local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
968 commits 13 branches 0 tags 7.9 MiB
Commit graph

117 commits

Author SHA1 Message Date
Moritz
64952d4ff4
Security: Require actor parameter in CSV import 
Remove fallback to system_actor in process_chunk to prevent
unauthorized access. Actor must now be explicitly provided.
 2026-01-27 10:30:05 +01:00
carla
0acdc82bcc
refactor 2026-01-27 10:23:29 +01:00
carla
dd68d2efbc
refactor 2026-01-27 10:23:29 +01:00
carla
79d0fa0376
fat: adds csv import live view to settings 2026-01-27 10:23:28 +01:00
Moritz
d320cdf14e
Fix HasPermission check to handle nil member_id gracefully 2026-01-27 10:23:22 +01:00
Moritz
e30be4c228
Add Role helper function and create_role_with_system_flag action 
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
 2026-01-27 10:23:22 +01:00
Moritz
ee50f312ee
Remove NoActor module, improve Member validation, update docs 2026-01-27 10:23:21 +01:00
Moritz
c715a45277
Add actor parameter to all tests requiring authorization 
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
 2026-01-27 10:23:16 +01:00
Moritz
0cedbe52f9
Add authorize?: false to SystemActor bootstrap operations 
- Role lookup and creation (find_admin_role, create_admin_role)
- System user creation and role assignment
- Role loading during initialization
 2026-01-27 10:23:16 +01:00
Moritz
ef4df57a6f
Restrict Actor.ensure_loaded to Mv.Accounts.User only 
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
 2026-01-27 10:23:13 +01:00
Moritz
3d753c5460
Add authorize?: false to Actor.ensure_loaded 
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
 2026-01-27 10:23:11 +01:00
Moritz
69836978be
Remove unused PolicyHelpers macro and PolicyConsistency test 
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
 2026-01-27 10:23:10 +01:00
Moritz
213521ecf6
Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-27 10:23:10 +01:00
Moritz
ab0407abb1
Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-27 10:23:09 +01:00
Moritz
0d2c8e0905
Add PolicyHelpers macro for standard user policies 
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
 2026-01-27 10:23:08 +01:00
Moritz
87e7310cea
Clarify User.update :own in permission sets 
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
 2026-01-27 10:23:07 +01:00
Moritz
7eb7149e18
Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-27 10:23:07 +01:00
Moritz
298a13c2e4
Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-27 10:23:06 +01:00
Moritz
de187190e4
feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-27 10:23:05 +01:00
Moritz
d9f5579350
Move require Logger to module level 
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
 2026-01-27 10:23:05 +01:00
Moritz
ce292b431c
Add logging for fail-open email uniqueness validations 
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
 2026-01-27 10:14:05 +01:00
Moritz
4537b86a09
Replace Mix.env() with Config.sql_sandbox?() in SystemActor 
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
 2026-01-27 10:14:05 +01:00
Moritz
c86aa4ea9c
Add @spec type annotations to SystemActor functions 
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
 2026-01-27 10:14:04 +01:00
Moritz
8eb05c8a6a
Document System Actor pattern in code guidelines 
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
 2026-01-27 10:14:04 +01:00
Moritz
cf9e6e91fd
Use system actor for cycle generation 
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
 2026-01-27 10:14:03 +01:00
Moritz
564e35f65e
Use system actor for email uniqueness validation 
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
 2026-01-27 10:14:03 +01:00
Moritz
8f06442de9
Use system actor for email synchronization 
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
 2026-01-27 10:14:03 +01:00
Moritz
52a482c0e2
Add System Actor helper for systemic operations 
Introduce Mv.Helpers.SystemActor module with lazy loading
for operations that must always run regardless of user permissions.
System actor has admin role and auto-creates in test environment.
 2026-01-27 10:14:02 +01:00
Moritz
4e48ace2d4
refactor: Reduce function complexity and nesting depth 
- Extract helper functions from process_chunk to reduce nesting
- Extract format_error_message from extract_changeset_error
- Split extract_error_message into smaller functions to reduce complexity
- Fixes Credo refactoring opportunities
 2026-01-27 10:13:56 +01:00
Moritz
d72bb8869f
docs: Update domain Public API documentation 2026-01-27 10:13:55 +01:00
Simon
0519433644
feat: add custom boolean field state & URL-Parameter 2026-01-27 10:13:53 +01:00
carla
22593af621
refactor: change length for performance 2026-01-27 10:13:51 +01:00
carla
257739d273
feat: adds error capping 2026-01-27 10:13:50 +01:00
carla
7da037d81d refactor: adds schemales changeset and validation constant 2026-01-19 11:43:51 +01:00
carla
8b3cc6a6b2 feat: adds row validation 2026-01-19 11:22:11 +01:00
carla
6dc398fa5a refactor: reduce complexity 2026-01-15 17:00:17 +01:00
carla
67072f0c52 feat: adds header header normalization 2026-01-15 16:11:09 +01:00
carla
8a5d012895 refactor parser 2026-01-15 12:15:22 +01:00
carla
3bbe9895ee fix: improve CSV parser error handling 2026-01-15 11:08:22 +01:00
carla
68e19bea18 feat: add csv parser 2026-01-15 10:10:02 +01:00
carla
4b41ab37bb Merge branch 'main' into feature/330_import_service_skeleton 2026-01-14 12:30:40 +01:00
carla
fb71b7ddb1 fix struct inconsistencies
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-14 09:49:40 +01:00
Moritz
897677a782
refactor: Replace actor option patterns with ash_actor_opts helper 
- Replace if actor, do: [actor: actor], else: [] with Mv.Helpers.ash_actor_opts/1
- Update email_sync/loader.ex, member validations, member.ex, cycle_generator.ex
- Consistent actor handling across non-LiveView modules
 2026-01-13 15:17:06 +01:00
Moritz
555ae15173
feat: Add shared helper functions for actor handling 
- Add Mv.Helpers module with ash_actor_opts/1 helper
- Add current_actor/1 with @spec to LiveHelpers
- Add ash_actor_opts/1 delegate and submit_form/3 wrapper to LiveHelpers
- Standardize actor access pattern across LiveViews
 2026-01-13 15:17:06 +01:00
Moritz
74fe60f768
Pass actor parameter to member email validation 
Extract actor from changeset context and pass it to Ash.read and
Ash.load calls in email uniqueness validation.
 2026-01-13 15:16:00 +01:00
Moritz
5ffd2b334e
Pass actor parameter through email sync operations 
Extract actor from changeset context and pass it to all email sync
loader functions to ensure proper authorization when loading linked
users and members.
 2026-01-13 15:16:00 +01:00
Moritz
dbd79075f5
Pass actor parameter through cycle generation 
Extract actor from changeset context in Member hooks and pass it
through all cycle generation functions to ensure proper authorization.
 2026-01-13 15:15:59 +01:00
Moritz
dc3268cbf4
Fix: Update comment in auto_filter to reflect expr(false) usage 
Update comment from 'id IN [] = never matches' to 'expr(false) = match none'
to match the actual implementation of deny_filter().
 2026-01-13 15:01:56 +01:00
Moritz
c95a6fac69
Improve: Make deny_filter robust and add regression test 
- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records
 2026-01-13 15:01:55 +01:00
Moritz
42a463f422
Security: Fix critical deny-filter bug and improve authorization 
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
 2026-01-13 15:01:55 +01:00