221 commits

Author	SHA1	Message	Date
Moritz	94b6fe281d	Fix tests: Remove duplicate actor keyword arguments	2026-01-24 01:44:39 +01:00
Moritz	a6cdeaa18d	Add actor parameter to all tests requiring authorization ... This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-23 20:06:11 +01:00
Moritz	427608578f	Restrict Actor.ensure_loaded to Mv.Accounts.User only ... Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-22 23:17:55 +01:00
Moritz	f6096e194f	Remove skipped get_by_subject test, add explanation ... Test removed - JWT flow tested via AshAuthentication integration. Direct test would require JWT mocking without value.	2026-01-22 23:04:58 +01:00
Moritz	e60bb6926f	Remove unused PolicyHelpers macro and PolicyConsistency test ... Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-22 22:37:09 +01:00
Moritz	f2def20fce	Add centralized Actor.ensure_loaded helper ... Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-22 22:37:07 +01:00
Moritz	05c71132e4	Replace NoActor runtime Mix.env with compile-time config ... Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-22 22:37:04 +01:00
Moritz	d97f6f4004	Add policy consistency tests ... Enforce User.update :own across all permission sets. Verify READ bypass + UPDATE HasPermission pattern.	2026-01-22 21:36:19 +01:00
Moritz	7d0f5fde86	Replace for comprehension with explicit describe blocks ... Fix Credo parsing error by removing for comprehension. Duplicate tests for own_data, read_only, normal_user sets.	2026-01-22 21:36:16 +01:00
Moritz	56144a7696	Add role loading fallback to HasPermission check ... Extract ash_resource? helper to reduce nesting depth. Add ensure_role_loaded fallback for unloaded actor roles.	2026-01-22 21:36:10 +01:00
Moritz	93216f3ee6	Harden NoActor check with runtime environment guard ... Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.	2026-01-22 21:36:09 +01:00
Moritz	63d8c4668d	test(auth): add User policies test suite ... 31 tests covering all 4 permission sets and bypass scenarios Update HasPermission tests to expect false for scope :own without record	2026-01-22 19:19:25 +01:00
Moritz	5eadd5f090	Refactor test setup into helper functions ... Extract setup code into reusable helper functions to reduce duplication and improve maintainability.	2026-01-20 23:16:40 +01:00
Moritz	a3cf8571ff	Document System Actor pattern in code guidelines ... Add section explaining when and how to use system actor for systemic operations. Include examples and distinction between user mode and system mode.	2026-01-20 22:10:11 +01:00
Moritz	f1bb6a0f9a	Add tests for System Actor helper ... Test system actor retrieval, caching, fallback behavior, and auto-creation in test environment.	2026-01-20 22:09:21 +01:00
Moritz	235154a102	test: Remove outdated TODO for auto-assignment feature ... Auto-assignment of default membership fee type is already implemented via SetDefaultMembershipFeeType change. Test assertion is now active.	2026-01-20 16:33:50 +01:00
Moritz	0abcf540bb	refactor: Replace length/1 with empty list comparison ... Replace expensive length/1 calls with direct list comparison to fix Credo warnings about performance	2026-01-20 15:58:15 +01:00
Moritz	32e0adb664	test: Add tests for UserLive.Show and RoleLive.Show ... - Add comprehensive tests for UserLive.Show - Add comprehensive tests for RoleLive.Show - Cover mount, display, navigation, and error handling	2026-01-20 15:50:08 +01:00
Moritz	cafd1d4ebc	refactor: Remove deprecated LiveViews ... - Remove CustomFieldValueLive (Index, Form, Show) - Remove ContributionTypeLive.Index - Remove ContributionPeriodLive.Show - Remove corresponding routes from router - Remove references in CustomFieldValueLive.Index	2026-01-20 15:50:08 +01:00
simon	b84431879c	Merge pull request 'fix admin database seeding closes #357' (#358) from bugfix/reseeding-database-not-working into main ... Reviewed-on: #358	2026-01-19 14:17:12 +01:00
Simon	d9b659e5ea	fix: linting + tests	2026-01-19 14:09:19 +01:00
Simon	bc4bcd0089	fix: change creation of admin user	2026-01-19 13:40:28 +01:00
Simon	584442076e	fix: add error message to form	2026-01-19 12:47:17 +01:00
carla	3cbd90ecdd	feat: adds error capping	2026-01-19 12:02:28 +01:00
carla	24426c7786	Merge branch 'main' into feature/333_validation	2026-01-19 11:46:14 +01:00
carla	7da037d81d	refactor: adds schemales changeset and validation constant	2026-01-19 11:43:51 +01:00
carla	8b3cc6a6b2	feat: adds row validation	2026-01-19 11:22:11 +01:00
Simon	c86ae6aa9d	fix: sidebar accessibility	2026-01-16 14:17:15 +01:00
Simon	d6173571b5	test: make tests more structural, less dependend on specific values	2026-01-16 12:48:35 +01:00
carla	6dc398fa5a	refactor: reduce complexity	2026-01-15 17:00:17 +01:00
carla	0673684cc1	test: adds tests for header normalization	2026-01-15 16:11:02 +01:00
carla	3bbe9895ee	fix: improve CSV parser error handling	2026-01-15 11:08:22 +01:00
carla	31cf07c071	test: updated tests	2026-01-15 10:10:14 +01:00
carla	4b41ab37bb	Merge branch 'main' into feature/330_import_service_skeleton	2026-01-14 12:30:40 +01:00
carla	aa3fb0c49b	fix linting	2026-01-14 10:48:36 +01:00
carla	aa62e03409	skip test for now	2026-01-14 09:11:44 +01:00
Moritz	970c749a92	test: Add role tag support to ConnCase and fix test issues ... - Add role tag support (@tag role: :admin/:member/:unauthenticated) to ConnCase - Fix Keyword.get -> Map.get for tags Map - Remove duplicate test file index_display_name_test.exs - Fix CustomField creation in tests (remove slug, use :string instead of :text) - Fix CustomFieldValue value format to use _union_type/_union_value	2026-01-13 15:17:06 +01:00
Moritz	145a76348c	Pass actor parameter in seeds and update test setup ... Ensure cycle generation in seeds uses admin actor and update test to use global admin_user from ConnCase setup.	2026-01-13 15:17:05 +01:00
Moritz	075a06ba6f	Refactor test setup: use global setup and fix MembershipFees domain alias ... - Remove redundant setup blocks from member_live tests - Add build_unauthenticated_conn helper for AuthController tests - Add global setup in conn_case.ex	2026-01-13 15:15:56 +01:00
Moritz	c95a6fac69	Improve: Make deny_filter robust and add regression test ... - Change deny_filter from [id: {:in, []}] to expr(false) - Add regression test to ensure deny-filter matches 0 records	2026-01-13 15:01:55 +01:00
Moritz	42a463f422	Security: Fix critical deny-filter bug and improve authorization ... CRITICAL FIX: Deny-filter was allowing all records instead of denying Fix: User validation in Member now uses actor from changeset.context	2026-01-13 15:01:55 +01:00
Moritz	70729bdd73	Fix: HasPermission auto_filter and strict_check implementation ... Fixes security issue where auto_filter returned nil instead of proper filter expressions, which could lead to incorrect authorization behavior.	2026-01-13 15:01:54 +01:00
Moritz	93190d558f	test: add Member resource policy tests	2026-01-13 15:01:53 +01:00
carla	cc6d72b6b1	feat: add service skeleton and tests	2026-01-13 11:44:40 +01:00
carla	6fe75db56d	formatting	2026-01-13 10:50:33 +01:00
carla	35895ac7fd	fix tests	2026-01-13 10:48:44 +01:00
Simon	8a1b14fc79	fix: fix tests and remove navbar remainings	2026-01-12 15:16:31 +01:00
Simon	e7515b5450	Merge remote-tracking branch 'origin/main' into sidebar	2026-01-12 14:15:12 +01:00
carla	922f9f93d0	Merge branch 'main' into feature/223_memberfields_settings	2026-01-12 13:15:40 +01:00
carla	77908a1467	fix tests	2026-01-12 11:45:44 +01:00