b21c3df7ef
refactoring
2026-02-02 14:34:12 +01:00
9e27de84cb
Merge branch 'main' into feature/338_import_custom_fields
continuous-integration/drone/push Build is failing
2026-02-02 13:46:05 +01:00
12715f3d85
refactoring
2026-02-02 13:07:08 +01:00
3f8797c356
feat: import custom fields via CSV
2026-02-02 11:42:07 +01:00
4997819c73
feat: validate config
2026-02-02 10:22:21 +01:00
e74154581c
feat: changes UI info based on config for limits
2026-02-02 10:10:02 +01:00
3f551c5f8d
feat: add configs for impor tlimits
continuous-integration/drone/push Build is failing
2026-02-02 09:49:13 +01:00
6e13a3aa34
Docs: note User-Member Linking enforcement in code
...
continuous-integration/drone/push Build was killed
continuous-integration/drone/promote/production Build is failing
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
2026-01-30 11:28:41 +01:00
14fa873640
Restrict User.update_user to admin; allow :update for email only
...
- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit
2026-01-30 11:13:23 +01:00
d318dad612
Add /users/:id (own) and /members/:id/show/edit for redirect and normal_user
...
- read_only and normal_user: allow /users/:id, /users/:id/edit, /users/:id/show/edit (own only)
- normal_user: allow /members/:id/show/edit
- Fixes redirect loop when sidebar links to profile
2026-01-30 10:22:27 +01:00
626e8a872e
feat: restrict own_data to profile and linked member pages
...
- Remove "/" from own_data pages (Mitglied redirected to profile at root).
- Add /users/:id, /users/:id/edit, /users/:id/show/edit and member edit pages
for own_data so members can access own profile and linked member only.
2026-01-30 00:00:31 +01:00
3eb4cde0b7
Merge remote-tracking branch 'origin/main' into feature/372-groups-management
continuous-integration/drone/push Build is passing
2026-01-27 23:48:31 +01:00
6faa9847f4
feat: add groups administration #372
2026-01-27 21:55:17 +01:00
7d33acde9f
feat(system_actor): add system_user?/1 and normalize email
...
Case-insensitive email comparison for system-actor detection.
2026-01-27 17:39:04 +01:00
4d3a249b0c
HasPermission: remove unused _authorizer from strict_check helper
2026-01-27 16:07:01 +01:00
7153af23ee
CustomFieldValueCreateScope: use get_argument_or_attribute for member_id
...
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
2026-01-27 16:07:01 +01:00
bf2d0352c1
Add authorization policies to CustomFieldValue resource
...
- Authorizer and policies: bypass for read (member_id == actor.member_id),
CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
must use a dedicated check (no filter).
2026-01-27 16:07:01 +01:00
c7c6b318ac
Add CustomFieldValueCreateScope check for create actions
...
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
2026-01-27 16:07:01 +01:00
8f5f69744c
Add CustomFieldValue create/destroy :linked to own_data permission set
...
Allows members to create and delete custom field values for their linked member.
2026-01-27 16:07:01 +01:00
1d0ac6d280
Improve CSV import error messages
...
Include email address in duplicate email error messages.
Add German translation for email uniqueness errors.
Ensure locale is set for translations in async tasks.
2026-01-25 18:33:28 +01:00
562265f212
Security: Require actor parameter in CSV import
...
Remove fallback to system_actor in process_chunk to prevent
unauthorized access. Actor must now be explicitly provided.
2026-01-25 18:33:25 +01:00
bf7e47ce5c
refactor
2026-01-25 17:31:42 +01:00
04b0916c1e
refactor
2026-01-25 17:30:07 +01:00
092fd99d48
fat: adds csv import live view to settings
2026-01-25 17:30:03 +01:00
5c0786ebca
Fix HasPermission check to handle nil member_id gracefully
2026-01-24 19:15:46 +01:00
403eda3908
Add Role helper function and create_role_with_system_flag action
...
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
2026-01-24 19:15:05 +01:00
b545d2b9e1
Remove NoActor module, improve Member validation, update docs
2026-01-24 11:59:18 +01:00
0f48a9b15a
Add actor parameter to all tests requiring authorization
...
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
2026-01-24 02:21:02 +01:00
686f69c9e9
Add authorize?: false to SystemActor bootstrap operations
...
- Role lookup and creation (find_admin_role, create_admin_role)
- System user creation and role assignment
- Role loading during initialization
2026-01-24 02:12:31 +01:00
672b4a8250
Merge branch 'main' into feature/filter-boolean-custom-fields
continuous-integration/drone/push Build is failing
2026-01-23 14:41:48 +01:00
427608578f
Restrict Actor.ensure_loaded to Mv.Accounts.User only
...
continuous-integration/drone/push Build is passing
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
2026-01-22 23:17:55 +01:00
f3abade7ad
Add authorize?: false to Actor.ensure_loaded
...
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
2026-01-22 23:04:56 +01:00
e60bb6926f
Remove unused PolicyHelpers macro and PolicyConsistency test
...
continuous-integration/drone/push Build is passing
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
2026-01-22 22:37:09 +01:00
f2def20fce
Add centralized Actor.ensure_loaded helper
...
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
2026-01-22 22:37:07 +01:00
05c71132e4
Replace NoActor runtime Mix.env with compile-time config
...
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
2026-01-22 22:37:04 +01:00
a834bdc4ff
Add PolicyHelpers macro for standard user policies
...
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
2026-01-22 21:36:18 +01:00
f1e6a1e9db
Clarify User.update :own in permission sets
...
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
2026-01-22 21:36:11 +01:00
56144a7696
Add role loading fallback to HasPermission check
...
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
2026-01-22 21:36:10 +01:00
93216f3ee6
Harden NoActor check with runtime environment guard
...
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
2026-01-22 21:36:09 +01:00
429042cbba
feat(auth): add User resource authorization policies
...
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
2026-01-22 19:19:22 +01:00
d07f1984cd
Move require Logger to module level
...
continuous-integration/drone/push Build is passing
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
2026-01-21 08:35:34 +01:00
7e9de8e95b
Add logging for fail-open email uniqueness validations
...
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
2026-01-21 08:02:33 +01:00
006b1aaf06
Replace Mix.env() with Config.sql_sandbox?() in SystemActor
...
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
2026-01-21 08:02:31 +01:00
c5bd58e7d3
Add @spec type annotations to SystemActor functions
...
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
2026-01-20 23:16:39 +01:00
a3cf8571ff
Document System Actor pattern in code guidelines
...
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
2026-01-20 22:10:11 +01:00
c64b74588f
Use system actor for cycle generation
...
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
2026-01-20 22:09:20 +01:00
f0169c95b7
Use system actor for email uniqueness validation
...
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
2026-01-20 22:09:19 +01:00
8acd92e8d4
Use system actor for email synchronization
...
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
2026-01-20 22:09:18 +01:00
ddb1252831
Add System Actor helper for systemic operations
...
Introduce Mv.Helpers.SystemActor module with lazy loading
for operations that must always run regardless of user permissions.
System actor has admin role and auto-creates in test environment.
2026-01-20 22:09:16 +01:00
01dea8bb8b
Merge branch 'main' into feature/filter-boolean-custom-fields
continuous-integration/drone/push Build is failing
2026-01-20 18:13:20 +01:00
