ae6e26e487
Sync user email to member when changing password (admin_set_password)
...
continuous-integration/drone/push Build is passing
Add SyncUserEmailToMember change to admin_set_password so email+password
updates in the user form sync the new email to the linked member.
2026-01-27 16:14:06 +01:00
b5b2317d69
Add gettext strings for system actor show/edit redirect messages
...
continuous-integration/drone/push Build is failing
German: Dieser Benutzer kann nicht angezeigt/bearbeitet werden.
2026-01-27 16:08:40 +01:00
86c1ab8462
Add tests for system actor protection and hiding
...
Index: system actor not in list, destroy returns Ash.Error.Invalid. Show/Form:
redirect to /users when viewing or editing system actor user.
2026-01-27 16:08:40 +01:00
56bf411756
Hide system actor from user list and block show/edit
...
Index: filter out SystemActor.system_user_email() in query. Show/Form:
redirect to /users with flash when viewing or editing system actor user.
Index format_error: handle Ash errors without :message field.
2026-01-27 16:08:40 +01:00
55f322a09b
Prevent deletion of system actor user
...
Add destroy validation and explicit destroy action (primary, require_atomic? false).
Validation blocks destroy when email == SystemActor.system_user_email().
2026-01-27 16:08:40 +01:00
63377717e4
Ensure system actor user exists via migration
...
Creates user system@mila.local with Admin role if missing. Idempotent;
guarantees system actor in production without relying on seeds.
2026-01-27 16:08:39 +01:00
b974e7d685
Merge pull request 'CustomFieldValue Resource Policies closes #369 ' ( #377 ) from feature/369_customfieldvalue_policies into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #377
2026-01-27 16:07:47 +01:00
bfe9fba2e0
Docs: document bypass read rule for CustomFieldValue pattern
...
continuous-integration/drone/push Build was killed
- Bypass action_type(:read) is production-side rule: reading own CFVs
always allowed, overrides Permission-Sets. Applies to get/list/load.
2026-01-27 16:07:01 +01:00
0219073d33
CFV policies test: system_actor for setup, verify destroy with actor
...
- create_linked_member_for_user and create_unlinked_member use actor
(system_actor) directly instead of creating admin user per call
- Remove create_admin_user helper
- After destroy, verify with Ash.get(..., actor: actor) to avoid
false positive from Forbidden vs NotFound
2026-01-27 16:07:01 +01:00
4d3a249b0c
HasPermission: remove unused _authorizer from strict_check helper
2026-01-27 16:07:01 +01:00
3f95a2dd84
CustomFieldValue: remove unused require Ash.Query
2026-01-27 16:07:01 +01:00
7153af23ee
CustomFieldValueCreateScope: use get_argument_or_attribute for member_id
...
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
2026-01-27 16:07:01 +01:00
9e6c79bf40
chore: remove start-database from test action
2026-01-27 16:07:01 +01:00
db95979bf5
Document CustomFieldValue policies and own_data create/destroy in architecture
...
Update roles-and-permissions-architecture.md with policy layout and
permission matrix for CustomFieldValue (linked).
2026-01-27 16:07:01 +01:00
4e032ea778
Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin)
...
Covers read/update/create/destroy for linked vs unlinked members and CRUD
permissions per permission set.
2026-01-27 16:07:01 +01:00
17831a0948
Pass actor to CustomFieldValue destroy and load in existing tests
...
Required after CustomFieldValue gained authorization policies.
2026-01-27 16:07:01 +01:00
bf2d0352c1
Add authorization policies to CustomFieldValue resource
...
- Authorizer and policies: bypass for read (member_id == actor.member_id),
CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
must use a dedicated check (no filter).
2026-01-27 16:07:01 +01:00
c7c6b318ac
Add CustomFieldValueCreateScope check for create actions
...
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
2026-01-27 16:07:01 +01:00
8f5f69744c
Add CustomFieldValue create/destroy :linked to own_data permission set
...
Allows members to create and delete custom field values for their linked member.
2026-01-27 16:07:01 +01:00
8dd216f58f
Merge pull request 'Add groups concept to docs closes #307 ' ( #370 ) from feature/#307-concept-groups into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #370
2026-01-27 13:15:12 +01:00
b128ffb51c
docs: add groups concept
continuous-integration/drone/push Build is passing
2026-01-27 13:04:27 +01:00
d1f70e2877
Merge pull request 'ImplementsCSV Import UI closes #335 ' ( #359 ) from feature/335_csv_import_ui into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #359
2026-01-25 18:45:07 +01:00
5195fd0d45
Fix missing max_errors assign in GlobalSettingsLive
...
continuous-integration/drone/push Build is passing
Set max_errors as socket assign in mount/3 to make it
available in templates. Fixes KeyError in CSV import UI.
2026-01-25 18:36:33 +01:00
1d0ac6d280
Improve CSV import error messages
...
Include email address in duplicate email error messages.
Add German translation for email uniqueness errors.
Ensure locale is set for translations in async tasks.
2026-01-25 18:33:28 +01:00
5acb5e304d
Fix CSV upload file reading
...
Handle consume_uploaded_entries returning [content] directly
instead of [{:ok, content}]. Add locale support for translations
in background tasks.
2026-01-25 18:33:27 +01:00
562265f212
Security: Require actor parameter in CSV import
...
Remove fallback to system_actor in process_chunk to prevent
unauthorized access. Actor must now be explicitly provided.
2026-01-25 18:33:25 +01:00
79361c72d2
fix tests and linting
2026-01-25 17:31:49 +01:00
56f3054992
i18n: add translations
2026-01-25 17:31:49 +01:00
b841c306fc
formatting
2026-01-25 17:31:49 +01:00
0fe4a55e80
formatting and refactoring
2026-01-25 17:31:48 +01:00
bf7e47ce5c
refactor
2026-01-25 17:31:42 +01:00
04b0916c1e
refactor
2026-01-25 17:30:07 +01:00
092fd99d48
fat: adds csv import live view to settings
2026-01-25 17:30:03 +01:00
bf9e47b257
test: adds live view csv import tests
2026-01-25 17:22:28 +01:00
d1a1772e12
Merge pull request 'Seed Data - Roles and Default Assignment closes #365 ' ( #368 ) from feature/365_seed_roles into main
...
continuous-integration/drone/push Build is passing
Reviewed-on: #368
2026-01-25 17:21:02 +01:00
bdd2e6e103
Fix: Don't cache nil in default_role_id to prevent bootstrap issues
...
continuous-integration/drone/push Build is passing
- Only cache non-nil role_id values to allow retry after role creation
- Prevents processes from being permanently stuck with nil if first call
happens before the 'Mitglied' role exists
- Update documentation to explain bootstrap safety mechanism
2026-01-25 17:11:05 +01:00
2d446f63ea
Add NOT NULL constraint to users.role_id and optimize default_role_id
...
continuous-integration/drone/push Build is passing
- Add database-level NOT NULL constraint for users.role_id
- Update SystemActor tests to verify NOT NULL constraint enforcement
- Add process dictionary caching for default_role_id/0 to reduce DB queries
2026-01-25 17:04:48 +01:00
86c8b23c77
chore: increase test timeout and cleanup unused code
continuous-integration/drone/push Build is passing
2026-01-25 13:42:54 +01:00
8f3fd9d0d7
test: adapt tests for attribute-level default solution
2026-01-25 13:42:45 +01:00
e7bf777be2
refactor: remove AssignDefaultRole change module
...
The attribute-level default solution makes this change module obsolete.
All role assignment is now handled via the role_id attribute's default
function, which is more robust and works for all creation paths.
2026-01-25 13:42:35 +01:00
a9b1d794d2
fix: bind role_name variable before using in Ash.Query.filter
...
Avoid macro pinning issues by binding role_data.name to role_name
before using it in the filter query.
2026-01-25 13:42:28 +01:00
e982271880
fix: improve migration to create 'Mitglied' role if missing
...
Make migration more robust by creating the 'Mitglied' role if it doesn't
exist, ensuring it works regardless of seed execution order.
2026-01-25 13:42:19 +01:00
6ad777860d
feat: implement attribute-level default for role_id assignment
...
Replace action-level changes with attribute default function to ensure
all users get the 'Mitglied' role regardless of creation path.
2026-01-25 13:41:46 +01:00
21b63cbe86
Add comprehensive tests for default role assignment
continuous-integration/drone/push Build is passing
2026-01-24 19:16:57 +01:00
3b5b5044fb
Add test support for default role assignment
2026-01-24 19:16:43 +01:00
9557d8ae6b
Update seeds to create all 5 authorization roles
2026-01-24 19:16:35 +01:00
0dbbc96353
Integrate AssignDefaultRole change into user creation actions
2026-01-24 19:16:20 +01:00
4b10fd2702
Add AssignDefaultRole change for automatic role assignment
...
- Assigns 'Mitglied' role to new users if no role is set
2026-01-24 19:15:56 +01:00
5c0786ebca
Fix HasPermission check to handle nil member_id gracefully
2026-01-24 19:15:46 +01:00
403eda3908
Add Role helper function and create_role_with_system_flag action
...
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
2026-01-24 19:15:05 +01:00
