local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1137 commits 13 branches 0 tags 7.9 MiB
Commit graph

320 commits

Author SHA1 Message Date
Moritz
67ce514ba0 User: fix last-admin validation and forbid non-admin role_id change 
- Last-admin only when target role is non-admin (admins may switch admin roles).
- Use Ash.Changeset.get_attribute for new role_id. Tests: admin role switch, non-admin update_user role_id forbidden.
 2026-02-04 09:19:47 +01:00
Moritz
dbd0a57292 Secure regenerate_cycles: require can?(:create, MembershipFeeCycle) in handler 
- Handler returns flash error when non-admin triggers event (e.g. DevTools).
- Test: read_only cannot create MembershipFeeCycle so handler rejects.
 2026-02-04 09:19:37 +01:00
Moritz
03d3a7eb1b Docs and tests: fix CODE_GUIDELINES structure, use Mv.Fixtures in show_membership_fees_test
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- CODE_GUIDELINES: correct custom_field/custom_field_value descriptions, add fixtures.ex to test support
- show_membership_fees_test: use Mv.Fixtures.member_fixture, remove redundant create_member helper
 2026-02-04 01:02:22 +01:00
Moritz
a2e1054c8d Tests: use Mv.Fixtures, fix warnings, Credo TODO disable 
- Policy tests: use Fixtures where applicable; create_custom_field() fix in custom_field_value.
- Replace unused actor with _actor, remove unused alias Accounts in policy tests.
- profile_navigation_test: disable Credo for intentional TODO comment.
 2026-02-04 00:34:12 +01:00
Moritz
3a92398d54 user_policies_test: data-driven tests for own_data, read_only, normal_user 
Single describe with @tag permission_set and for-loop; one setup per permission set.
 2026-02-04 00:34:02 +01:00
Moritz
085b6be769 show_membership_fees_test: format long assert line 2026-02-04 00:34:01 +01:00
Moritz
c4459ebb92 Docs, gettext, and remaining test updates
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- groups-architecture and membership-fee-architecture docs
- Gettext: add/correct German for authorization and membership fee type
- membership_fee_helpers_test and membership_fee_status_test adjustments
 2026-02-03 23:52:31 +01:00
Moritz
101fd39f18 Fee settings and fee type form: pass actor for MembershipFeeType read 
- membership_fee_settings_live: current_actor(socket), Ash.read! with actor
- membership_fee_type_live/form: Ash.get! with actor in mount
- check_page_permission_test: normal_user /groups/new and /groups/:slug/edit allowed
- membership_fee_type_live form_test: actor for Ash.read_one!/get!
 2026-02-03 23:52:27 +01:00
Moritz
e3bea17827 Member show & MembershipFees: permissions, delete all, regenerate, errors 
- Show: handle_info :member_updated and :put_flash; Linked User only when can_access_page? /users
- MembershipFeesComponent: can_create_cycle/can_destroy_cycle/can_update_cycle; buttons gated
- Delete all cycles via Ash.destroy (policy enforced); format_error Forbidden
- Regenerate cycles for normal_user and admin (no admin-only check)
- Member form: format_error tuple for membership_fee_type_id; Select a membership fee type (no None)
- show_membership_fees_test: read_only UI and policy tests
 2026-02-03 23:52:24 +01:00
Moritz
8ec4a07103 User form: persist role, member linking, Forbidden handling 
- User resource: update_user accepts role_id, manage_relationship :member
- user_live/form: touch role_id, params_with_member_if_unchanged to avoid unlink
- Handle Forbidden in form, extract error message for display
- user_policies_test and form_test coverage
 2026-02-03 23:52:20 +01:00
Moritz
5ed41555e9 Member/Setting/validations: domain, actor, and seeds 
- setting.ex: domain/authorize for default_membership_fee_type_id check
- validate_same_interval: require membership_fee_type (no None)
- set_membership_fee_start_date: domain/actor for fee type lookup
- Validations: domain/authorize for cross-resource checks
- helpers.ex, email_sync change, seeds.exs actor/authorize fixes
- Update related tests
 2026-02-03 23:52:16 +01:00
Moritz
5889683854 Add resource policies for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Group/MemberGroup/MembershipFeeType/MembershipFeeCycle: HasPermission policy
- normal_user: Group and MembershipFeeCycle create/update/destroy; pages /groups/new, /groups/:slug/edit
- Add policy tests for all four resources
 2026-02-03 23:52:12 +01:00
Moritz
893f9453bd Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
 2026-02-03 23:52:09 +01:00
Moritz
cbc9376b7b Tests: data-testid selectors, scoped delete, sidebar testid
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
Member/User auth tests use data-testid and #row-id selectors.
Sidebar auth tests assert on data-testid=sidebar-administration.
Sidebar test expects data-testid in expanded-menu-group markup.
 2026-02-03 17:16:15 +01:00
Moritz
1426ef1d38
Add sidebar authorization tests
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Assert menu visibility per role: admin, read_only, normal_user,
own_data, nil user, user without role.
 2026-02-03 16:56:52 +01:00
Moritz
f779fd61e0
Gate sidebar menu items by can_access_page? 
Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.
 2026-02-03 16:56:52 +01:00
Moritz
cc9e530d80
Add User LiveView authorization tests 
Covers admin, read_only, member, normal_user for Index and Show.
Asserts New User / Edit / Delete visibility and redirect for non-admin.
 2026-02-03 16:56:51 +01:00
Moritz
5e361ba400
Add Member LiveView authorization tests 
Covers read_only, normal_user, admin, own_data for Index and Show.
Asserts New Member / Edit / Delete visibility and redirect for Mitglied.
 2026-02-03 16:56:51 +01:00
Moritz
131904f172
Test: assert on error field :email instead of message string
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-03 16:07:47 +01:00
Moritz
4ea31f0f37 Add email-change permission validation for linked members
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.
 2026-02-03 14:35:32 +01:00
carla
960506d16a refactoring
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-02 16:56:07 +01:00
carla
aef3aa299f fix test
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-02 15:04:07 +01:00
carla
9e27de84cb Merge branch 'main' into feature/338_import_custom_fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:46:05 +01:00
carla
86a3c4e50e tests: add tests for import 2026-02-02 13:07:00 +01:00
carla
b6d53d2826 refactor: add test to seperate async false module 2026-02-02 10:22:05 +01:00
carla
d61a939deb formatting
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-02 09:50:47 +01:00
carla
9fd617e45a tests: add tests for config 2026-02-02 09:48:37 +01:00
Moritz
f8f6583679 PermissionSetsTest: assert /users/:id instead of /profile in pages
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details 
Profile is reachable at /users/:id; /profile was removed from PermissionSets.
 2026-01-30 11:37:34 +01:00
Moritz
cf6bd4a6a1 UserPoliciesTest: use :update for non-admin own-email and forbid-other 
- own_data, read_only, normal_user: can update own email via :update
- cannot update other users: use :update (scope :own forbids)
 2026-01-30 11:13:34 +01:00
Moritz
faee780aab Tests: read_only/normal_user /users/:id, Ash.read! actor, Authorization own/other
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Integration: read_only and normal_user GET /users/:id (own) and edit/show/edit return 200
- Integration: read_only GET /users/:id (other) redirects
- Plug test: use group_fixture in setup instead of Ash.read!() without actor
- Authorization: tests for own/other profile and reserved 'new'
 2026-01-30 10:22:34 +01:00
Moritz
3a7e4000c0
fix: fix warning of unused variable in UserLive.IndexTest
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-30 00:13:40 +01:00
Moritz
28d134b2b0
chore: remove unused aliases in tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
- Drop unused Member alias from membership and membership_fees test files.
 2026-01-30 00:00:33 +01:00
Moritz
b55f356762
fix: handle nil member in MembershipFeeHelpers 
- get_last_completed_cycle/2 and get_current_cycle/2 return nil when member is nil.
- Avoids FunctionClauseError when MemberLive.Show receives no member (e.g. after
  redirect or policy filter). Add unit tests for nil member.
 2026-01-30 00:00:32 +01:00
Moritz
ad00e8e7b6
test: add page permission tests and ConnCase role tags 
- ConnCase: add :read_only and :normal_user role tags for tests.
- Add CheckPagePermission plug tests (unit + integration for member, read_only,
  normal_user, admin). Update permission_sets_test (refute "/" for own_data).
- Profile navigation, global_settings, role_live, membership_fee_type: use
  users with role for "/" access; expect redirect for own_data on /settings
  and /admin/roles.
 2026-01-30 00:00:32 +01:00
Moritz
4473cfd372 Tests: use code interface for Member create/update (actor propagation)
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 16:10:12 +01:00
Moritz
9a7622ebed fix: pass actor to CustomFieldLive.FormComponent for save 
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
 2026-01-29 16:10:12 +01:00
Moritz
1d17c4f2dd fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 16:10:12 +01:00
Moritz
36b5d5880b Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 16:10:12 +01:00
Simon
9b314a9806
fix: credo error
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:26:45 +01:00
Simon
b4adf63e83
feix: optimize queries for groups
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-29 15:22:40 +01:00
Simon
124ab295a6
fix: select all checkbox handling 2026-01-29 15:14:36 +01:00
Simon
0a1b52d978
test: fix tests
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/pr Build is failing
Details
2026-01-29 14:39:31 +01:00
Simon
0b29fbbd21
test: restore removed tests including optimizations 2026-01-29 12:59:06 +01:00
Simon
3f0dc868c9
chore: disable test performance output again
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:54:59 +01:00
Simon
c3ad8894b0
refactor: implement more review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:47:30 +01:00
Simon
ea3bdcaa65
refactor: apply review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:42:16 +01:00
Simon
050ca4a13c
test: move slow and less critical tests to nightly suite
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:34:05 +01:00
Simon
91f8bb03bc
refactor: remove tests against basic framework functionalities
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 13:46:18 +01:00
Simon
15d328afbf
test: optimize single test and update docs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 13:33:39 +01:00
Simon
6efad280bd
refactor: apply review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 12:36:19 +01:00