local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1033 commits 13 branches 0 tags 7.9 MiB
Commit graph

1033 commits

This branch
This branch
All branches
Author SHA1 Message Date
Moritz
d77096c800
Tests: use code interface for Member create/update (actor propagation)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-29 15:54:57 +01:00
Moritz
66f1965af4
CustomField policies: actor required, no system-actor fallback, error handling 
- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format
 2026-01-29 15:54:27 +01:00
Moritz
9728ff6e2f
Add gettext strings for custom field load error and not authorized 2026-01-29 15:54:19 +01:00
Moritz
2931632aa8 fix: pass actor to CustomFieldLive.FormComponent for save
All checks were successful
continuous-integration/drone/push Build is passing
Details 
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
 2026-01-29 13:59:24 +01:00
Moritz
21dbdbe366 fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 13:53:55 +01:00
Moritz
250369d142 Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 12:12:07 +01:00
simon
1f8fa8a6fb Merge pull request 'Groups Admin UI closes #372' (#382) from feature/372-groups-management into main
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details 
Reviewed-on: #382
 2026-01-28 10:51:44 +01:00
Simon
59aefe9521
fix: minor bugs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:45:05 +01:00
Simon
ddc8335cc0
refactor: improve groups LiveView based on code review feedback
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:33:27 +01:00
Simon
3eb4cde0b7
Merge remote-tracking branch 'origin/main' into feature/372-groups-management
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 23:48:31 +01:00
Simon
9991291b2f
test: adapt tests to reflect implementation details
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 23:40:12 +01:00
Simon
5e0b6580ae
refactor: fix credo warnings, update gettext
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 22:32:37 +01:00
Simon
05c81af6e9
feat: add groups to sidebar #372 2026-01-27 22:05:21 +01:00
Simon
6faa9847f4
feat: add groups administration #372 2026-01-27 21:55:17 +01:00
Simon
f05fae3ea3
test: add tdd tests for groups administration #372
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 18:24:42 +01:00
Moritz
214c929455 fix(deps): include picosat_elixir in production for Ash policies
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Ash/Crux SAT solver required for policy evaluation in prod (e.g. OIDC login).
 2026-01-27 18:18:14 +01:00
moritz
4e8e697490 Merge pull request 'Fix email sync (user->member) when changing password and email' (#380) from fix/email_sync into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #380
 2026-01-27 18:08:06 +01:00
Moritz
2b4e1e3963
Sync user email to member when changing password (admin_set_password)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Add SyncUserEmailToMember change to admin_set_password so email+password
updates in the user form sync the new email to the linked member.
 2026-01-27 17:58:35 +01:00
moritz
d78032d50f Merge pull request 'Fix System missing system actor in prod and prevent deletion' (#379) from fix/system_actor into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #379
 2026-01-27 17:54:48 +01:00
Moritz
462bc21ec3
fix(migration): use INSERT..SELECT for system user role_id in CI
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Avoid nil/empty-string UUID when repo().one lags after role insert.
 2026-01-27 17:47:05 +01:00
Moritz
92ee7fcc63 fix(seeds): use :update_internal for system user admin-role
Some checks failed
continuous-integration/drone/push Build is failing
Details 
:update is blocked for system-actor user; use :update_internal in bootstrap.
 2026-01-27 17:39:04 +01:00
Moritz
cbcb93418e feat(user_live): handle system user in form and show 
Early return / load_user_or_redirect, use system_user? to avoid editing system actor.
 2026-01-27 17:39:04 +01:00
Moritz
a10c770ca7 chore(migration): ensure_system_actor_user_exists 
Use admin_role_id, consistent UUID and timestamps.
 2026-01-27 17:39:04 +01:00
Moritz
d98b32af8d feat(accounts): block update/destroy on system-actor user 
Validation prevents modifying system actor user (required for internal ops).
 2026-01-27 17:39:04 +01:00
Moritz
7d33acde9f feat(system_actor): add system_user?/1 and normalize email 
Case-insensitive email comparison for system-actor detection.
 2026-01-27 17:39:04 +01:00
Moritz
41bc031cc6 refactor(web): extract format_ash_error to MvWeb.ErrorHelpers 
Use shared ErrorHelpers in UserLive.Index for consistent Ash error formatting.
 2026-01-27 17:39:04 +01:00
Moritz
eb8d78f834 Add gettext strings for system actor show/edit redirect messages 
German: Dieser Benutzer kann nicht angezeigt/bearbeitet werden.
 2026-01-27 17:39:04 +01:00
Moritz
9c31f0c16c Add tests for system actor protection and hiding 
Index: system actor not in list, destroy returns Ash.Error.Invalid. Show/Form:
redirect to /users when viewing or editing system actor user.
 2026-01-27 17:39:04 +01:00
Moritz
8ad5201e1a Hide system actor from user list and block show/edit 
Index: filter out SystemActor.system_user_email() in query. Show/Form:
redirect to /users with flash when viewing or editing system actor user.
Index format_error: handle Ash errors without :message field.
 2026-01-27 17:39:04 +01:00
Moritz
b7f37c80bd Prevent deletion of system actor user 
Add destroy validation and explicit destroy action (primary, require_atomic? false).
Validation blocks destroy when email == SystemActor.system_user_email().
 2026-01-27 17:39:04 +01:00
Moritz
acb33b9f3b Ensure system actor user exists via migration 
Creates user system@mila.local with Admin role if missing. Idempotent;
guarantees system actor in production without relying on seeds.
 2026-01-27 17:39:04 +01:00
simon
0a2aa3bad0 Merge pull request 'Add groups resource close #371' (#378) from feature/371-groups-resource into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #378
 2026-01-27 17:17:25 +01:00
simon
5df1da1573 Merge branch 'main' into feature/371-groups-resource
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 17:16:34 +01:00
Simon
e92c98b559
refactor: fix review issues - member_count aggregate, migration down, docs, actor handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 17:09:07 +01:00
Simon
fc8306cfee
test: resolve warnings
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 16:38:17 +01:00
moritz
b974e7d685 Merge pull request 'CustomFieldValue Resource Policies closes #369' (#377) from feature/369_customfieldvalue_policies into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #377
 2026-01-27 16:07:47 +01:00
Moritz
bfe9fba2e0 Docs: document bypass read rule for CustomFieldValue pattern
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
- Bypass action_type(:read) is production-side rule: reading own CFVs
  always allowed, overrides Permission-Sets. Applies to get/list/load.
 2026-01-27 16:07:01 +01:00
Moritz
0219073d33 CFV policies test: system_actor for setup, verify destroy with actor 
- create_linked_member_for_user and create_unlinked_member use actor
  (system_actor) directly instead of creating admin user per call
- Remove create_admin_user helper
- After destroy, verify with Ash.get(..., actor: actor) to avoid
  false positive from Forbidden vs NotFound
 2026-01-27 16:07:01 +01:00
Moritz
4d3a249b0c HasPermission: remove unused _authorizer from strict_check helper 2026-01-27 16:07:01 +01:00
Moritz
3f95a2dd84 CustomFieldValue: remove unused require Ash.Query 2026-01-27 16:07:01 +01:00
Moritz
7153af23ee CustomFieldValueCreateScope: use get_argument_or_attribute for member_id 
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
  when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
 2026-01-27 16:07:01 +01:00
Moritz
9e6c79bf40 chore: remove start-database from test action 2026-01-27 16:07:01 +01:00
Moritz
db95979bf5 Document CustomFieldValue policies and own_data create/destroy in architecture 
Update roles-and-permissions-architecture.md with policy layout and
permission matrix for CustomFieldValue (linked).
 2026-01-27 16:07:01 +01:00
Moritz
4e032ea778 Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin) 
Covers read/update/create/destroy for linked vs unlinked members and CRUD
permissions per permission set.
 2026-01-27 16:07:01 +01:00
Moritz
17831a0948 Pass actor to CustomFieldValue destroy and load in existing tests 
Required after CustomFieldValue gained authorization policies.
 2026-01-27 16:07:01 +01:00
Moritz
bf2d0352c1 Add authorization policies to CustomFieldValue resource 
- Authorizer and policies: bypass for read (member_id == actor.member_id),
  CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
  must use a dedicated check (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
c7c6b318ac Add CustomFieldValueCreateScope check for create actions 
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
8f5f69744c Add CustomFieldValue create/destroy :linked to own_data permission set 
Allows members to create and delete custom field values for their linked member.
 2026-01-27 16:07:01 +01:00
Simon
6db64bf996
feat: add groups resource #371
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 16:03:21 +01:00
Simon
8e9fbe76cf
docs: add testing philosophy to coding guideline
Some checks failed
continuous-integration/drone/push Build is failing
Details 
and update groups architecture docs #371
 2026-01-27 15:23:40 +01:00