mitgliederverwaltung

Author	SHA1	Message	Date
Moritz	64952d4ff4	Security: Require actor parameter in CSV import Remove fallback to system_actor in process_chunk to prevent unauthorized access. Actor must now be explicitly provided.	2026-01-27 10:30:05 +01:00
Moritz	8e519d643d	Add NOT NULL constraint to users.role_id and optimize default_role_id - Add database-level NOT NULL constraint for users.role_id - Update SystemActor tests to verify NOT NULL constraint enforcement - Add process dictionary caching for default_role_id/0 to reduce DB queries	2026-01-27 10:23:27 +01:00
Moritz	93e966bc6b	test: adapt tests for attribute-level default solution	2026-01-27 10:23:26 +01:00
Moritz	ee50f312ee	Remove NoActor module, improve Member validation, update docs	2026-01-27 10:23:21 +01:00
Moritz	da0b045771	Fix missing actor parameters and restore AshAuthentication bypass tests	2026-01-27 10:23:20 +01:00
Moritz	aedd29c118	Fix tests: Remove redundant system_actor and update test descriptions	2026-01-27 10:23:18 +01:00
Moritz	0e6b464e0a	Fix tests: Add missing actor parameters to Ash operations	2026-01-27 10:23:18 +01:00
Moritz	f993c64c42	Fix test helpers: Use actor parameter correctly	2026-01-27 10:23:18 +01:00
Moritz	c715a45277	Add actor parameter to all tests requiring authorization This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-27 10:23:16 +01:00
Moritz	ef4df57a6f	Restrict Actor.ensure_loaded to Mv.Accounts.User only Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-27 10:23:13 +01:00
Moritz	e6b22cff16	Remove skipped get_by_subject test, add explanation Test removed - JWT flow tested via AshAuthentication integration. Direct test would require JWT mocking without value.	2026-01-27 10:23:11 +01:00
Moritz	69836978be	Remove unused PolicyHelpers macro and PolicyConsistency test Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-27 10:23:10 +01:00
Moritz	213521ecf6	Add centralized Actor.ensure_loaded helper Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-27 10:23:10 +01:00
Moritz	ab0407abb1	Replace NoActor runtime Mix.env with compile-time config Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-27 10:23:09 +01:00
Moritz	d0c1996d6e	Add policy consistency tests Enforce User.update :own across all permission sets. Verify READ bypass + UPDATE HasPermission pattern.	2026-01-27 10:23:09 +01:00
Moritz	28526deb9c	Replace for comprehension with explicit describe blocks Fix Credo parsing error by removing for comprehension. Duplicate tests for own_data, read_only, normal_user sets.	2026-01-27 10:23:08 +01:00
Moritz	7eb7149e18	Add role loading fallback to HasPermission check Extract ash_resource? helper to reduce nesting depth. Add ensure_role_loaded fallback for unloaded actor roles.	2026-01-27 10:23:07 +01:00
Moritz	298a13c2e4	Harden NoActor check with runtime environment guard Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.	2026-01-27 10:23:06 +01:00
Moritz	3ad0db0b2f	test(auth): add User policies test suite 31 tests covering all 4 permission sets and bypass scenarios Update HasPermission tests to expect false for scope :own without record	2026-01-27 10:23:06 +01:00
Moritz	38ae25e0e3	Refactor test setup into helper functions Extract setup code into reusable helper functions to reduce duplication and improve maintainability.	2026-01-27 10:14:05 +01:00
Moritz	8eb05c8a6a	Document System Actor pattern in code guidelines Add section explaining when and how to use system actor for systemic operations. Include examples and distinction between user mode and system mode.	2026-01-27 10:14:04 +01:00
Moritz	481e82d541	Add tests for System Actor helper Test system actor retrieval, caching, fallback behavior, and auto-creation in test environment.	2026-01-27 10:14:04 +01:00
Moritz	c137ee6221	refactor: Replace length/1 with empty list comparison Replace expensive length/1 calls with direct list comparison to fix Credo warnings about performance	2026-01-27 10:13:56 +01:00
carla	257739d273	feat: adds error capping	2026-01-27 10:13:50 +01:00
carla	7da037d81d	refactor: adds schemales changeset and validation constant	2026-01-19 11:43:51 +01:00
carla	8b3cc6a6b2	feat: adds row validation	2026-01-19 11:22:11 +01:00
carla	6dc398fa5a	refactor: reduce complexity	2026-01-15 17:00:17 +01:00
carla	0673684cc1	test: adds tests for header normalization	2026-01-15 16:11:02 +01:00
carla	3bbe9895ee	fix: improve CSV parser error handling	2026-01-15 11:08:22 +01:00
carla	31cf07c071	test: updated tests	2026-01-15 10:10:14 +01:00
carla	4b41ab37bb	Merge branch 'main' into feature/330_import_service_skeleton	2026-01-14 12:30:40 +01:00
carla	aa3fb0c49b	fix linting	2026-01-14 10:48:36 +01:00
carla	aa62e03409	skip test for now Some checks failed continuous-integration/drone/push Build is failing Details	2026-01-14 09:11:44 +01:00
Moritz	c95a6fac69	Improve: Make deny_filter robust and add regression test - Change deny_filter from [id: {:in, []}] to expr(false) - Add regression test to ensure deny-filter matches 0 records	2026-01-13 15:01:55 +01:00
Moritz	42a463f422	Security: Fix critical deny-filter bug and improve authorization CRITICAL FIX: Deny-filter was allowing all records instead of denying Fix: User validation in Member now uses actor from changeset.context	2026-01-13 15:01:55 +01:00
Moritz	70729bdd73	Fix: HasPermission auto_filter and strict_check implementation Fixes security issue where auto_filter returned nil instead of proper filter expressions, which could lead to incorrect authorization behavior.	2026-01-13 15:01:54 +01:00
Moritz	93190d558f	test: add Member resource policy tests	2026-01-13 15:01:53 +01:00
carla	cc6d72b6b1	feat: add service skeleton and tests Some checks failed continuous-integration/drone/push Build is failing Details	2026-01-13 11:44:40 +01:00
Moritz	db0a187058	fix: correct relationship filter paths in HasPermission check All checks were successful continuous-integration/drone/push Build is passing Details - Use user.id instead of user_id for Member linked scope - Use member.user.id for CustomFieldValue linked scope - Add lazy logger evaluation - Improve action nil handling - Add integration tests for filter expressions	2026-01-08 17:45:02 +01:00
Moritz	cba471dcac	test: add tests for HasPermission policy check Add comprehensive test suite for the HasPermission Ash Policy Check covering permission lookup, scope application, error handling, and logging.	2026-01-08 16:48:42 +01:00
Moritz	18ec4bfd16	fix: add missing /custom_field_values/:id page to read_only and normal_user All checks were successful continuous-integration/drone/push Build is passing Details - Add /custom_field_values/:id to read_only pages (users can view list, should also view details) - Add /custom_field_values/:id to normal_user pages - Refactor tests to reduce duplication (use for-comprehension for structure tests) - Add tests for invalid input types in valid_permission_set?/1 - Update @spec for valid_permission_set?/1 to accept any() type	2026-01-06 22:17:33 +01:00
Moritz	7845117fad	refactor: improve error handling and documentation in PermissionSets All checks were successful continuous-integration/drone/push Build is passing Details - Add explicit ArgumentError for invalid permission set names with helpful message - Soften performance claim in documentation (intended to be constant-time) - Add tests for error handling - Improve maintainability with guard clause for invalid inputs	2026-01-06 21:55:52 +01:00
Moritz	9b0d022767	fix: add missing /profile page to read_only and normal_user permission sets Both permission sets allow User:update :own, so users should be able to access their profile page. This makes the implementation consistent with the documentation and the logical permission model.	2026-01-06 21:55:13 +01:00
Moritz	4bd08e85bb	fix: use Enum.empty? instead of != [] to fix type warning All checks were successful continuous-integration/drone/push Build is passing Details Replace comparison with empty list using Enum.empty?/1 to satisfy type checker and avoid redundant comparison warning	2026-01-06 21:35:59 +01:00
Moritz	3a0fb4e84f	feat: implement PermissionSets module with all 4 permission sets - Add types for scope, action, resource_permission, permission_set - Implement get_permissions/1 for all 4 sets (own_data, read_only, normal_user, admin) - Implement valid_permission_set?/1 for string and atom validation - Implement permission_set_name_to_atom/1 with error handling	2026-01-06 21:33:39 +01:00
Moritz	3265468bd6	test: update role tests for is_system_role API change All checks were successful continuous-integration/drone/push Build is passing Details Use Ash.Changeset.force_change_attribute to set is_system_role in tests since it's no longer settable via public API. Remove unused nil clause from error_message helper.	2026-01-06 19:04:05 +01:00
Moritz	73763b1f58	refactor: improve error_message test helper robustness All checks were successful continuous-integration/drone/push Build is passing Details Use Enum.reject for nil field case to explicitly filter errors without field. Update test to use :is_system_role field since validation error includes field.	2026-01-06 18:44:04 +01:00
Moritz	c6a766377a	refactor: improve error_message test helper Add pattern matching for nil field case to handle errors without specific field (e.g., system role deletion).	2026-01-06 18:37:38 +01:00
Moritz	9bb0fe5e37	test: add unit tests for Role validations Add tests for permission_set_name validation, system role deletion protection, and name uniqueness constraints.	2026-01-06 18:14:20 +01:00
Moritz	c25ffdc034	refactor: implement proper notification handling via after_action hooks Refactor notification handling according to Ash best practices	2025-12-18 15:00:44 +01:00

1 2

57 commits