local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
970 commits 13 branches 0 tags 7.9 MiB
Commit graph

970 commits

This branch
This branch
All branches
Author SHA1 Message Date
carla
bf7e47ce5c
refactor 2026-01-25 17:31:42 +01:00
carla
04b0916c1e
refactor 2026-01-25 17:30:07 +01:00
carla
092fd99d48
fat: adds csv import live view to settings 2026-01-25 17:30:03 +01:00
carla
bf9e47b257
test: adds live view csv import tests 2026-01-25 17:22:28 +01:00
moritz
d1a1772e12 Merge pull request 'Seed Data - Roles and Default Assignment closes #365' (#368) from feature/365_seed_roles into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #368
 2026-01-25 17:21:02 +01:00
Moritz
bdd2e6e103 Fix: Don't cache nil in default_role_id to prevent bootstrap issues
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Only cache non-nil role_id values to allow retry after role creation
- Prevents processes from being permanently stuck with nil if first call
  happens before the 'Mitglied' role exists
- Update documentation to explain bootstrap safety mechanism
 2026-01-25 17:11:05 +01:00
Moritz
2d446f63ea
Add NOT NULL constraint to users.role_id and optimize default_role_id
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add database-level NOT NULL constraint for users.role_id
- Update SystemActor tests to verify NOT NULL constraint enforcement
- Add process dictionary caching for default_role_id/0 to reduce DB queries
 2026-01-25 17:04:48 +01:00
Moritz
86c8b23c77
chore: increase test timeout and cleanup unused code
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-25 13:42:54 +01:00
Moritz
8f3fd9d0d7
test: adapt tests for attribute-level default solution 2026-01-25 13:42:45 +01:00
Moritz
e7bf777be2
refactor: remove AssignDefaultRole change module 
The attribute-level default solution makes this change module obsolete.
All role assignment is now handled via the role_id attribute's default
function, which is more robust and works for all creation paths.
 2026-01-25 13:42:35 +01:00
Moritz
a9b1d794d2
fix: bind role_name variable before using in Ash.Query.filter 
Avoid macro pinning issues by binding role_data.name to role_name
before using it in the filter query.
 2026-01-25 13:42:28 +01:00
Moritz
e982271880
fix: improve migration to create 'Mitglied' role if missing 
Make migration more robust by creating the 'Mitglied' role if it doesn't
exist, ensuring it works regardless of seed execution order.
 2026-01-25 13:42:19 +01:00
Moritz
6ad777860d
feat: implement attribute-level default for role_id assignment 
Replace action-level changes with attribute default function to ensure
all users get the 'Mitglied' role regardless of creation path.
 2026-01-25 13:41:46 +01:00
Moritz
21b63cbe86
Add comprehensive tests for default role assignment
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-24 19:16:57 +01:00
Moritz
3b5b5044fb
Add test support for default role assignment 2026-01-24 19:16:43 +01:00
Moritz
9557d8ae6b
Update seeds to create all 5 authorization roles 2026-01-24 19:16:35 +01:00
Moritz
0dbbc96353
Integrate AssignDefaultRole change into user creation actions 2026-01-24 19:16:20 +01:00
Moritz
4b10fd2702
Add AssignDefaultRole change for automatic role assignment 
- Assigns 'Mitglied' role to new users if no role is set
 2026-01-24 19:15:56 +01:00
Moritz
5c0786ebca
Fix HasPermission check to handle nil member_id gracefully 2026-01-24 19:15:46 +01:00
Moritz
403eda3908
Add Role helper function and create_role_with_system_flag action 
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
 2026-01-24 19:15:05 +01:00
Moritz
c7e0181e02
Add migration to assign 'Mitglied' role to existing users 2026-01-24 19:14:51 +01:00
moritz
9fe872ee58 Merge pull request '[Refactor] Remove NoActor bypass' (#367) from refactor/remove_noactor into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #367
 2026-01-24 14:56:44 +01:00
Moritz
ef6cf1b2d4
Remove unused allow_no_actor_bypass config option
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-24 11:59:39 +01:00
Moritz
b545d2b9e1
Remove NoActor module, improve Member validation, update docs 2026-01-24 11:59:18 +01:00
Moritz
71c13d0ac0
Fix missing actor parameters and restore AshAuthentication bypass tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-24 08:51:58 +01:00
Moritz
15a7c615d6
Fix rebase conflict: Add actor parameter to helper functions in index_test.exs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-24 02:39:28 +01:00
Moritz
fcca4b0b89
Use admin_user instead of system_actor in LiveView tests 2026-01-24 02:21:10 +01:00
Moritz
195f1dbc88
Fix test db connections: increase pool size and timeout 2026-01-24 02:21:10 +01:00
Moritz
bebd7f6fe2
Fix tests: Remove redundant system_actor and update test descriptions 2026-01-24 02:21:09 +01:00
Moritz
d8187484b8
Fix tests: Add missing actor parameters to Ash operations 2026-01-24 02:21:09 +01:00
Moritz
b9d68a3417
Fix test helpers: Use actor parameter correctly 2026-01-24 02:21:09 +01:00
Moritz
c5a48d8801
Fix tests: Remove duplicate actor keyword arguments 2026-01-24 02:21:09 +01:00
Moritz
9e20766ef2
Use authorize?: false for integrity checks in validations 2026-01-24 02:21:09 +01:00
Moritz
d9eb131d96
Update documentation: Remove NoActor bypass references 2026-01-24 02:21:08 +01:00
Moritz
0f48a9b15a
Add actor parameter to all tests requiring authorization 
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
 2026-01-24 02:21:02 +01:00
Moritz
686f69c9e9
Add authorize?: false to SystemActor bootstrap operations 
- Role lookup and creation (find_admin_role, create_admin_role)
- System user creation and role assignment
- Role loading during initialization
 2026-01-24 02:12:31 +01:00
Moritz
e72b7ab2e8
Remove NoActor bypass from User and Member policies 
This removes the NoActor bypass that was masking authorization bugs in tests.
All operations now require an explicit actor for authorization.
 2026-01-24 02:12:31 +01:00
simon
b6992f8488 Merge pull request 'Add boolean custom field filters to member overview closes #309' (#362) from feature/filter-boolean-custom-fields into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #362
 2026-01-23 14:53:05 +01:00
Simon
1b44730b95
Fix: Ensure members are loaded in handle_params when signature unchanged
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-23 14:48:37 +01:00
Simon
672b4a8250
Merge branch 'main' into feature/filter-boolean-custom-fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:41:48 +01:00
Simon
20c96123e1
fix: failing test
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:33:54 +01:00
Simon
1d46fd1baf
feat: improve filter performance by reducing Ash.read! calls
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:22:57 +01:00
Simon
b4657cae23
fix: resolve pr remarks 2026-01-23 14:00:18 +01:00
Moritz
c98ad4085a
docs: add authorization bootstrap patterns section
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Document the three authorization bypass mechanisms and when to use each:
- NoActor (test-only bypass)
- system_actor (systemic operations)
- authorize?: false (bootstrap scenarios)
 2026-01-23 02:53:20 +01:00
Moritz
41e342a1d6 Fix OIDC account linking by using SystemActor in LinkOidcAccountLive
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add SystemActor to all Ash operations in LinkOidcAccountLive
- Enables user lookup, reload, and oidc_id linking during OIDC flow
- User is not yet logged in during linking, so SystemActor provides authorization
 2026-01-23 02:14:59 +01:00
Moritz
bad4e5ca7c Fix OIDC login by using SystemActor in OidcEmailCollision validation 
- Add SystemActor to Ash.read_one() calls in OidcEmailCollision validation
- Prevents authorization failures during OIDC registration when no actor is logged in
- Enables proper email collision detection and account linking flow
 2026-01-23 02:12:53 +01:00
Moritz
079d270768 Fix authorization bypass in seeds and validations
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add authorize?: false to all bootstrap operations in seeds.exs
- Fix user-linking validation to respect authorize? context flag
- Prevents authorization errors during initial setup when no actor exists yet
 2026-01-23 02:08:11 +01:00
moritz
67b5d623cf Merge pull request 'User Resource Policies closes #363' (#364) from feature/363_user_policies into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #364
 2026-01-22 23:24:36 +01:00
Moritz
427608578f Restrict Actor.ensure_loaded to Mv.Accounts.User only
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
 2026-01-22 23:17:55 +01:00
Moritz
d114554d52 Fix remaining runtime guard references in CODE_GUIDELINES 
Remove mentions of runtime guards - only compile-time config is used.
Clarify that production safety comes from config defaults.
 2026-01-22 23:12:33 +01:00