local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
952 commits 13 branches 0 tags 7.9 MiB
Commit graph

39 commits

Author SHA1 Message Date
Moritz
5164836d32
feat: implement attribute-level default for role_id assignment 
Replace action-level changes with attribute default function to ensure
all users get the 'Mitglied' role regardless of creation path.
 2026-01-27 10:23:25 +01:00
Moritz
aaced70b8e
Integrate AssignDefaultRole change into user creation actions 2026-01-27 10:23:23 +01:00
Moritz
73dc05c6d4
Remove NoActor bypass from User and Member policies 
This removes the NoActor bypass that was masking authorization bugs in tests.
All operations now require an explicit actor for authorization.
 2026-01-27 10:23:15 +01:00
Moritz
fb5f4990b8
Shorten User policy comments to state what only 
Move why explanations to documentation files.
Keep policy comments concise and focused.
 2026-01-27 10:23:07 +01:00
Moritz
de187190e4
feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-27 10:23:05 +01:00
carla
7da037d81d refactor: adds schemales changeset and validation constant 2026-01-19 11:43:51 +01:00
Moritz
5f13901ca5 security: remove is_system_role from public API 
Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.
 2026-01-06 19:04:03 +01:00
Moritz
deacc43030 docs: document FK constraint behavior for role relationship 
Add comment explaining on_delete: :restrict behavior for
users.role_id foreign key constraint.
 2026-01-06 18:37:37 +01:00
Moritz
90c32c2afd feat: add role relationship to User resource 
Add belongs_to :role relationship to User resource and register
Authorization domain in config.
 2026-01-06 17:18:33 +01:00
Simon
9cda832b82
fix: request scopes email and profile
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-03 22:02:23 +01:00
Simon
613a5f2643
feat: support email scope to retrieve oidc info
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-12-03 21:51:12 +01:00
Moritz
55fb845855 refactor: small changes from PR review
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-11-13 16:33:29 +01:00
Moritz
5ce220862f refactor and docs 2025-11-13 16:33:29 +01:00
Moritz
293e85334f fix oidc security bug 2025-11-13 16:33:29 +01:00
Moritz
001fca1d16
refactor: email sync changes 2025-10-23 13:13:28 +02:00
Moritz
39afaf3999
feat: email uniqueness constraint between user and member 2025-10-23 13:13:27 +02:00
Moritz
5a0a261cd6
add action changes for email sync 2025-10-23 13:13:27 +02:00
Moritz
7c1aeddad4
add constraints for member-user and member-property 2025-10-16 15:28:31 +02:00
Moritz
59a8067c09
add some comments 2025-10-16 15:28:30 +02:00
Moritz
3b0c1da1ab
User email validation 2025-10-16 13:54:57 +02:00
Moritz
cde619543f
translate all error messages 2025-10-16 13:54:07 +02:00
Moritz
72a8415cb3
feat: member user relation 2025-10-16 12:30:01 +02:00
Rafael Epplée
a3746dfaaa
Explicitly require ash authentication settings 
Previously, we'd rely on defaults for configuring user token
authentication. With these changes, we explicitly require
:session_identifier and :require_token_presence_for_authentication to be
configured in the application environment to make sure the system is
configured the way it should be.
 2025-09-11 11:49:46 +02:00
Rafael Epplée
dd77be0388 Add seed script for admin user 2025-08-15 10:11:12 +02:00
Moritz
6907b2ed3c feat: fail if oidc provide does not provide a sub or id 2025-07-31 14:18:36 +02:00
Moritz
06574a932d fix: formatting
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-24 17:07:20 +02:00
Moritz
33d4fa66c8 fix: update email field given by oidc provider 2025-07-24 17:07:20 +02:00
Moritz
662e80cc74 feat: set password for new and for existing user 2025-07-24 17:07:20 +02:00
Moritz
df9966bb12 feat: account live view - basic functionality 2025-07-24 17:07:20 +02:00
Moritz
681db5dc71 fix: set oidc_id from user_info["sub"] 2025-07-24 17:07:20 +02:00
Moritz
cbcd8904b3
fix: deprication warings 2025-07-09 17:19:17 +02:00
carla
fba9abc2c1 test(AshAuthentication): updated tests for signed in user and added test for authcontroller 2025-07-02 17:03:37 +02:00
carla
c7b13c0ecb format: formated files 2025-07-02 17:03:37 +02:00
carla
cc51763a6e review(env): shift secret to env file and added logger 2025-07-02 17:03:37 +02:00
carla
565aaddd94 feat(secrets): updated as recommended in ashauthentication docs 2025-07-02 17:03:37 +02:00
carla
7bfde5e230 doc: added comments and updated to latest ashautentication version and required changes 2025-07-02 17:03:37 +02:00
carla
a6fcaa1640 feaut(oicd_provider): added oicd provider rauthy and strategy for authentication 2025-07-02 17:03:37 +02:00
carla
192ceaed45 chore(AshAuthenticationPhoenix): added library and updated ressources testing password strategy 2025-07-02 17:03:37 +02:00
carla
f154eea055 feat(ash): added accounts, user for authentication 2025-07-02 17:03:37 +02:00