local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1188 commits 13 branches 0 tags 7.9 MiB
Commit graph

18 commits

Author SHA1 Message Date
Moritz
5194b20b5c
Fix unlink-by-omission: on_missing :ignore, test, doc, string-key
Some checks failed
continuous-integration/drone/push Build is failing
Details 
- Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted)
- Test: normal_user update linked member without :user keeps link
- Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note
- Check: defense-in-depth for "user" string key
 2026-02-04 14:07:39 +01:00
Moritz
543fded102
Harden member user-link check: argument presence, nil actor, policy scope 
- Forbid on :user argument presence (not value) to block unlink via nil/empty
- Defensive nil actor handling; policy restricted to create/update only
- Test: Ash.load with actor; test non-admin cannot unlink via user: nil
- Docs: unlink behaviour and policy split
 2026-02-04 14:07:39 +01:00
Moritz
54e419ed4c
Docs: permission hardening Role and member user link 
Role: Ash policies (HasPermission); read for all, create/update/destroy admin only.
User–member link: only admins may set :user on Member create/update (ForbidMemberUserLinkUnlessAdmin).
 2026-02-04 14:07:39 +01:00
Moritz
c035d0f141 Docs: groups and roles/permissions architecture, Group moduledoc
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- groups-architecture: normal_user and admin can manage groups.
- roles-and-permissions: matrix and MembershipFeeCycle :linked for own_data.
- group_policies_test: update moduledoc.
 2026-02-04 09:20:26 +01:00
Moritz
893f9453bd Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
 2026-02-03 23:52:09 +01:00
Moritz
6e13a3aa34
Docs: note User-Member Linking enforcement in code
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:28:41 +01:00
Moritz
36b5d5880b Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 16:10:12 +01:00
Moritz
bfe9fba2e0 Docs: document bypass read rule for CustomFieldValue pattern
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
- Bypass action_type(:read) is production-side rule: reading own CFVs
  always allowed, overrides Permission-Sets. Applies to get/list/load.
 2026-01-27 16:07:01 +01:00
Moritz
db95979bf5 Document CustomFieldValue policies and own_data create/destroy in architecture 
Update roles-and-permissions-architecture.md with policy layout and
permission matrix for CustomFieldValue (linked).
 2026-01-27 16:07:01 +01:00
Moritz
d9eb131d96
Update documentation: Remove NoActor bypass references 2026-01-24 02:21:08 +01:00
Moritz
c98ad4085a
docs: add authorization bootstrap patterns section
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Document the three authorization bypass mechanisms and when to use each:
- NoActor (test-only bypass)
- system_actor (systemic operations)
- authorize?: false (bootstrap scenarios)
 2026-01-23 02:53:20 +01:00
Moritz
811a276d92 Update documentation for User credentials strategy
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Clarify that User.update :own is handled by HasPermission.
Fix file path references from lib/mv/accounts to lib/accounts.
 2026-01-22 21:36:22 +01:00
Moritz
5506b5b2dc docs(auth): document User policies and bypass pattern
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Add bypass vs HasPermission pattern documentation
Update architecture and implementation plan docs
 2026-01-22 19:19:27 +01:00
Moritz
58c088833a
chore: update docs 2026-01-20 14:10:41 +01:00
Moritz
b3eb6c9223
Docs: Correct :linked scope documentation 2026-01-13 15:01:55 +01:00
Moritz
19a20635a7
docs: update documentation to use CustomFieldValue/CustomField instead of Property/PropertyType 2026-01-06 21:34:07 +01:00
Moritz
a19026e430
docs: update roles and permissions architecture and implementation plan
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-11-13 16:17:01 +01:00
Moritz
1084f67f1f
docs: Add roles and permissions architecture and implementation plan 
Complete RBAC system design with permission sets, Ash policies, and UI authorization.
Implementation broken down into 18 issues across 4 sprints with TDD approach.
Includes database schema, caching strategy, and comprehensive test coverage.
 2025-11-13 13:43:58 +01:00