local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1184 commits 13 branches 0 tags 7.9 MiB
Commit graph

1184 commits

This branch
This branch
All branches
Author SHA1 Message Date
Moritz
c4459ebb92 Docs, gettext, and remaining test updates
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- groups-architecture and membership-fee-architecture docs
- Gettext: add/correct German for authorization and membership fee type
- membership_fee_helpers_test and membership_fee_status_test adjustments
 2026-02-03 23:52:31 +01:00
Moritz
101fd39f18 Fee settings and fee type form: pass actor for MembershipFeeType read 
- membership_fee_settings_live: current_actor(socket), Ash.read! with actor
- membership_fee_type_live/form: Ash.get! with actor in mount
- check_page_permission_test: normal_user /groups/new and /groups/:slug/edit allowed
- membership_fee_type_live form_test: actor for Ash.read_one!/get!
 2026-02-03 23:52:27 +01:00
Moritz
e3bea17827 Member show & MembershipFees: permissions, delete all, regenerate, errors 
- Show: handle_info :member_updated and :put_flash; Linked User only when can_access_page? /users
- MembershipFeesComponent: can_create_cycle/can_destroy_cycle/can_update_cycle; buttons gated
- Delete all cycles via Ash.destroy (policy enforced); format_error Forbidden
- Regenerate cycles for normal_user and admin (no admin-only check)
- Member form: format_error tuple for membership_fee_type_id; Select a membership fee type (no None)
- show_membership_fees_test: read_only UI and policy tests
 2026-02-03 23:52:24 +01:00
Moritz
8ec4a07103 User form: persist role, member linking, Forbidden handling 
- User resource: update_user accepts role_id, manage_relationship :member
- user_live/form: touch role_id, params_with_member_if_unchanged to avoid unlink
- Handle Forbidden in form, extract error message for display
- user_policies_test and form_test coverage
 2026-02-03 23:52:20 +01:00
Moritz
5ed41555e9 Member/Setting/validations: domain, actor, and seeds 
- setting.ex: domain/authorize for default_membership_fee_type_id check
- validate_same_interval: require membership_fee_type (no None)
- set_membership_fee_start_date: domain/actor for fee type lookup
- Validations: domain/authorize for cross-resource checks
- helpers.ex, email_sync change, seeds.exs actor/authorize fixes
- Update related tests
 2026-02-03 23:52:16 +01:00
Moritz
5889683854 Add resource policies for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Group/MemberGroup/MembershipFeeType/MembershipFeeCycle: HasPermission policy
- normal_user: Group and MembershipFeeCycle create/update/destroy; pages /groups/new, /groups/:slug/edit
- Add policy tests for all four resources
 2026-02-03 23:52:12 +01:00
Moritz
893f9453bd Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
 2026-02-03 23:52:09 +01:00
moritz
36b7031dca Merge pull request 'chore(deps): update renovate/renovate docker tag to v42.95' (#393) from renovate/renovate-renovate-42.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #393
 2026-02-03 19:52:08 +01:00
Renovate Bot
fa5afba6ba chore(deps): update renovate/renovate docker tag to v42.95
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2026-02-03 19:51:42 +01:00
moritz
0c313824fb Merge pull request 'chore(deps): update ghcr.io/sebadob/rauthy docker tag to v0.34.2' (#391) from renovate/ghcr.io-sebadob-rauthy-0.x into main
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
Reviewed-on: #391
 2026-02-03 19:51:09 +01:00
Renovate Bot
f45ae66f18 chore(deps): update ghcr.io/sebadob/rauthy docker tag to v0.34.2
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2026-02-03 19:49:48 +01:00
moritz
c2bafe4acf Merge pull request 'Apply UI Authorization to Existing LiveViews closes #400' (#403) from feature/400_ui_authorization into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #403
 2026-02-03 17:30:15 +01:00
Moritz
cbc9376b7b Tests: data-testid selectors, scoped delete, sidebar testid
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
Member/User auth tests use data-testid and #row-id selectors.
Sidebar auth tests assert on data-testid=sidebar-administration.
Sidebar test expects data-testid in expanded-menu-group markup.
 2026-02-03 17:16:15 +01:00
Moritz
ee6bfbacbb User LiveViews: row_id and data-testid for actions 
Table row_id for scoped selectors; data-testid on New/Edit/Delete.
 2026-02-03 17:16:13 +01:00
Moritz
a4b13cef49 Member LiveViews: row_id and data-testid for actions 
Table row_id for scoped selectors; data-testid on New/Edit/Delete.
 2026-02-03 17:16:11 +01:00
Moritz
286972964d CoreComponents: allow data-testid on button 
Include data-testid in button rest for test selectors.
 2026-02-03 17:16:10 +01:00
Moritz
c36812bf3f Authorization: document can_access_page? nil-safety 
Doc and example for nil user returning false.
 2026-02-03 17:16:09 +01:00
Moritz
2ddd22078d Sidebar: use PagePaths, add testid for Administration 
Gate menu items via PagePaths; add data-testid=sidebar-administration
for stable tests. menu_group accepts optional testid attr.
 2026-02-03 17:16:08 +01:00
Moritz
9e8910344e Add MvWeb.PagePaths for central sidebar/page paths 
Single source for path strings used by Sidebar and can_access_page?.
Keep in sync with router when routes change.
 2026-02-03 17:16:07 +01:00
Moritz
1426ef1d38
Add sidebar authorization tests
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Assert menu visibility per role: admin, read_only, normal_user,
own_data, nil user, user without role.
 2026-02-03 16:56:52 +01:00
Moritz
f779fd61e0
Gate sidebar menu items by can_access_page? 
Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.
 2026-02-03 16:56:52 +01:00
Moritz
cc9e530d80
Add User LiveView authorization tests 
Covers admin, read_only, member, normal_user for Index and Show.
Asserts New User / Edit / Delete visibility and redirect for non-admin.
 2026-02-03 16:56:51 +01:00
Moritz
2f67c7099d
Apply UI authorization to User LiveViews (Index and Show) 
Gate New User button, Edit and Delete links with can?/3.
Edit button on User Show visible only when user can update the user.
 2026-02-03 16:56:51 +01:00
Moritz
5e361ba400
Add Member LiveView authorization tests 
Covers read_only, normal_user, admin, own_data for Index and Show.
Asserts New Member / Edit / Delete visibility and redirect for Mitglied.
 2026-02-03 16:56:51 +01:00
Moritz
505e31653a
Apply UI authorization to Member LiveViews (Index and Show) 
Gate New Member button, Edit and Delete links with can?/3.
Edit button on Member Show visible only when user can update the member.
 2026-02-03 16:56:51 +01:00
moritz
d3ad7c5013 Merge pull request 'Member Email Validation for Linked Members closes #397' (#399) from feature/397_emailsync_permission into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #399
 2026-02-03 16:35:40 +01:00
Moritz
131904f172
Test: assert on error field :email instead of message string
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-03 16:07:47 +01:00
Moritz
47b6a16177
Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin 2026-02-03 16:07:39 +01:00
Moritz
60a4181255
Validation: error message admin or linked user; resolve_actor fallback 2026-02-03 16:07:26 +01:00
Moritz
4e6b7305b6
Doc: Loader auth-independent for link checks; email-sync rule rationale 2026-02-03 16:07:13 +01:00
carla
e0f0ca369c i18n: updates translations 2026-02-03 15:29:31 +01:00
carla
7041aa320a refactor 2026-02-03 15:23:35 +01:00
carla
96daf2a089 docs: update changelog 2026-02-03 14:58:02 +01:00
carla
b2e9aff359 test: add tests
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-03 14:37:48 +01:00
Moritz
4ea31f0f37 Add email-change permission validation for linked members
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.
 2026-02-03 14:35:32 +01:00
Moritz
ad02f8914f Use EmailSync.Loader.get_linked_user in EmailNotUsedByOtherUser 
Remove duplicate get_linked_user_id; reuse Loader for linked user lookup.
 2026-02-03 14:35:08 +01:00
Moritz
3d46ba655f Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks 
- Actor.permission_set_name(actor) returns role's permission set (supports nil role load).
- Actor.admin?(actor) returns true for system user or admin permission set.
- ActorIsAdmin policy check delegates to Actor.admin?/1.
 2026-02-03 14:34:24 +01:00
carla
6aba54df68 feat: move import/export to own section 2026-02-03 14:19:36 +01:00
carla
c998d14b95 Merge pull request 'Implements custom field CSV import closes #338' (#395) from feature/338_import_custom_fields into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #395
 2026-02-02 17:05:29 +01:00
carla
960506d16a refactoring
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-02 16:56:07 +01:00
carla
aef3aa299f fix test
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-02 15:04:07 +01:00
carla
b21c3df7ef refactoring 2026-02-02 14:34:12 +01:00
carla
71db9cf3c1 formatting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:54:27 +01:00
carla
9e27de84cb Merge branch 'main' into feature/338_import_custom_fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:46:05 +01:00
carla
c56ca68922 docs: update docs
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:42:24 +01:00
carla
f5591c392a i18n: add translation 2026-02-02 13:42:16 +01:00
carla
aab5666f46 Merge pull request 'Adds config for import limits closes #336' (#394) from feature/336_import_auth into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #394
 2026-02-02 13:15:22 +01:00
carla
12715f3d85 refactoring 2026-02-02 13:07:08 +01:00
carla
86a3c4e50e tests: add tests for import 2026-02-02 13:07:00 +01:00
carla
3f8797c356 feat: import custom fields via CSV 2026-02-02 11:42:07 +01:00