uuid_v7_primary_key
- Replace custom validation with built-in one_of validation
- Add explicit on_delete: :restrict for users foreign key
- Update postgres references configuration
 2026-01-06 18:14:16 +01:00
Moritz
4535551b8d feat: add Role resource with validations 
Create Role resource with name, description, permission_set_name,
and is_system_role fields. Add validations for permission_set_name
and system role deletion protection.
 2026-01-06 17:18:32 +01:00