55fef5a993
Docs and .env.example for admin bootstrap and OIDC role sync
...
Documents ADMIN_EMAIL/PASSWORD, seed_admin, entrypoint; OIDC_ADMIN_GROUP_NAME,
OIDC_GROUPS_CLAIM and role sync on register/sign-in.
2026-02-04 18:13:30 +01:00
3415faeb21
Merge branch 'main' into feature/337_polish_import
continuous-integration/drone/push Build is failing
2026-02-04 16:28:55 +01:00
5194b20b5c
Fix unlink-by-omission: on_missing :ignore, test, doc, string-key
...
continuous-integration/drone/push Build is failing
- Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted)
- Test: normal_user update linked member without :user keeps link
- Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note
- Check: defense-in-depth for "user" string key
2026-02-04 14:07:39 +01:00
543fded102
Harden member user-link check: argument presence, nil actor, policy scope
...
- Forbid on :user argument presence (not value) to block unlink via nil/empty
- Defensive nil actor handling; policy restricted to create/update only
- Test: Ash.load with actor; test non-admin cannot unlink via user: nil
- Docs: unlink behaviour and policy split
2026-02-04 14:07:39 +01:00
54e419ed4c
Docs: permission hardening Role and member user link
...
Role: Ash policies (HasPermission); read for all, create/update/destroy admin only.
User–member link: only admins may set :user on Member create/update (ForbidMemberUserLinkUnlessAdmin).
2026-02-04 14:07:39 +01:00
503401f2e6
Setting: remove unused actor in default_fee_type validation
...
- Docs: Regenerate Cycles server-side enforcement note in membership-fee-architecture.
2026-02-04 11:40:19 +01:00
c035d0f141
Docs: groups and roles/permissions architecture, Group moduledoc
...
continuous-integration/drone/push Build is passing
- groups-architecture: normal_user and admin can manage groups.
- roles-and-permissions: matrix and MembershipFeeCycle :linked for own_data.
- group_policies_test: update moduledoc.
2026-02-04 09:20:26 +01:00
c4459ebb92
Docs, gettext, and remaining test updates
...
continuous-integration/drone/push Build is passing
- groups-architecture and membership-fee-architecture docs
- Gettext: add/correct German for authorization and membership fee type
- membership_fee_helpers_test and membership_fee_status_test adjustments
2026-02-03 23:52:31 +01:00
893f9453bd
Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle
...
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
2026-02-03 23:52:09 +01:00
4e6b7305b6
Doc: Loader auth-independent for link checks; email-sync rule rationale
2026-02-03 16:07:13 +01:00
96daf2a089
docs: update changelog
2026-02-03 14:58:02 +01:00
4ea31f0f37
Add email-change permission validation for linked members
...
continuous-integration/drone/push Build is passing
Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.
2026-02-03 14:35:32 +01:00
c56ca68922
docs: update docs
continuous-integration/drone/push Build is failing
2026-02-02 13:42:24 +01:00
6e13a3aa34
Docs: note User-Member Linking enforcement in code
...
continuous-integration/drone/push Build was killed
continuous-integration/drone/promote/production Build is failing
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
2026-01-30 11:28:41 +01:00
ea1d01fcea
Docs: align route matrix with PermissionSets, add Role-Load note
...
- Table: own_data/read_only/normal_user /users/:id and edit/show/edit; members edit/show/edit
- Integration test sections updated for read_only and normal_user
- Add note on plug reloading role and member_id when needed
2026-01-30 10:22:30 +01:00
f66cd2933a
docs: add page permission route and test coverage
...
- page-permission-route-coverage.md: route matrix, test coverage per role,
reserved segments.
2026-01-30 00:00:33 +01:00
36b5d5880b
Add CustomField resource policies and tests
...
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
2026-01-29 16:10:12 +01:00
709cf010c6
docs: consolidate test performance docs
continuous-integration/drone/push Build is passing
continuous-integration/drone/promote/production Build is passing
2026-01-29 15:34:14 +01:00
17974d7a12
chore: change pr merge workflow
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build was killed
2026-01-29 14:30:09 +01:00
ea3bdcaa65
refactor: apply review comments
continuous-integration/drone/push Build is passing
2026-01-28 14:42:16 +01:00
050ca4a13c
test: move slow and less critical tests to nightly suite
continuous-integration/drone/push Build is passing
2026-01-28 14:34:05 +01:00
eb2b2436be
docs: add performance analysis on policy tests
2026-01-28 14:01:41 +01:00
91f8bb03bc
refactor: remove tests against basic framework functionalities
continuous-integration/drone/push Build is passing
2026-01-28 13:46:18 +01:00
15d328afbf
test: optimize single test and update docs
continuous-integration/drone/push Build is passing
2026-01-28 13:33:39 +01:00
858a0fc0d0
chore: allow manual nightly-tests pipeline run
continuous-integration/drone/push Build is passing
2026-01-28 12:07:51 +01:00
67e06e12ce
refactor: move slow performance tests to extra test suite
continuous-integration/drone/push Build is passing
2026-01-28 12:00:32 +01:00
f9403c1da9
refactor: improve seeds tests performance by reducing complexity
continuous-integration/drone/push Build is failing
2026-01-28 11:31:31 +01:00
ddc8335cc0
refactor: improve groups LiveView based on code review feedback
continuous-integration/drone/push Build is passing
2026-01-28 10:33:27 +01:00
f05fae3ea3
test: add tdd tests for groups administration #372
continuous-integration/drone/push Build is failing
2026-01-27 18:24:42 +01:00
5df1da1573
Merge branch 'main' into feature/371-groups-resource
continuous-integration/drone/push Build is passing
2026-01-27 17:16:34 +01:00
bfe9fba2e0
Docs: document bypass read rule for CustomFieldValue pattern
...
continuous-integration/drone/push Build was killed
- Bypass action_type(:read) is production-side rule: reading own CFVs
always allowed, overrides Permission-Sets. Applies to get/list/load.
2026-01-27 16:07:01 +01:00
db95979bf5
Document CustomFieldValue policies and own_data create/destroy in architecture
...
Update roles-and-permissions-architecture.md with policy layout and
permission matrix for CustomFieldValue (linked).
2026-01-27 16:07:01 +01:00
6db64bf996
feat: add groups resource #371
continuous-integration/drone/push Build is failing
2026-01-27 16:03:21 +01:00
8e9fbe76cf
docs: add testing philosophy to coding guideline
...
continuous-integration/drone/push Build is failing
and update groups architecture docs #371
2026-01-27 15:23:40 +01:00
2ebf289112
docs: add slugs to group concept #371
continuous-integration/drone/push Build is passing
2026-01-27 13:41:25 +01:00
b128ffb51c
docs: add groups concept
continuous-integration/drone/push Build is passing
2026-01-27 13:04:27 +01:00
d9eb131d96
Update documentation: Remove NoActor bypass references
2026-01-24 02:21:08 +01:00
c98ad4085a
docs: add authorization bootstrap patterns section
...
continuous-integration/drone/push Build is passing
Document the three authorization bypass mechanisms and when to use each:
- NoActor (test-only bypass)
- system_actor (systemic operations)
- authorize?: false (bootstrap scenarios)
2026-01-23 02:53:20 +01:00
811a276d92
Update documentation for User credentials strategy
...
continuous-integration/drone/push Build is passing
Clarify that User.update :own is handled by HasPermission.
Fix file path references from lib/mv/accounts to lib/accounts.
2026-01-22 21:36:22 +01:00
5506b5b2dc
docs(auth): document User policies and bypass pattern
...
continuous-integration/drone/push Build is passing
Add bypass vs HasPermission pattern documentation
Update architecture and implementation plan docs
2026-01-22 19:19:27 +01:00
2dc0bce8cb
chore: rm todo list
continuous-integration/drone/push Build is passing
2026-01-20 17:04:42 +01:00
b380f63cf6
chore: update docs
2026-01-20 14:31:13 +01:00
58c088833a
chore: update docs
2026-01-20 14:10:41 +01:00
b84431879c
Merge pull request 'fix admin database seeding closes #357 ' ( #358 ) from bugfix/reseeding-database-not-working into main
...
Reviewed-on: #358
2026-01-19 14:17:12 +01:00
bc4bcd0089
fix: change creation of admin user
2026-01-19 13:40:28 +01:00
bf93b4aa42
docs: update implementation plan
2026-01-19 12:31:39 +01:00
7da037d81d
refactor: adds schemales changeset and validation constant
2026-01-19 11:43:51 +01:00
b3eb6c9223
Docs: Correct :linked scope documentation
2026-01-13 15:01:55 +01:00
720a43a38c
feat: added csv templates
continuous-integration/drone/push Build is failing
2026-01-12 17:36:15 +01:00
8a1b14fc79
fix: fix tests and remove navbar remainings
continuous-integration/drone/push Build is failing
2026-01-12 15:16:31 +01:00
