local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1164 commits 13 branches 0 tags 7.9 MiB
Commit graph

29 commits

Author SHA1 Message Date
Moritz
5194b20b5c
Fix unlink-by-omission: on_missing :ignore, test, doc, string-key
Some checks failed
continuous-integration/drone/push Build is failing
Details 
- Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted)
- Test: normal_user update linked member without :user keeps link
- Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note
- Check: defense-in-depth for "user" string key
 2026-02-04 14:07:39 +01:00
Moritz
543fded102
Harden member user-link check: argument presence, nil actor, policy scope 
- Forbid on :user argument presence (not value) to block unlink via nil/empty
- Defensive nil actor handling; policy restricted to create/update only
- Test: Ash.load with actor; test non-admin cannot unlink via user: nil
- Docs: unlink behaviour and policy split
 2026-02-04 14:07:39 +01:00
Moritz
26fbafdd9d
Restrict member user link to admins (forbid policy) 
Add ForbidMemberUserLinkUnlessAdmin check; forbid_if on Member create/update.
Fix member user-link tests: pass :user in params, assert via reload.
 2026-02-04 14:07:38 +01:00
Moritz
40e75f4066 refactor: reduce nesting in HasPermission.strict_check_with_permissions
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
Extract strict_check_filter_scope/4 to satisfy Credo max depth 2.
 2026-02-04 13:29:41 +01:00
Moritz
178f5a01c7 MembershipFeeCycle: own_data read :linked via bypass and HasPermission scope 
- own_data gets read scope :linked; apply_scope in HasPermission; bypass check for own_data.
- PermissionSetsTest expects own_data :linked, others :all for MFC read.
 2026-02-04 09:20:10 +01:00
Moritz
890a4d3752 MemberGroup: restrict bypass to own_data via MemberGroupReadLinkedForOwnData 
- ActorPermissionSetIs check; bypass policy filters by member_id for own_data only.
- Admin with member_id still gets :all via HasPermission. Tests added.
 2026-02-04 09:19:57 +01:00
Moritz
893f9453bd Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
 2026-02-03 23:52:09 +01:00
Moritz
47b6a16177
Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin 2026-02-03 16:07:39 +01:00
Moritz
3d46ba655f Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks 
- Actor.permission_set_name(actor) returns role's permission set (supports nil role load).
- Actor.admin?(actor) returns true for system user or admin permission set.
- ActorIsAdmin policy check delegates to Actor.admin?/1.
 2026-02-03 14:34:24 +01:00
Moritz
14fa873640 Restrict User.update_user to admin; allow :update for email only 
- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit
 2026-01-30 11:13:23 +01:00
Moritz
4d3a249b0c HasPermission: remove unused _authorizer from strict_check helper 2026-01-27 16:07:01 +01:00
Moritz
7153af23ee CustomFieldValueCreateScope: use get_argument_or_attribute for member_id 
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
  when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
 2026-01-27 16:07:01 +01:00
Moritz
bf2d0352c1 Add authorization policies to CustomFieldValue resource 
- Authorizer and policies: bypass for read (member_id == actor.member_id),
  CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
  must use a dedicated check (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
c7c6b318ac Add CustomFieldValueCreateScope check for create actions 
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
5c0786ebca
Fix HasPermission check to handle nil member_id gracefully 2026-01-24 19:15:46 +01:00
Moritz
b545d2b9e1
Remove NoActor module, improve Member validation, update docs 2026-01-24 11:59:18 +01:00
Moritz
f2def20fce Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-22 22:37:07 +01:00
Moritz
05c71132e4 Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-22 22:37:04 +01:00
Moritz
56144a7696 Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-22 21:36:10 +01:00
Moritz
93216f3ee6 Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-22 21:36:09 +01:00
Moritz
429042cbba feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-22 19:19:22 +01:00
Moritz
dc3268cbf4
Fix: Update comment in auto_filter to reflect expr(false) usage 
Update comment from 'id IN [] = never matches' to 'expr(false) = match none'
to match the actual implementation of deny_filter().
 2026-01-13 15:01:56 +01:00
Moritz
c95a6fac69
Improve: Make deny_filter robust and add regression test 
- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records
 2026-01-13 15:01:55 +01:00
Moritz
42a463f422
Security: Fix critical deny-filter bug and improve authorization 
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
 2026-01-13 15:01:55 +01:00
Moritz
6846363132
Refactor: NoActor to SimpleCheck with compile-time environment check 
This prevents security issues where :create/:read without actor would
be allowed in production. Now all operations require an actor in production.
 2026-01-13 15:01:54 +01:00
Moritz
70729bdd73
Fix: HasPermission auto_filter and strict_check implementation 
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
 2026-01-13 15:01:54 +01:00
Moritz
4192922fd3
feat: implement authorization policies for Member resource 2026-01-13 15:01:53 +01:00
Moritz
db0a187058
fix: correct relationship filter paths in HasPermission check
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
 2026-01-08 17:45:02 +01:00
Moritz
288002f404 feat: implement HasPermission policy check
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Implement custom Ash Policy Check that reads permissions from
PermissionSets module and applies scope filters to Ash queries.
 2026-01-08 16:48:43 +01:00