178f5a01c7
MembershipFeeCycle: own_data read :linked via bypass and HasPermission scope
...
- own_data gets read scope :linked; apply_scope in HasPermission; bypass check for own_data.
- PermissionSetsTest expects own_data :linked, others :all for MFC read.
2026-02-04 09:20:10 +01:00
890a4d3752
MemberGroup: restrict bypass to own_data via MemberGroupReadLinkedForOwnData
...
- ActorPermissionSetIs check; bypass policy filters by member_id for own_data only.
- Admin with member_id still gets :all via HasPermission. Tests added.
2026-02-04 09:19:57 +01:00
893f9453bd
Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle
...
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
2026-02-03 23:52:09 +01:00
47b6a16177
Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin
2026-02-03 16:07:39 +01:00
3d46ba655f
Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks
...
- Actor.permission_set_name(actor) returns role's permission set (supports nil role load).
- Actor.admin?(actor) returns true for system user or admin permission set.
- ActorIsAdmin policy check delegates to Actor.admin?/1.
2026-02-03 14:34:24 +01:00
14fa873640
Restrict User.update_user to admin; allow :update for email only
...
- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit
2026-01-30 11:13:23 +01:00
4d3a249b0c
HasPermission: remove unused _authorizer from strict_check helper
2026-01-27 16:07:01 +01:00
7153af23ee
CustomFieldValueCreateScope: use get_argument_or_attribute for member_id
...
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
2026-01-27 16:07:01 +01:00
bf2d0352c1
Add authorization policies to CustomFieldValue resource
...
- Authorizer and policies: bypass for read (member_id == actor.member_id),
CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
must use a dedicated check (no filter).
2026-01-27 16:07:01 +01:00
c7c6b318ac
Add CustomFieldValueCreateScope check for create actions
...
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
2026-01-27 16:07:01 +01:00
5c0786ebca
Fix HasPermission check to handle nil member_id gracefully
2026-01-24 19:15:46 +01:00
b545d2b9e1
Remove NoActor module, improve Member validation, update docs
2026-01-24 11:59:18 +01:00
f2def20fce
Add centralized Actor.ensure_loaded helper
...
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
2026-01-22 22:37:07 +01:00
05c71132e4
Replace NoActor runtime Mix.env with compile-time config
...
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
2026-01-22 22:37:04 +01:00
56144a7696
Add role loading fallback to HasPermission check
...
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
2026-01-22 21:36:10 +01:00
93216f3ee6
Harden NoActor check with runtime environment guard
...
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
2026-01-22 21:36:09 +01:00
429042cbba
feat(auth): add User resource authorization policies
...
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
2026-01-22 19:19:22 +01:00
dc3268cbf4
Fix: Update comment in auto_filter to reflect expr(false) usage
...
Update comment from 'id IN [] = never matches' to 'expr(false) = match none'
to match the actual implementation of deny_filter().
2026-01-13 15:01:56 +01:00
c95a6fac69
Improve: Make deny_filter robust and add regression test
...
- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records
2026-01-13 15:01:55 +01:00
42a463f422
Security: Fix critical deny-filter bug and improve authorization
...
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
2026-01-13 15:01:55 +01:00
6846363132
Refactor: NoActor to SimpleCheck with compile-time environment check
...
This prevents security issues where :create/:read without actor would
be allowed in production. Now all operations require an actor in production.
2026-01-13 15:01:54 +01:00
70729bdd73
Fix: HasPermission auto_filter and strict_check implementation
...
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
2026-01-13 15:01:54 +01:00
4192922fd3
feat: implement authorization policies for Member resource
2026-01-13 15:01:53 +01:00
db0a187058
fix: correct relationship filter paths in HasPermission check
...
continuous-integration/drone/push Build is passing
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
2026-01-08 17:45:02 +01:00
288002f404
feat: implement HasPermission policy check
...
continuous-integration/drone/push Build is passing
Implement custom Ash Policy Check that reads permissions from
PermissionSets module and applies scope filters to Ash queries.
2026-01-08 16:48:43 +01:00
