local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1004 commits 13 branches 0 tags 7.9 MiB
Commit graph

126 commits

Author SHA1 Message Date
Simon
6faa9847f4
feat: add groups administration #372 2026-01-27 21:55:17 +01:00
Moritz
4d3a249b0c HasPermission: remove unused _authorizer from strict_check helper 2026-01-27 16:07:01 +01:00
Moritz
7153af23ee CustomFieldValueCreateScope: use get_argument_or_attribute for member_id 
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
  when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
 2026-01-27 16:07:01 +01:00
Moritz
bf2d0352c1 Add authorization policies to CustomFieldValue resource 
- Authorizer and policies: bypass for read (member_id == actor.member_id),
  CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
  must use a dedicated check (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
c7c6b318ac Add CustomFieldValueCreateScope check for create actions 
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
8f5f69744c Add CustomFieldValue create/destroy :linked to own_data permission set 
Allows members to create and delete custom field values for their linked member.
 2026-01-27 16:07:01 +01:00
Moritz
1d0ac6d280 Improve CSV import error messages 
Include email address in duplicate email error messages.
Add German translation for email uniqueness errors.
Ensure locale is set for translations in async tasks.
 2026-01-25 18:33:28 +01:00
Moritz
562265f212 Security: Require actor parameter in CSV import 
Remove fallback to system_actor in process_chunk to prevent
unauthorized access. Actor must now be explicitly provided.
 2026-01-25 18:33:25 +01:00
carla
bf7e47ce5c
refactor 2026-01-25 17:31:42 +01:00
carla
04b0916c1e
refactor 2026-01-25 17:30:07 +01:00
carla
092fd99d48
fat: adds csv import live view to settings 2026-01-25 17:30:03 +01:00
Moritz
5c0786ebca
Fix HasPermission check to handle nil member_id gracefully 2026-01-24 19:15:46 +01:00
Moritz
403eda3908
Add Role helper function and create_role_with_system_flag action 
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
 2026-01-24 19:15:05 +01:00
Moritz
b545d2b9e1
Remove NoActor module, improve Member validation, update docs 2026-01-24 11:59:18 +01:00
Moritz
0f48a9b15a
Add actor parameter to all tests requiring authorization 
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
 2026-01-24 02:21:02 +01:00
Moritz
686f69c9e9
Add authorize?: false to SystemActor bootstrap operations 
- Role lookup and creation (find_admin_role, create_admin_role)
- System user creation and role assignment
- Role loading during initialization
 2026-01-24 02:12:31 +01:00
Simon
672b4a8250
Merge branch 'main' into feature/filter-boolean-custom-fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:41:48 +01:00
Moritz
427608578f Restrict Actor.ensure_loaded to Mv.Accounts.User only
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
 2026-01-22 23:17:55 +01:00
Moritz
f3abade7ad Add authorize?: false to Actor.ensure_loaded 
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
 2026-01-22 23:04:56 +01:00
Moritz
e60bb6926f Remove unused PolicyHelpers macro and PolicyConsistency test
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
 2026-01-22 22:37:09 +01:00
Moritz
f2def20fce Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-22 22:37:07 +01:00
Moritz
05c71132e4 Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-22 22:37:04 +01:00
Moritz
a834bdc4ff Add PolicyHelpers macro for standard user policies 
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
 2026-01-22 21:36:18 +01:00
Moritz
f1e6a1e9db Clarify User.update :own in permission sets 
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
 2026-01-22 21:36:11 +01:00
Moritz
56144a7696 Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-22 21:36:10 +01:00
Moritz
93216f3ee6 Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-22 21:36:09 +01:00
Moritz
429042cbba feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-22 19:19:22 +01:00
Moritz
d07f1984cd Move require Logger to module level
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
 2026-01-21 08:35:34 +01:00
Moritz
7e9de8e95b Add logging for fail-open email uniqueness validations 
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
 2026-01-21 08:02:33 +01:00
Moritz
006b1aaf06 Replace Mix.env() with Config.sql_sandbox?() in SystemActor 
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
 2026-01-21 08:02:31 +01:00
Moritz
c5bd58e7d3 Add @spec type annotations to SystemActor functions 
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
 2026-01-20 23:16:39 +01:00
Moritz
a3cf8571ff Document System Actor pattern in code guidelines 
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
 2026-01-20 22:10:11 +01:00
Moritz
c64b74588f Use system actor for cycle generation 
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
 2026-01-20 22:09:20 +01:00
Moritz
f0169c95b7 Use system actor for email uniqueness validation 
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
 2026-01-20 22:09:19 +01:00
Moritz
8acd92e8d4 Use system actor for email synchronization 
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
 2026-01-20 22:09:18 +01:00
Moritz
ddb1252831 Add System Actor helper for systemic operations 
Introduce Mv.Helpers.SystemActor module with lazy loading
for operations that must always run regardless of user permissions.
System actor has admin role and auto-creates in test environment.
 2026-01-20 22:09:16 +01:00
Simon
01dea8bb8b
Merge branch 'main' into feature/filter-boolean-custom-fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-20 18:13:20 +01:00
Moritz
433f008af8 refactor: Reduce function complexity and nesting depth 
- Extract helper functions from process_chunk to reduce nesting
- Extract format_error_message from extract_changeset_error
- Split extract_error_message into smaller functions to reduce complexity
- Fixes Credo refactoring opportunities
 2026-01-20 16:05:32 +01:00
Simon
37e1553a02
feat: add custom boolean field state & URL-Parameter 2026-01-20 15:55:08 +01:00
Moritz
9c2cff6307
docs: Update domain Public API documentation 2026-01-20 15:50:08 +01:00
carla
ac0e272cca refactor: change length for performance 2026-01-19 12:37:39 +01:00
carla
3cbd90ecdd feat: adds error capping 2026-01-19 12:02:28 +01:00
carla
7da037d81d refactor: adds schemales changeset and validation constant 2026-01-19 11:43:51 +01:00
carla
8b3cc6a6b2 feat: adds row validation 2026-01-19 11:22:11 +01:00
carla
6dc398fa5a refactor: reduce complexity 2026-01-15 17:00:17 +01:00
carla
67072f0c52 feat: adds header header normalization 2026-01-15 16:11:09 +01:00
carla
8a5d012895 refactor parser 2026-01-15 12:15:22 +01:00
carla
3bbe9895ee fix: improve CSV parser error handling 2026-01-15 11:08:22 +01:00
carla
68e19bea18 feat: add csv parser 2026-01-15 10:10:02 +01:00
carla
4b41ab37bb Merge branch 'main' into feature/330_import_service_skeleton 2026-01-14 12:30:40 +01:00