local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 3 Projects 2 Releases Packages 1 Activity Actions
1384 commits 11 branches 0 tags 16 MiB
Commit graph

104 commits

Author SHA1 Message Date
Moritz
2d1d1c62dc
Docs and .env.example: document OIDC_ONLY 2026-02-24 15:13:17 +01:00
Moritz
12419c5237
docs: fix remaining rauthy references after oidc rename 
Update action names (register_with_rauthy → register_with_oidc,
sign_in_with_rauthy → sign_in_with_oidc) and strategy name
(:rauthy → :oidc) in docs, code comments and guidelines.
 2026-02-24 11:51:01 +01:00
Moritz
339d37937a
Rename OIDC strategy from :rauthy to :oidc, update callback path 
- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc;
  generated actions are now register_with_oidc / sign_in_with_oidc.
- Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs.
- Update default_redirect_uri to /auth/user/oidc/callback everywhere.
- Rename Mv.Accounts helper functions accordingly.
- Update Mv.Secrets, AuthController, link_oidc_account_live and all tests.
- Update docker-compose.prod.yml, .env.example, README and docs.

IMPORTANT: OIDC providers must be updated to use the new redirect URI
/auth/user/oidc/callback instead of /auth/user/rauthy/callback.
 2026-02-24 11:51:00 +01:00
Simon
63b8e70e62
fix: adress review comments
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-18 13:05:31 +01:00
Simon
f6575319f7
feat: add groups to search vector
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-18 12:47:23 +01:00
Simon
911f308a67
fix: address review comments
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-17 15:30:23 +01:00
Simon
b1a9eb8b1d
feat: add groups to member detail view #374
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-17 14:15:43 +01:00
Simon
6831ba046f
Merge remote-tracking branch 'origin/main' into feature/member-overview-groups
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-16 15:57:57 +01:00
Simon
5fd7c0e7f6
feat: improve groups fillter
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-13 17:45:51 +01:00
carla
22458cd52b Merge branch 'main' into feature/286_export_pdf
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-13 17:40:39 +01:00
Moritz
2beceb539b Update docs and guidelines for statistics feature 
- CODE_GUIDELINES.md and feature-roadmap.md
- Add statistics-page-implementation-plan.md
 2026-02-12 19:35:48 +01:00
Moritz
919a8e4ebd Add statistics route, permissions, and sidebar entry 
- /statistics route and PagePaths.statistics
- Permission sets: viewer and admin can access /statistics
- Sidebar link with can_access_page check
- Plug and sidebar tests updated
 2026-02-12 19:35:48 +01:00
Simon
2f8a6a2768
Merge remote-tracking branch 'origin/main' into feature/ui-for-adding-members-groups
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-02-12 15:16:35 +01:00
Simon
900f322422
fix: pr comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-02-12 15:08:40 +01:00
carla
f6b35f03a5 feat: adds pdf export with imprintor
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-11 11:47:26 +01:00
carla
80fe73a561 docs: update docs 2026-02-09 14:08:04 +01:00
Moritz
c5f1fdce0a Code-review follow-ups: policy, docs, seed_admin behaviour
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Use OidcRoleSyncContext for set_role_from_oidc_sync; document JWT peek risk.
- seed_admin without password sets Admin role on existing user (OIDC-only); update docs and test.
- Fix DE translation for 'access this page'; add get? true comment in User.
 2026-02-04 19:44:43 +01:00
Moritz
55fef5a993 Docs and .env.example for admin bootstrap and OIDC role sync 
Documents ADMIN_EMAIL/PASSWORD, seed_admin, entrypoint; OIDC_ADMIN_GROUP_NAME,
OIDC_GROUPS_CLAIM and role sync on register/sign-in.
 2026-02-04 18:13:30 +01:00
carla
3415faeb21 Merge branch 'main' into feature/337_polish_import
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-04 16:28:55 +01:00
Moritz
5194b20b5c
Fix unlink-by-omission: on_missing :ignore, test, doc, string-key
Some checks failed
continuous-integration/drone/push Build is failing
Details 
- Member update_member: on_missing :unrelate → :ignore (no unlink when :user omitted)
- Test: normal_user update linked member without :user keeps link
- Doc: unlink only explicit (user: nil), admin-only; Actor.admin?(nil) note
- Check: defense-in-depth for "user" string key
 2026-02-04 14:07:39 +01:00
Moritz
543fded102
Harden member user-link check: argument presence, nil actor, policy scope 
- Forbid on :user argument presence (not value) to block unlink via nil/empty
- Defensive nil actor handling; policy restricted to create/update only
- Test: Ash.load with actor; test non-admin cannot unlink via user: nil
- Docs: unlink behaviour and policy split
 2026-02-04 14:07:39 +01:00
Moritz
54e419ed4c
Docs: permission hardening Role and member user link 
Role: Ash policies (HasPermission); read for all, create/update/destroy admin only.
User–member link: only admins may set :user on Member create/update (ForbidMemberUserLinkUnlessAdmin).
 2026-02-04 14:07:39 +01:00
Moritz
503401f2e6 Setting: remove unused actor in default_fee_type validation 
- Docs: Regenerate Cycles server-side enforcement note in membership-fee-architecture.
 2026-02-04 11:40:19 +01:00
Moritz
c035d0f141 Docs: groups and roles/permissions architecture, Group moduledoc
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- groups-architecture: normal_user and admin can manage groups.
- roles-and-permissions: matrix and MembershipFeeCycle :linked for own_data.
- group_policies_test: update moduledoc.
 2026-02-04 09:20:26 +01:00
Moritz
c4459ebb92 Docs, gettext, and remaining test updates
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- groups-architecture and membership-fee-architecture docs
- Gettext: add/correct German for authorization and membership fee type
- membership_fee_helpers_test and membership_fee_status_test adjustments
 2026-02-03 23:52:31 +01:00
Moritz
893f9453bd Add PermissionSets for Group, MemberGroup, MembershipFeeType, MembershipFeeCycle 
- Extend permission_sets.ex with resources and pages for new domains
- Adjust HasPermission check for resource/action/scope
- Update roles-and-permissions and implementation-plan docs
- Add permission_sets_test.exs coverage
 2026-02-03 23:52:09 +01:00
Simon
03f27a5938
Merge remote-tracking branch 'origin/main' into feature/ui-for-adding-members-groups 2026-02-03 16:15:53 +01:00
Moritz
4e6b7305b6
Doc: Loader auth-independent for link checks; email-sync rule rationale 2026-02-03 16:07:13 +01:00
carla
96daf2a089 docs: update changelog 2026-02-03 14:58:02 +01:00
Moritz
4ea31f0f37 Add email-change permission validation for linked members
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Only admins or the linked user may change a linked member's email.
- New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user).
- Register on Member update_member; docs and gettext.
 2026-02-03 14:35:32 +01:00
carla
c56ca68922 docs: update docs
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-02-02 13:42:24 +01:00
Moritz
6e13a3aa34
Docs: note User-Member Linking enforcement in code
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is failing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:28:41 +01:00
Moritz
ea1d01fcea Docs: align route matrix with PermissionSets, add Role-Load note 
- Table: own_data/read_only/normal_user /users/:id and edit/show/edit; members edit/show/edit
- Integration test sections updated for read_only and normal_user
- Add note on plug reloading role and member_id when needed
 2026-01-30 10:22:30 +01:00
Moritz
f66cd2933a
docs: add page permission route and test coverage 
- page-permission-route-coverage.md: route matrix, test coverage per role,
  reserved segments.
 2026-01-30 00:00:33 +01:00
Simon
90758191f9
docs: update groups architecture 2026-01-29 17:03:07 +01:00
Moritz
36b5d5880b Add CustomField resource policies and tests 
- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)
 2026-01-29 16:10:12 +01:00
Simon
709cf010c6
docs: consolidate test performance docs
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-01-29 15:34:14 +01:00
Simon
17974d7a12
chore: change pr merge workflow
Some checks reported errors
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build was killed
Details
2026-01-29 14:30:09 +01:00
Simon
ea3bdcaa65
refactor: apply review comments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:42:16 +01:00
Simon
050ca4a13c
test: move slow and less critical tests to nightly suite
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 14:34:05 +01:00
Simon
eb2b2436be
docs: add performance analysis on policy tests 2026-01-28 14:01:41 +01:00
Simon
91f8bb03bc
refactor: remove tests against basic framework functionalities
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 13:46:18 +01:00
Simon
15d328afbf
test: optimize single test and update docs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 13:33:39 +01:00
Simon
858a0fc0d0
chore: allow manual nightly-tests pipeline run
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 12:07:51 +01:00
Simon
67e06e12ce
refactor: move slow performance tests to extra test suite
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 12:00:32 +01:00
Simon
f9403c1da9
refactor: improve seeds tests performance by reducing complexity
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-28 11:31:31 +01:00
Simon
ddc8335cc0
refactor: improve groups LiveView based on code review feedback
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-28 10:33:27 +01:00
Simon
f05fae3ea3
test: add tdd tests for groups administration #372
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-27 18:24:42 +01:00
simon
5df1da1573 Merge branch 'main' into feature/371-groups-resource
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-27 17:16:34 +01:00
Moritz
bfe9fba2e0 Docs: document bypass read rule for CustomFieldValue pattern
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
- Bypass action_type(:read) is production-side rule: reading own CFVs
  always allowed, overrides Permission-Sets. Applies to get/list/load.
 2026-01-27 16:07:01 +01:00