local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
1145 commits 13 branches 0 tags 7.9 MiB
Commit graph

371 commits

Author SHA1 Message Date
Moritz
d7c6d20483 User form: red warning for OIDC users when setting/changing password
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
- Show alert when user has oidc_id and password section is visible.
- Explains that password here does not change SSO/identity provider password.
 2026-02-04 11:07:01 +01:00
Moritz
541c79e501 ARIA: remove aria-sort from sort button; Password column tests 
- Sort button: aria-sort removed (button role does not support it).
- Index tests: remove aria-sort assertions; add Password column display tests.
 2026-02-04 11:06:55 +01:00
Moritz
c6082f2831 Users list and show: Role, Password, OIDC columns; UserHelpers 
- Index: load :role; columns Role, Password (has_password?), OIDC; contrast fix.
- Show: Role, OIDC (Linked/Not linked); has_password? for Password Authentication.
- UserHelpers: has_password?/1, has_oidc?/1. Gettext: new strings and DE translations.
 2026-02-04 11:06:52 +01:00
Moritz
7eba21dc9c Hide Regenerate Cycles button when no membership fee type assigned
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Button only shown when @member.membership_fee_type is set (same as Create Cycle).
- Test: no-type view asserts Regenerate Cycles button is not present.
 2026-02-04 09:38:26 +01:00
Moritz
dbd0a57292 Secure regenerate_cycles: require can?(:create, MembershipFeeCycle) in handler 
- Handler returns flash error when non-admin triggers event (e.g. DevTools).
- Test: read_only cannot create MembershipFeeCycle so handler rejects.
 2026-02-04 09:19:37 +01:00
Moritz
182d34fe58 MemberLive: confirm_delete_all_cycles via Ash.destroy, reduce current_actor 
- Delete each cycle with Ash.destroy(actor:) so policies apply; add do_delete_all_cycles/5.
- Use positive can? check; remove duplicate current_actor(socket) in change_membership_fee_type.
 2026-02-04 00:34:00 +01:00
Moritz
101fd39f18 Fee settings and fee type form: pass actor for MembershipFeeType read 
- membership_fee_settings_live: current_actor(socket), Ash.read! with actor
- membership_fee_type_live/form: Ash.get! with actor in mount
- check_page_permission_test: normal_user /groups/new and /groups/:slug/edit allowed
- membership_fee_type_live form_test: actor for Ash.read_one!/get!
 2026-02-03 23:52:27 +01:00
Moritz
e3bea17827 Member show & MembershipFees: permissions, delete all, regenerate, errors 
- Show: handle_info :member_updated and :put_flash; Linked User only when can_access_page? /users
- MembershipFeesComponent: can_create_cycle/can_destroy_cycle/can_update_cycle; buttons gated
- Delete all cycles via Ash.destroy (policy enforced); format_error Forbidden
- Regenerate cycles for normal_user and admin (no admin-only check)
- Member form: format_error tuple for membership_fee_type_id; Select a membership fee type (no None)
- show_membership_fees_test: read_only UI and policy tests
 2026-02-03 23:52:24 +01:00
Moritz
8ec4a07103 User form: persist role, member linking, Forbidden handling 
- User resource: update_user accepts role_id, manage_relationship :member
- user_live/form: touch role_id, params_with_member_if_unchanged to avoid unlink
- Handle Forbidden in form, extract error message for display
- user_policies_test and form_test coverage
 2026-02-03 23:52:20 +01:00
Moritz
ee6bfbacbb User LiveViews: row_id and data-testid for actions 
Table row_id for scoped selectors; data-testid on New/Edit/Delete.
 2026-02-03 17:16:13 +01:00
Moritz
a4b13cef49 Member LiveViews: row_id and data-testid for actions 
Table row_id for scoped selectors; data-testid on New/Edit/Delete.
 2026-02-03 17:16:11 +01:00
Moritz
286972964d CoreComponents: allow data-testid on button 
Include data-testid in button rest for test selectors.
 2026-02-03 17:16:10 +01:00
Moritz
c36812bf3f Authorization: document can_access_page? nil-safety 
Doc and example for nil user returning false.
 2026-02-03 17:16:09 +01:00
Moritz
2ddd22078d Sidebar: use PagePaths, add testid for Administration 
Gate menu items via PagePaths; add data-testid=sidebar-administration
for stable tests. menu_group accepts optional testid attr.
 2026-02-03 17:16:08 +01:00
Moritz
9e8910344e Add MvWeb.PagePaths for central sidebar/page paths 
Single source for path strings used by Sidebar and can_access_page?.
Keep in sync with router when routes change.
 2026-02-03 17:16:07 +01:00
Moritz
f779fd61e0
Gate sidebar menu items by can_access_page? 
Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.
 2026-02-03 16:56:52 +01:00
Moritz
2f67c7099d
Apply UI authorization to User LiveViews (Index and Show) 
Gate New User button, Edit and Delete links with can?/3.
Edit button on User Show visible only when user can update the user.
 2026-02-03 16:56:51 +01:00
Moritz
505e31653a
Apply UI authorization to Member LiveViews (Index and Show) 
Gate New Member button, Edit and Delete links with can?/3.
Edit button on Member Show visible only when user can update the member.
 2026-02-03 16:56:51 +01:00
carla
71db9cf3c1 formatting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:54:27 +01:00
carla
9e27de84cb Merge branch 'main' into feature/338_import_custom_fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:46:05 +01:00
carla
f5591c392a i18n: add translation 2026-02-02 13:42:16 +01:00
carla
3f8797c356 feat: import custom fields via CSV 2026-02-02 11:42:07 +01:00
carla
e74154581c feat: changes UI info based on config for limits 2026-02-02 10:10:02 +01:00
carla
3f551c5f8d feat: add configs for impor tlimits
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 09:49:13 +01:00
Moritz
6e13a3aa34
Docs: note User-Member Linking enforcement in code
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:28:41 +01:00
Moritz
06d6531569 UserLive.Form: gate Member-Linking to admin, use :update for non-admin 
- Show Member-Linking UI only when can_manage_member_linking (admin)
- perform_member_link_action runs only for admin
- assign_form: non-admin uses :update (email), admin uses :update_user
- Load members for linking only when can_manage_member_linking
 2026-01-30 11:13:28 +01:00
Moritz
a1fe36b7f2 Delegate can_access_page? to CheckPagePermission 
- UI uses same rules as plug (reserved 'new', own/linked path checks)
 2026-01-30 10:22:31 +01:00
Moritz
b55f356762
fix: handle nil member in MembershipFeeHelpers 
- get_last_completed_cycle/2 and get_current_cycle/2 return nil when member is nil.
- Avoids FunctionClauseError when MemberLive.Show receives no member (e.g. after
  redirect or policy filter). Add unit tests for nil member.
 2026-01-30 00:00:32 +01:00
Moritz
b10b9c893c
feat: add CheckPagePermission plug for page-level authorization 
- Plug checks PermissionSets page list; redirects unauthorized to profile or sign-in.
- Router: add plug to :browser pipeline; LiveHelpers: check_page_permission_on_params
  for client-side navigation (push_patch).
 2026-01-30 00:00:31 +01:00
simon
d7f6d1c03c Merge pull request 'Change Logo closes #385' (#389) from feature/385-mila-logo into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #389
 2026-01-29 16:20:34 +01:00
Moritz
5a2f035ecc CustomField policies: actor required, no system-actor fallback, error handling 
- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format
 2026-01-29 16:10:12 +01:00
Moritz
9a7622ebed fix: pass actor to CustomFieldLive.FormComponent for save 
IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.
 2026-01-29 16:10:12 +01:00
Moritz
1d17c4f2dd fix: CustomField policies, no system-actor fallback, guidelines 
- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks
 2026-01-29 16:10:12 +01:00
Simon
8fa337bd81
feat: change logo
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:55:15 +01:00
Simon
b4adf63e83
feix: optimize queries for groups
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-29 15:22:40 +01:00
Simon
124ab295a6
fix: select all checkbox handling 2026-01-29 15:14:36 +01:00
Simon
bb7e3cbe77
fix: make sure all tests run
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-29 14:49:39 +01:00
Simon
59aefe9521
fix: minor bugs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:45:05 +01:00
Simon
ddc8335cc0
refactor: improve groups LiveView based on code review feedback
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:33:27 +01:00
Simon
3eb4cde0b7
Merge remote-tracking branch 'origin/main' into feature/372-groups-management
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 23:48:31 +01:00
Simon
9991291b2f
test: adapt tests to reflect implementation details
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 23:40:12 +01:00
Simon
5e0b6580ae
refactor: fix credo warnings, update gettext
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 22:32:37 +01:00
Simon
05c81af6e9
feat: add groups to sidebar #372 2026-01-27 22:05:21 +01:00
Simon
6faa9847f4
feat: add groups administration #372 2026-01-27 21:55:17 +01:00
Moritz
cbcb93418e feat(user_live): handle system user in form and show 
Early return / load_user_or_redirect, use system_user? to avoid editing system actor.
 2026-01-27 17:39:04 +01:00
Moritz
41bc031cc6 refactor(web): extract format_ash_error to MvWeb.ErrorHelpers 
Use shared ErrorHelpers in UserLive.Index for consistent Ash error formatting.
 2026-01-27 17:39:04 +01:00
Moritz
8ad5201e1a Hide system actor from user list and block show/edit 
Index: filter out SystemActor.system_user_email() in query. Show/Form:
redirect to /users with flash when viewing or editing system actor user.
Index format_error: handle Ash errors without :message field.
 2026-01-27 17:39:04 +01:00
Moritz
5195fd0d45 Fix missing max_errors assign in GlobalSettingsLive
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Set max_errors as socket assign in mount/3 to make it
available in templates. Fixes KeyError in CSV import UI.
 2026-01-25 18:36:33 +01:00
Moritz
5acb5e304d Fix CSV upload file reading 
Handle consume_uploaded_entries returning [content] directly
instead of [{:ok, content}]. Add locale support for translations
in background tasks.
 2026-01-25 18:33:27 +01:00
carla
79361c72d2
fix tests and linting 2026-01-25 17:31:49 +01:00