262 commits

Author	SHA1	Message	Date
Moritz	2b4e1e3963	Sync user email to member when changing password (admin_set_password) ... Add SyncUserEmailToMember change to admin_set_password so email+password updates in the user form sync the new email to the linked member.	2026-01-27 17:58:35 +01:00
Moritz	7d33acde9f	feat(system_actor): add system_user?/1 and normalize email ... Case-insensitive email comparison for system-actor detection.	2026-01-27 17:39:04 +01:00
Moritz	9c31f0c16c	Add tests for system actor protection and hiding ... Index: system actor not in list, destroy returns Ash.Error.Invalid. Show/Form: redirect to /users when viewing or editing system actor user.	2026-01-27 17:39:04 +01:00
simon	5df1da1573	Merge branch 'main' into feature/371-groups-resource	2026-01-27 17:16:34 +01:00
Simon	fc8306cfee	test: resolve warnings	2026-01-27 16:38:17 +01:00
Moritz	0219073d33	CFV policies test: system_actor for setup, verify destroy with actor ... - create_linked_member_for_user and create_unlinked_member use actor (system_actor) directly instead of creating admin user per call - Remove create_admin_user helper - After destroy, verify with Ash.get(..., actor: actor) to avoid false positive from Forbidden vs NotFound	2026-01-27 16:07:01 +01:00
Moritz	4e032ea778	Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin) ... Covers read/update/create/destroy for linked vs unlinked members and CRUD permissions per permission set.	2026-01-27 16:07:01 +01:00
Moritz	17831a0948	Pass actor to CustomFieldValue destroy and load in existing tests ... Required after CustomFieldValue gained authorization policies.	2026-01-27 16:07:01 +01:00
Simon	6db64bf996	feat: add groups resource #371	2026-01-27 16:03:21 +01:00
Simon	0216dfcbbb	test: add tests for group resource #371	2026-01-27 15:04:26 +01:00
Moritz	562265f212	Security: Require actor parameter in CSV import ... Remove fallback to system_actor in process_chunk to prevent unauthorized access. Actor must now be explicitly provided.	2026-01-25 18:33:25 +01:00
carla	79361c72d2	fix tests and linting	2026-01-25 17:31:49 +01:00
carla	0fe4a55e80	formatting and refactoring	2026-01-25 17:31:48 +01:00
carla	bf7e47ce5c	refactor	2026-01-25 17:31:42 +01:00
carla	04b0916c1e	refactor	2026-01-25 17:30:07 +01:00
carla	092fd99d48	fat: adds csv import live view to settings	2026-01-25 17:30:03 +01:00
carla	bf9e47b257	test: adds live view csv import tests	2026-01-25 17:22:28 +01:00
Moritz	2d446f63ea	Add NOT NULL constraint to users.role_id and optimize default_role_id ... - Add database-level NOT NULL constraint for users.role_id - Update SystemActor tests to verify NOT NULL constraint enforcement - Add process dictionary caching for default_role_id/0 to reduce DB queries	2026-01-25 17:04:48 +01:00
Moritz	8f3fd9d0d7	test: adapt tests for attribute-level default solution	2026-01-25 13:42:45 +01:00
Moritz	e7bf777be2	refactor: remove AssignDefaultRole change module ... The attribute-level default solution makes this change module obsolete. All role assignment is now handled via the role_id attribute's default function, which is more robust and works for all creation paths.	2026-01-25 13:42:35 +01:00
Moritz	21b63cbe86	Add comprehensive tests for default role assignment	2026-01-24 19:16:57 +01:00
Moritz	3b5b5044fb	Add test support for default role assignment	2026-01-24 19:16:43 +01:00
Moritz	b545d2b9e1	Remove NoActor module, improve Member validation, update docs	2026-01-24 11:59:18 +01:00
Moritz	71c13d0ac0	Fix missing actor parameters and restore AshAuthentication bypass tests	2026-01-24 08:51:58 +01:00
Moritz	15a7c615d6	Fix rebase conflict: Add actor parameter to helper functions in index_test.exs	2026-01-24 02:39:28 +01:00
Moritz	fcca4b0b89	Use admin_user instead of system_actor in LiveView tests	2026-01-24 02:21:10 +01:00
Moritz	bebd7f6fe2	Fix tests: Remove redundant system_actor and update test descriptions	2026-01-24 02:21:09 +01:00
Moritz	d8187484b8	Fix tests: Add missing actor parameters to Ash operations	2026-01-24 02:21:09 +01:00
Moritz	b9d68a3417	Fix test helpers: Use actor parameter correctly	2026-01-24 02:21:09 +01:00
Moritz	c5a48d8801	Fix tests: Remove duplicate actor keyword arguments	2026-01-24 02:21:09 +01:00
Moritz	0f48a9b15a	Add actor parameter to all tests requiring authorization ... This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-24 02:21:02 +01:00
Simon	672b4a8250	Merge branch 'main' into feature/filter-boolean-custom-fields	2026-01-23 14:41:48 +01:00
Simon	b4657cae23	fix: resolve pr remarks	2026-01-23 14:00:18 +01:00
Moritz	427608578f	Restrict Actor.ensure_loaded to Mv.Accounts.User only ... Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-22 23:17:55 +01:00
Moritz	f6096e194f	Remove skipped get_by_subject test, add explanation ... Test removed - JWT flow tested via AshAuthentication integration. Direct test would require JWT mocking without value.	2026-01-22 23:04:58 +01:00
Moritz	e60bb6926f	Remove unused PolicyHelpers macro and PolicyConsistency test ... Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-22 22:37:09 +01:00
Moritz	f2def20fce	Add centralized Actor.ensure_loaded helper ... Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-22 22:37:07 +01:00
Moritz	05c71132e4	Replace NoActor runtime Mix.env with compile-time config ... Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-22 22:37:04 +01:00
Moritz	d97f6f4004	Add policy consistency tests ... Enforce User.update :own across all permission sets. Verify READ bypass + UPDATE HasPermission pattern.	2026-01-22 21:36:19 +01:00
Moritz	7d0f5fde86	Replace for comprehension with explicit describe blocks ... Fix Credo parsing error by removing for comprehension. Duplicate tests for own_data, read_only, normal_user sets.	2026-01-22 21:36:16 +01:00
Moritz	56144a7696	Add role loading fallback to HasPermission check ... Extract ash_resource? helper to reduce nesting depth. Add ensure_role_loaded fallback for unloaded actor roles.	2026-01-22 21:36:10 +01:00
Moritz	93216f3ee6	Harden NoActor check with runtime environment guard ... Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.	2026-01-22 21:36:09 +01:00
Moritz	63d8c4668d	test(auth): add User policies test suite ... 31 tests covering all 4 permission sets and bypass scenarios Update HasPermission tests to expect false for scope :own without record	2026-01-22 19:19:25 +01:00
Simon	a92f503752	fix: credo warning	2026-01-21 01:24:43 +01:00
Simon	4b67039a78	test: add more filter component tests	2026-01-21 01:14:26 +01:00
Simon	f996aee6b2	feat: add new filter component to members view	2026-01-21 00:47:01 +01:00
Moritz	5eadd5f090	Refactor test setup into helper functions ... Extract setup code into reusable helper functions to reduce duplication and improve maintainability.	2026-01-20 23:16:40 +01:00
Moritz	a3cf8571ff	Document System Actor pattern in code guidelines ... Add section explaining when and how to use system actor for systemic operations. Include examples and distinction between user mode and system mode.	2026-01-20 22:10:11 +01:00
Moritz	f1bb6a0f9a	Add tests for System Actor helper ... Test system actor retrieval, caching, fallback behavior, and auto-creation in test environment.	2026-01-20 22:09:21 +01:00
Simon	1011b94acf	feat: load boolean custom fields	2026-01-20 19:12:13 +01:00