- Add text labels to Edit and Delete buttons in index page
- Change button size from btn-xs to btn-sm for better visibility
- Add Delete button to show page for non-system roles
- Implement handle_event for delete in show page
- Add format_error helper to show page
Add complete CRUD interface for role management under /admin/roles.
- Index page with table showing name, description, permission_set_name, is_system_role
- Show page for role details
- Form component for create/edit with permission_set_name dropdown
- System role badge and disabled delete button
- Flash messages for success/error
- Authorization checks using MvWeb.Authorization helpers
- Comprehensive test coverage (22 tests)
Routes added under /admin scope. All LiveViews load user role
for authorization checks. Form uses custom dropdown for permission sets.
Implement MvWeb.Authorization module with can?/3 and can_access_page?/2
functions for conditional rendering in LiveView templates.
- can?/3 supports both resource atoms and record structs with scope checking
- can_access_page?/2 checks page access permissions
- All functions use PermissionSets module for consistency with backend
- Graceful handling of nil users and invalid permission sets
- Comprehensive test coverage with 17 test cases
- Add /custom_field_values/:id to read_only pages (users can view list, should also view details)
- Add /custom_field_values/:id to normal_user pages
- Refactor tests to reduce duplication (use for-comprehension for structure tests)
- Add tests for invalid input types in valid_permission_set?/1
- Update @spec for valid_permission_set?/1 to accept any() type
- Add explicit ArgumentError for invalid permission set names with helpful message
- Soften performance claim in documentation (intended to be constant-time)
- Add tests for error handling
- Improve maintainability with guard clause for invalid inputs
Both permission sets allow User:update :own, so users should be able
to access their profile page. This makes the implementation consistent
with the documentation and the logical permission model.
- Add types for scope, action, resource_permission, permission_set
- Implement get_permissions/1 for all 4 sets (own_data, read_only, normal_user, admin)
- Implement valid_permission_set?/1 for string and atom validation
- Implement permission_set_name_to_atom/1 with error handling
Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.
Create Role resource with name, description, permission_set_name,
and is_system_role fields. Add validations for permission_set_name
and system role deletion protection.
Replace assign_new with assign for cycles and available_fee_types. Set regenerating flag at event start. Fix create_cycle parsing with explicit error handling. Use atomic bulk delete for all cycles. Improve delete confirmation robustness. Fix unless/else pattern for Credo compliance.
