local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
942 commits 13 branches 0 tags 7.9 MiB
Commit graph

942 commits

This branch
This branch
All branches
Author SHA1 Message Date
carla
71b6048e3c i18n: add translations
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 18:13:32 +01:00
carla
aaeafa646a formatting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 17:57:16 +01:00
carla
9ddd1a470d Merge branch 'main' into feature/335_csv_import_ui
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 17:55:23 +01:00
carla
ffe146716b formatting and refactoring
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 17:52:09 +01:00
simon
b6992f8488 Merge pull request 'Add boolean custom field filters to member overview closes #309' (#362) from feature/filter-boolean-custom-fields into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #362
 2026-01-23 14:53:05 +01:00
Simon
1b44730b95
Fix: Ensure members are loaded in handle_params when signature unchanged
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-23 14:48:37 +01:00
Simon
672b4a8250
Merge branch 'main' into feature/filter-boolean-custom-fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:41:48 +01:00
Simon
20c96123e1
fix: failing test
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:33:54 +01:00
Simon
1d46fd1baf
feat: improve filter performance by reducing Ash.read! calls
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:22:57 +01:00
Simon
b4657cae23
fix: resolve pr remarks 2026-01-23 14:00:18 +01:00
carla
d02f725d51 refactor
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 12:54:48 +01:00
carla
465fe5a5b1 Merge branch 'main' into feature/335_csv_import_ui
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 10:33:56 +01:00
Moritz
c98ad4085a
docs: add authorization bootstrap patterns section
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Document the three authorization bypass mechanisms and when to use each:
- NoActor (test-only bypass)
- system_actor (systemic operations)
- authorize?: false (bootstrap scenarios)
 2026-01-23 02:53:20 +01:00
Moritz
41e342a1d6 Fix OIDC account linking by using SystemActor in LinkOidcAccountLive
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add SystemActor to all Ash operations in LinkOidcAccountLive
- Enables user lookup, reload, and oidc_id linking during OIDC flow
- User is not yet logged in during linking, so SystemActor provides authorization
 2026-01-23 02:14:59 +01:00
Moritz
bad4e5ca7c Fix OIDC login by using SystemActor in OidcEmailCollision validation 
- Add SystemActor to Ash.read_one() calls in OidcEmailCollision validation
- Prevents authorization failures during OIDC registration when no actor is logged in
- Enables proper email collision detection and account linking flow
 2026-01-23 02:12:53 +01:00
Moritz
079d270768 Fix authorization bypass in seeds and validations
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add authorize?: false to all bootstrap operations in seeds.exs
- Fix user-linking validation to respect authorize? context flag
- Prevents authorization errors during initial setup when no actor exists yet
 2026-01-23 02:08:11 +01:00
moritz
67b5d623cf Merge pull request 'User Resource Policies closes #363' (#364) from feature/363_user_policies into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #364
 2026-01-22 23:24:36 +01:00
Moritz
427608578f Restrict Actor.ensure_loaded to Mv.Accounts.User only
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
 2026-01-22 23:17:55 +01:00
Moritz
d114554d52 Fix remaining runtime guard references in CODE_GUIDELINES 
Remove mentions of runtime guards - only compile-time config is used.
Clarify that production safety comes from config defaults.
 2026-01-22 23:12:33 +01:00
Moritz
f32324d942 Update CODE_GUIDELINES for Application.compile_env pattern
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Replace Mix.env example with config-based approach.
Remove outdated runtime guard documentation.
 2026-01-22 23:05:00 +01:00
Moritz
f6096e194f Remove skipped get_by_subject test, add explanation 
Test removed - JWT flow tested via AshAuthentication integration.
Direct test would require JWT mocking without value.
 2026-01-22 23:04:58 +01:00
Moritz
f3abade7ad Add authorize?: false to Actor.ensure_loaded 
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
 2026-01-22 23:04:56 +01:00
Moritz
e60bb6926f Remove unused PolicyHelpers macro and PolicyConsistency test
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
 2026-01-22 22:37:09 +01:00
Moritz
f2def20fce Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-22 22:37:07 +01:00
Moritz
05c71132e4 Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-22 22:37:04 +01:00
Moritz
811a276d92 Update documentation for User credentials strategy
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Clarify that User.update :own is handled by HasPermission.
Fix file path references from lib/mv/accounts to lib/accounts.
 2026-01-22 21:36:22 +01:00
Moritz
d97f6f4004 Add policy consistency tests 
Enforce User.update :own across all permission sets.
Verify READ bypass + UPDATE HasPermission pattern.
 2026-01-22 21:36:19 +01:00
Moritz
a834bdc4ff Add PolicyHelpers macro for standard user policies 
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
 2026-01-22 21:36:18 +01:00
Moritz
7d0f5fde86 Replace for comprehension with explicit describe blocks 
Fix Credo parsing error by removing for comprehension.
Duplicate tests for own_data, read_only, normal_user sets.
 2026-01-22 21:36:16 +01:00
Moritz
47c938cc50 Centralize role preloading in global LiveView on_mount 
Add ensure_user_role_loaded to global live_view quote block.
Remove redundant on_mount calls from individual LiveViews.
 2026-01-22 21:36:15 +01:00
Moritz
797452a76e Shorten User policy comments to state what only 
Move why explanations to documentation files.
Keep policy comments concise and focused.
 2026-01-22 21:36:12 +01:00
Moritz
f1e6a1e9db Clarify User.update :own in permission sets 
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
 2026-01-22 21:36:11 +01:00
Moritz
56144a7696 Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-22 21:36:10 +01:00
Moritz
93216f3ee6 Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-22 21:36:09 +01:00
Moritz
5506b5b2dc docs(auth): document User policies and bypass pattern
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Add bypass vs HasPermission pattern documentation
Update architecture and implementation plan docs
 2026-01-22 19:19:27 +01:00
Moritz
63d8c4668d test(auth): add User policies test suite 
31 tests covering all 4 permission sets and bypass scenarios
Update HasPermission tests to expect false for scope :own without record
 2026-01-22 19:19:25 +01:00
Moritz
429042cbba feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-22 19:19:22 +01:00
moritz
a9f9cab96a Merge pull request 'System Actor Mode for Systemic Flows closes #348' (#361) from feature/348_system_actor into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #361
 2026-01-21 08:36:39 +01:00
Moritz
d07f1984cd Move require Logger to module level
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
 2026-01-21 08:35:34 +01:00
Moritz
1c5bd04661
Update gettext translations for new UI strings
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-21 08:09:34 +01:00
Moritz
b0ddf99117 Add admin authorization check for regenerate cycles button 
Restrict UI access to cycle regeneration to administrators only
to prevent policy bypass via user interface
 2026-01-21 08:02:38 +01:00
Moritz
ea399612be Make system actor email configurable via SYSTEM_ACTOR_EMAIL 
Allow system user email to be configured via environment variable
with fallback to default 'system@mila.local'
 2026-01-21 08:02:35 +01:00
Moritz
7e9de8e95b Add logging for fail-open email uniqueness validations 
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
 2026-01-21 08:02:33 +01:00
Moritz
5c3657fed1 Use SystemActor opts for cycle deletion operations 
Pass actor_opts to delete_cycles/1 to ensure proper authorization
when MembershipFeeCycle policies are enforced
 2026-01-21 08:02:32 +01:00
Moritz
006b1aaf06 Replace Mix.env() with Config.sql_sandbox?() in SystemActor 
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
 2026-01-21 08:02:31 +01:00
Simon
a92f503752
fix: credo warning
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-21 01:24:43 +01:00
Simon
4b67039a78
test: add more filter component tests
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-21 01:14:26 +01:00
Simon
f996aee6b2
feat: add new filter component to members view
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-21 00:47:01 +01:00
Moritz
5eadd5f090 Refactor test setup into helper functions
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Extract setup code into reusable helper functions to reduce
duplication and improve maintainability.
 2026-01-20 23:16:40 +01:00
Moritz
c5bd58e7d3 Add @spec type annotations to SystemActor functions 
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
 2026-01-20 23:16:39 +01:00