290 commits

Author	SHA1	Message	Date
carla	3415faeb21	Merge branch 'main' into feature/337_polish_import	2026-02-04 16:28:55 +01:00
carla	d34ff57531	refactor	2026-02-04 15:52:00 +01:00
Moritz	24d130ffb5	OIDC: use UserHelpers.has_oidc? in index and show ... - Index OIDC column and show OIDC item use has_oidc? instead of raw oidc_id. - Avoids empty string showing as Linked.	2026-02-04 11:40:21 +01:00
Moritz	d7c6d20483	User form: red warning for OIDC users when setting/changing password ... - Show alert when user has oidc_id and password section is visible. - Explains that password here does not change SSO/identity provider password.	2026-02-04 11:07:01 +01:00
Moritz	c6082f2831	Users list and show: Role, Password, OIDC columns; UserHelpers ... - Index: load :role; columns Role, Password (has_password?), OIDC; contrast fix. - Show: Role, OIDC (Linked/Not linked); has_password? for Password Authentication. - UserHelpers: has_password?/1, has_oidc?/1. Gettext: new strings and DE translations.	2026-02-04 11:06:52 +01:00
Moritz	7eba21dc9c	Hide Regenerate Cycles button when no membership fee type assigned ... - Button only shown when @member.membership_fee_type is set (same as Create Cycle). - Test: no-type view asserts Regenerate Cycles button is not present.	2026-02-04 09:38:26 +01:00
Moritz	dbd0a57292	Secure regenerate_cycles: require can?(:create, MembershipFeeCycle) in handler ... - Handler returns flash error when non-admin triggers event (e.g. DevTools). - Test: read_only cannot create MembershipFeeCycle so handler rejects.	2026-02-04 09:19:37 +01:00
Moritz	182d34fe58	MemberLive: confirm_delete_all_cycles via Ash.destroy, reduce current_actor ... - Delete each cycle with Ash.destroy(actor:) so policies apply; add do_delete_all_cycles/5. - Use positive can? check; remove duplicate current_actor(socket) in change_membership_fee_type.	2026-02-04 00:34:00 +01:00
Moritz	101fd39f18	Fee settings and fee type form: pass actor for MembershipFeeType read ... - membership_fee_settings_live: current_actor(socket), Ash.read! with actor - membership_fee_type_live/form: Ash.get! with actor in mount - check_page_permission_test: normal_user /groups/new and /groups/:slug/edit allowed - membership_fee_type_live form_test: actor for Ash.read_one!/get!	2026-02-03 23:52:27 +01:00
Moritz	e3bea17827	Member show & MembershipFees: permissions, delete all, regenerate, errors ... - Show: handle_info :member_updated and :put_flash; Linked User only when can_access_page? /users - MembershipFeesComponent: can_create_cycle/can_destroy_cycle/can_update_cycle; buttons gated - Delete all cycles via Ash.destroy (policy enforced); format_error Forbidden - Regenerate cycles for normal_user and admin (no admin-only check) - Member form: format_error tuple for membership_fee_type_id; Select a membership fee type (no None) - show_membership_fees_test: read_only UI and policy tests	2026-02-03 23:52:24 +01:00
Moritz	8ec4a07103	User form: persist role, member linking, Forbidden handling ... - User resource: update_user accepts role_id, manage_relationship :member - user_live/form: touch role_id, params_with_member_if_unchanged to avoid unlink - Handle Forbidden in form, extract error message for display - user_policies_test and form_test coverage	2026-02-03 23:52:20 +01:00
Moritz	ee6bfbacbb	User LiveViews: row_id and data-testid for actions ... Table row_id for scoped selectors; data-testid on New/Edit/Delete.	2026-02-03 17:16:13 +01:00
Moritz	a4b13cef49	Member LiveViews: row_id and data-testid for actions ... Table row_id for scoped selectors; data-testid on New/Edit/Delete.	2026-02-03 17:16:11 +01:00
Moritz	2f67c7099d	Apply UI authorization to User LiveViews (Index and Show) ... Gate New User button, Edit and Delete links with can?/3. Edit button on User Show visible only when user can update the user.	2026-02-03 16:56:51 +01:00
Moritz	505e31653a	Apply UI authorization to Member LiveViews (Index and Show) ... Gate New Member button, Edit and Delete links with can?/3. Edit button on Member Show visible only when user can update the member.	2026-02-03 16:56:51 +01:00
carla	7041aa320a	refactor	2026-02-03 15:23:35 +01:00
carla	6aba54df68	feat: move import/export to own section	2026-02-03 14:19:36 +01:00
carla	71db9cf3c1	formatting	2026-02-02 13:54:27 +01:00
carla	9e27de84cb	Merge branch 'main' into feature/338_import_custom_fields	2026-02-02 13:46:05 +01:00
carla	f5591c392a	i18n: add translation	2026-02-02 13:42:16 +01:00
carla	3f8797c356	feat: import custom fields via CSV	2026-02-02 11:42:07 +01:00
carla	e74154581c	feat: changes UI info based on config for limits	2026-02-02 10:10:02 +01:00
carla	3f551c5f8d	feat: add configs for impor tlimits	2026-02-02 09:49:13 +01:00
Moritz	6e13a3aa34	Docs: note User-Member Linking enforcement in code ... - update_user restricted via ActorIsAdmin; Form gates Member-Linking UI	2026-01-30 11:28:41 +01:00
Moritz	06d6531569	UserLive.Form: gate Member-Linking to admin, use :update for non-admin ... - Show Member-Linking UI only when can_manage_member_linking (admin) - perform_member_link_action runs only for admin - assign_form: non-admin uses :update (email), admin uses :update_user - Load members for linking only when can_manage_member_linking	2026-01-30 11:13:28 +01:00
Moritz	5a2f035ecc	CustomField policies: actor required, no system-actor fallback, error handling ... - list_required_custom_fields: require actor (two clauses, no default) - Member validation: use context.actor only, differentiate Forbidden vs transient errors - stream_custom_fields: log + send flash on error instead of returning [] - GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash - Seeds: use Membership.update_member with actor, format	2026-01-29 16:10:12 +01:00
Moritz	9a7622ebed	fix: pass actor to CustomFieldLive.FormComponent for save ... IndexComponent now passes actor to FormComponent; FormComponent uses assigns[:actor] instead of current_actor(socket). Add test that submits new custom field form on settings page.	2026-01-29 16:10:12 +01:00
Moritz	1d17c4f2dd	fix: CustomField policies, no system-actor fallback, guidelines ... - Tests and UI pass actor for CustomField create/read/destroy; seeds use actor - Member required-custom-fields validation uses context.actor only (no fallback) - CODE_GUIDELINES: add rule forbidding system-actor fallbacks	2026-01-29 16:10:12 +01:00
Simon	b4adf63e83	feix: optimize queries for groups	2026-01-29 15:22:40 +01:00
Simon	124ab295a6	fix: select all checkbox handling	2026-01-29 15:14:36 +01:00
Simon	bb7e3cbe77	fix: make sure all tests run	2026-01-29 14:49:39 +01:00
Simon	59aefe9521	fix: minor bugs	2026-01-28 10:45:05 +01:00
Simon	ddc8335cc0	refactor: improve groups LiveView based on code review feedback	2026-01-28 10:33:27 +01:00
Simon	3eb4cde0b7	Merge remote-tracking branch 'origin/main' into feature/372-groups-management	2026-01-27 23:48:31 +01:00
Simon	9991291b2f	test: adapt tests to reflect implementation details	2026-01-27 23:40:12 +01:00
Simon	5e0b6580ae	refactor: fix credo warnings, update gettext	2026-01-27 22:32:37 +01:00
Simon	05c81af6e9	feat: add groups to sidebar #372	2026-01-27 22:05:21 +01:00
Simon	6faa9847f4	feat: add groups administration #372	2026-01-27 21:55:17 +01:00
Moritz	cbcb93418e	feat(user_live): handle system user in form and show ... Early return / load_user_or_redirect, use system_user? to avoid editing system actor.	2026-01-27 17:39:04 +01:00
Moritz	41bc031cc6	refactor(web): extract format_ash_error to MvWeb.ErrorHelpers ... Use shared ErrorHelpers in UserLive.Index for consistent Ash error formatting.	2026-01-27 17:39:04 +01:00
Moritz	8ad5201e1a	Hide system actor from user list and block show/edit ... Index: filter out SystemActor.system_user_email() in query. Show/Form: redirect to /users with flash when viewing or editing system actor user. Index format_error: handle Ash errors without :message field.	2026-01-27 17:39:04 +01:00
Moritz	5195fd0d45	Fix missing max_errors assign in GlobalSettingsLive ... Set max_errors as socket assign in mount/3 to make it available in templates. Fixes KeyError in CSV import UI.	2026-01-25 18:36:33 +01:00
Moritz	5acb5e304d	Fix CSV upload file reading ... Handle consume_uploaded_entries returning [content] directly instead of [{:ok, content}]. Add locale support for translations in background tasks.	2026-01-25 18:33:27 +01:00
carla	79361c72d2	fix tests and linting	2026-01-25 17:31:49 +01:00
carla	b841c306fc	formatting	2026-01-25 17:31:49 +01:00
carla	0fe4a55e80	formatting and refactoring	2026-01-25 17:31:48 +01:00
carla	bf7e47ce5c	refactor	2026-01-25 17:31:42 +01:00
carla	04b0916c1e	refactor	2026-01-25 17:30:07 +01:00
carla	092fd99d48	fat: adds csv import live view to settings	2026-01-25 17:30:03 +01:00
Moritz	86c8b23c77	chore: increase test timeout and cleanup unused code	2026-01-25 13:42:54 +01:00