mitgliederverwaltung

local-it/mitgliederverwaltung

Fork 0

Commit graph

Author	SHA1	Message	Date
Moritz	47b6a16177	Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin	2026-02-03 16:07:39 +01:00
Moritz	3d46ba655f	Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks - Actor.permission_set_name(actor) returns role's permission set (supports nil role load). - Actor.admin?(actor) returns true for system user or admin permission set. - ActorIsAdmin policy check delegates to Actor.admin?/1.	2026-02-03 14:34:24 +01:00
Moritz	14fa873640	Restrict User.update_user to admin; allow :update for email only - Add ActorIsAdmin policy check (admin permission set only) - User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin - User: primary :update action accept [:email] for non-admin profile edit	2026-01-30 11:13:23 +01:00

Author

SHA1

Message

Date

Moritz

47b6a16177

Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin

2026-02-03 16:07:39 +01:00

Moritz

3d46ba655f

Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks

- Actor.permission_set_name(actor) returns role's permission set (supports nil role load).
- Actor.admin?(actor) returns true for system user or admin permission set.
- ActorIsAdmin policy check delegates to Actor.admin?/1.

2026-02-03 14:34:24 +01:00

Moritz

14fa873640

Restrict User.update_user to admin; allow :update for email only

- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit

2026-01-30 11:13:23 +01:00

3 commits