Index: filter out SystemActor.system_user_email() in query. Show/Form:
redirect to /users with flash when viewing or editing system actor user.
Index format_error: handle Ash errors without :message field.
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
- Authorizer and policies: bypass for read (member_id == actor.member_id),
CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
must use a dedicated check (no filter).
Include email address in duplicate email error messages.
Add German translation for email uniqueness errors.
Ensure locale is set for translations in async tasks.
- Only cache non-nil role_id values to allow retry after role creation
- Prevents processes from being permanently stuck with nil if first call
happens before the 'Mitglied' role exists
- Update documentation to explain bootstrap safety mechanism
- Add database-level NOT NULL constraint for users.role_id
- Update SystemActor tests to verify NOT NULL constraint enforcement
- Add process dictionary caching for default_role_id/0 to reduce DB queries
The attribute-level default solution makes this change module obsolete.
All role assignment is now handled via the role_id attribute's default
function, which is more robust and works for all creation paths.
- Add SystemActor to all Ash operations in LinkOidcAccountLive
- Enables user lookup, reload, and oidc_id linking during OIDC flow
- User is not yet logged in during linking, so SystemActor provides authorization
- Add SystemActor to Ash.read_one() calls in OidcEmailCollision validation
- Prevents authorization failures during OIDC registration when no actor is logged in
- Enables proper email collision detection and account linking flow
- Add authorize?: false to all bootstrap operations in seeds.exs
- Fix user-linking validation to respect authorize? context flag
- Prevents authorization errors during initial setup when no actor exists yet
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
