270 commits

Author	SHA1	Message	Date
Moritz	2931632aa8	fix: pass actor to CustomFieldLive.FormComponent for save ... IndexComponent now passes actor to FormComponent; FormComponent uses assigns[:actor] instead of current_actor(socket). Add test that submits new custom field form on settings page.	2026-01-29 13:59:24 +01:00
Moritz	21dbdbe366	fix: CustomField policies, no system-actor fallback, guidelines ... - Tests and UI pass actor for CustomField create/read/destroy; seeds use actor - Member required-custom-fields validation uses context.actor only (no fallback) - CODE_GUIDELINES: add rule forbidding system-actor fallbacks	2026-01-29 13:53:55 +01:00
Moritz	250369d142	Add CustomField resource policies and tests ... - Add policies block with HasPermission for read/create/update/destroy - Add authorizers: [Ash.Policy.Authorizer] to CustomField resource - Add custom_field_policies_test.exs (read all roles, write admin only) - Fix CustomField path in roles-and-permissions doc (lib/membership)	2026-01-29 12:12:07 +01:00
Simon	ddc8335cc0	refactor: improve groups LiveView based on code review feedback	2026-01-28 10:33:27 +01:00
Simon	3eb4cde0b7	Merge remote-tracking branch 'origin/main' into feature/372-groups-management	2026-01-27 23:48:31 +01:00
Simon	9991291b2f	test: adapt tests to reflect implementation details	2026-01-27 23:40:12 +01:00
Simon	6faa9847f4	feat: add groups administration #372	2026-01-27 21:55:17 +01:00
Simon	f05fae3ea3	test: add tdd tests for groups administration #372	2026-01-27 18:24:42 +01:00
Moritz	2b4e1e3963	Sync user email to member when changing password (admin_set_password) ... Add SyncUserEmailToMember change to admin_set_password so email+password updates in the user form sync the new email to the linked member.	2026-01-27 17:58:35 +01:00
Moritz	7d33acde9f	feat(system_actor): add system_user?/1 and normalize email ... Case-insensitive email comparison for system-actor detection.	2026-01-27 17:39:04 +01:00
Moritz	9c31f0c16c	Add tests for system actor protection and hiding ... Index: system actor not in list, destroy returns Ash.Error.Invalid. Show/Form: redirect to /users when viewing or editing system actor user.	2026-01-27 17:39:04 +01:00
simon	5df1da1573	Merge branch 'main' into feature/371-groups-resource	2026-01-27 17:16:34 +01:00
Simon	fc8306cfee	test: resolve warnings	2026-01-27 16:38:17 +01:00
Moritz	0219073d33	CFV policies test: system_actor for setup, verify destroy with actor ... - create_linked_member_for_user and create_unlinked_member use actor (system_actor) directly instead of creating admin user per call - Remove create_admin_user helper - After destroy, verify with Ash.get(..., actor: actor) to avoid false positive from Forbidden vs NotFound	2026-01-27 16:07:01 +01:00
Moritz	4e032ea778	Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin) ... Covers read/update/create/destroy for linked vs unlinked members and CRUD permissions per permission set.	2026-01-27 16:07:01 +01:00
Moritz	17831a0948	Pass actor to CustomFieldValue destroy and load in existing tests ... Required after CustomFieldValue gained authorization policies.	2026-01-27 16:07:01 +01:00
Simon	6db64bf996	feat: add groups resource #371	2026-01-27 16:03:21 +01:00
Simon	0216dfcbbb	test: add tests for group resource #371	2026-01-27 15:04:26 +01:00
Moritz	562265f212	Security: Require actor parameter in CSV import ... Remove fallback to system_actor in process_chunk to prevent unauthorized access. Actor must now be explicitly provided.	2026-01-25 18:33:25 +01:00
carla	79361c72d2	fix tests and linting	2026-01-25 17:31:49 +01:00
carla	0fe4a55e80	formatting and refactoring	2026-01-25 17:31:48 +01:00
carla	bf7e47ce5c	refactor	2026-01-25 17:31:42 +01:00
carla	04b0916c1e	refactor	2026-01-25 17:30:07 +01:00
carla	092fd99d48	fat: adds csv import live view to settings	2026-01-25 17:30:03 +01:00
carla	bf9e47b257	test: adds live view csv import tests	2026-01-25 17:22:28 +01:00
Moritz	2d446f63ea	Add NOT NULL constraint to users.role_id and optimize default_role_id ... - Add database-level NOT NULL constraint for users.role_id - Update SystemActor tests to verify NOT NULL constraint enforcement - Add process dictionary caching for default_role_id/0 to reduce DB queries	2026-01-25 17:04:48 +01:00
Moritz	8f3fd9d0d7	test: adapt tests for attribute-level default solution	2026-01-25 13:42:45 +01:00
Moritz	e7bf777be2	refactor: remove AssignDefaultRole change module ... The attribute-level default solution makes this change module obsolete. All role assignment is now handled via the role_id attribute's default function, which is more robust and works for all creation paths.	2026-01-25 13:42:35 +01:00
Moritz	21b63cbe86	Add comprehensive tests for default role assignment	2026-01-24 19:16:57 +01:00
Moritz	3b5b5044fb	Add test support for default role assignment	2026-01-24 19:16:43 +01:00
Moritz	b545d2b9e1	Remove NoActor module, improve Member validation, update docs	2026-01-24 11:59:18 +01:00
Moritz	71c13d0ac0	Fix missing actor parameters and restore AshAuthentication bypass tests	2026-01-24 08:51:58 +01:00
Moritz	15a7c615d6	Fix rebase conflict: Add actor parameter to helper functions in index_test.exs	2026-01-24 02:39:28 +01:00
Moritz	fcca4b0b89	Use admin_user instead of system_actor in LiveView tests	2026-01-24 02:21:10 +01:00
Moritz	bebd7f6fe2	Fix tests: Remove redundant system_actor and update test descriptions	2026-01-24 02:21:09 +01:00
Moritz	d8187484b8	Fix tests: Add missing actor parameters to Ash operations	2026-01-24 02:21:09 +01:00
Moritz	b9d68a3417	Fix test helpers: Use actor parameter correctly	2026-01-24 02:21:09 +01:00
Moritz	c5a48d8801	Fix tests: Remove duplicate actor keyword arguments	2026-01-24 02:21:09 +01:00
Moritz	0f48a9b15a	Add actor parameter to all tests requiring authorization ... This commit adds actor: system_actor to all Ash operations in tests that require authorization.	2026-01-24 02:21:02 +01:00
Simon	672b4a8250	Merge branch 'main' into feature/filter-boolean-custom-fields	2026-01-23 14:41:48 +01:00
Simon	b4657cae23	fix: resolve pr remarks	2026-01-23 14:00:18 +01:00
Moritz	427608578f	Restrict Actor.ensure_loaded to Mv.Accounts.User only ... Pattern match on %Mv.Accounts.User{} instead of generic actor. Clearer intention, prevents accidental authorization bypasses. Non-User actors are returned as-is (no-op).	2026-01-22 23:17:55 +01:00
Moritz	f6096e194f	Remove skipped get_by_subject test, add explanation ... Test removed - JWT flow tested via AshAuthentication integration. Direct test would require JWT mocking without value.	2026-01-22 23:04:58 +01:00
Moritz	e60bb6926f	Remove unused PolicyHelpers macro and PolicyConsistency test ... Dead code - macro was never used in codebase. PolicyConsistency test will be replaced with better implementation.	2026-01-22 22:37:09 +01:00
Moritz	f2def20fce	Add centralized Actor.ensure_loaded helper ... Consolidate role loading logic from HasPermission and LiveHelpers. Use Ash.Resource.Info.resource? for reliable Ash detection.	2026-01-22 22:37:07 +01:00
Moritz	05c71132e4	Replace NoActor runtime Mix.env with compile-time config ... Use Application.compile_env for release-safety. Config only set in test.exs (defaults to false).	2026-01-22 22:37:04 +01:00
Moritz	d97f6f4004	Add policy consistency tests ... Enforce User.update :own across all permission sets. Verify READ bypass + UPDATE HasPermission pattern.	2026-01-22 21:36:19 +01:00
Moritz	7d0f5fde86	Replace for comprehension with explicit describe blocks ... Fix Credo parsing error by removing for comprehension. Duplicate tests for own_data, read_only, normal_user sets.	2026-01-22 21:36:16 +01:00
Moritz	56144a7696	Add role loading fallback to HasPermission check ... Extract ash_resource? helper to reduce nesting depth. Add ensure_role_loaded fallback for unloaded actor roles.	2026-01-22 21:36:10 +01:00
Moritz	93216f3ee6	Harden NoActor check with runtime environment guard ... Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.	2026-01-22 21:36:09 +01:00