f2def20fce
Add centralized Actor.ensure_loaded helper
...
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
2026-01-22 22:37:07 +01:00
05c71132e4
Replace NoActor runtime Mix.env with compile-time config
...
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
2026-01-22 22:37:04 +01:00
a834bdc4ff
Add PolicyHelpers macro for standard user policies
...
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
2026-01-22 21:36:18 +01:00
f1e6a1e9db
Clarify User.update :own in permission sets
...
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
2026-01-22 21:36:11 +01:00
56144a7696
Add role loading fallback to HasPermission check
...
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
2026-01-22 21:36:10 +01:00
93216f3ee6
Harden NoActor check with runtime environment guard
...
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
2026-01-22 21:36:09 +01:00
429042cbba
feat(auth): add User resource authorization policies
...
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
2026-01-22 19:19:22 +01:00
d07f1984cd
Move require Logger to module level
...
continuous-integration/drone/push Build is passing
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
2026-01-21 08:35:34 +01:00
7e9de8e95b
Add logging for fail-open email uniqueness validations
...
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
2026-01-21 08:02:33 +01:00
006b1aaf06
Replace Mix.env() with Config.sql_sandbox?() in SystemActor
...
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
2026-01-21 08:02:31 +01:00
c5bd58e7d3
Add @spec type annotations to SystemActor functions
...
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
2026-01-20 23:16:39 +01:00
a3cf8571ff
Document System Actor pattern in code guidelines
...
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
2026-01-20 22:10:11 +01:00
c64b74588f
Use system actor for cycle generation
...
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
2026-01-20 22:09:20 +01:00
f0169c95b7
Use system actor for email uniqueness validation
...
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
2026-01-20 22:09:19 +01:00
8acd92e8d4
Use system actor for email synchronization
...
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
2026-01-20 22:09:18 +01:00
ddb1252831
Add System Actor helper for systemic operations
...
Introduce Mv.Helpers.SystemActor module with lazy loading
for operations that must always run regardless of user permissions.
System actor has admin role and auto-creates in test environment.
2026-01-20 22:09:16 +01:00
433f008af8
refactor: Reduce function complexity and nesting depth
...
- Extract helper functions from process_chunk to reduce nesting
- Extract format_error_message from extract_changeset_error
- Split extract_error_message into smaller functions to reduce complexity
- Fixes Credo refactoring opportunities
2026-01-20 16:05:32 +01:00
9c2cff6307
docs: Update domain Public API documentation
2026-01-20 15:50:08 +01:00
ac0e272cca
refactor: change length for performance
2026-01-19 12:37:39 +01:00
3cbd90ecdd
feat: adds error capping
2026-01-19 12:02:28 +01:00
7da037d81d
refactor: adds schemales changeset and validation constant
2026-01-19 11:43:51 +01:00
8b3cc6a6b2
feat: adds row validation
2026-01-19 11:22:11 +01:00
6dc398fa5a
refactor: reduce complexity
2026-01-15 17:00:17 +01:00
67072f0c52
feat: adds header header normalization
2026-01-15 16:11:09 +01:00
8a5d012895
refactor parser
2026-01-15 12:15:22 +01:00
3bbe9895ee
fix: improve CSV parser error handling
2026-01-15 11:08:22 +01:00
68e19bea18
feat: add csv parser
2026-01-15 10:10:02 +01:00
4b41ab37bb
Merge branch 'main' into feature/330_import_service_skeleton
2026-01-14 12:30:40 +01:00
fb71b7ddb1
fix struct inconsistencies
continuous-integration/drone/push Build is failing
2026-01-14 09:49:40 +01:00
897677a782
refactor: Replace actor option patterns with ash_actor_opts helper
...
- Replace if actor, do: [actor: actor], else: [] with Mv.Helpers.ash_actor_opts/1
- Update email_sync/loader.ex, member validations, member.ex, cycle_generator.ex
- Consistent actor handling across non-LiveView modules
2026-01-13 15:17:06 +01:00
555ae15173
feat: Add shared helper functions for actor handling
...
- Add Mv.Helpers module with ash_actor_opts/1 helper
- Add current_actor/1 with @spec to LiveHelpers
- Add ash_actor_opts/1 delegate and submit_form/3 wrapper to LiveHelpers
- Standardize actor access pattern across LiveViews
2026-01-13 15:17:06 +01:00
74fe60f768
Pass actor parameter to member email validation
...
Extract actor from changeset context and pass it to Ash.read and
Ash.load calls in email uniqueness validation.
2026-01-13 15:16:00 +01:00
5ffd2b334e
Pass actor parameter through email sync operations
...
Extract actor from changeset context and pass it to all email sync
loader functions to ensure proper authorization when loading linked
users and members.
2026-01-13 15:16:00 +01:00
dbd79075f5
Pass actor parameter through cycle generation
...
Extract actor from changeset context in Member hooks and pass it
through all cycle generation functions to ensure proper authorization.
2026-01-13 15:15:59 +01:00
dc3268cbf4
Fix: Update comment in auto_filter to reflect expr(false) usage
...
Update comment from 'id IN [] = never matches' to 'expr(false) = match none'
to match the actual implementation of deny_filter().
2026-01-13 15:01:56 +01:00
c95a6fac69
Improve: Make deny_filter robust and add regression test
...
- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records
2026-01-13 15:01:55 +01:00
42a463f422
Security: Fix critical deny-filter bug and improve authorization
...
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
2026-01-13 15:01:55 +01:00
6846363132
Refactor: NoActor to SimpleCheck with compile-time environment check
...
This prevents security issues where :create/:read without actor would
be allowed in production. Now all operations require an actor in production.
2026-01-13 15:01:54 +01:00
70729bdd73
Fix: HasPermission auto_filter and strict_check implementation
...
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
2026-01-13 15:01:54 +01:00
4192922fd3
feat: implement authorization policies for Member resource
2026-01-13 15:01:53 +01:00
cc6d72b6b1
feat: add service skeleton and tests
continuous-integration/drone/push Build is failing
2026-01-13 11:44:40 +01:00
922f9f93d0
Merge branch 'main' into feature/223_memberfields_settings
continuous-integration/drone/push Build is passing
2026-01-12 13:15:40 +01:00
db0a187058
fix: correct relationship filter paths in HasPermission check
...
continuous-integration/drone/push Build is passing
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
2026-01-08 17:45:02 +01:00
288002f404
feat: implement HasPermission policy check
...
continuous-integration/drone/push Build is passing
Implement custom Ash Policy Check that reads permissions from
PermissionSets module and applies scope filters to Ash queries.
2026-01-08 16:48:43 +01:00
9af7381843
refactor: extract helper modules to remove code duplication
2026-01-08 11:22:44 +01:00
0c8a255476
Merge branch 'main' into feature/273_member_fields
continuous-integration/drone/push Build is failing
2026-01-07 10:22:18 +01:00
18ec4bfd16
fix: add missing /custom_field_values/:id page to read_only and normal_user
...
continuous-integration/drone/push Build is passing
- Add /custom_field_values/:id to read_only pages (users can view list, should also view details)
- Add /custom_field_values/:id to normal_user pages
- Refactor tests to reduce duplication (use for-comprehension for structure tests)
- Add tests for invalid input types in valid_permission_set?/1
- Update @spec for valid_permission_set?/1 to accept any() type
2026-01-06 22:17:33 +01:00
7845117fad
refactor: improve error handling and documentation in PermissionSets
...
continuous-integration/drone/push Build is passing
- Add explicit ArgumentError for invalid permission set names with helpful message
- Soften performance claim in documentation (intended to be constant-time)
- Add tests for error handling
- Improve maintainability with guard clause for invalid inputs
2026-01-06 21:55:52 +01:00
9b0d022767
fix: add missing /profile page to read_only and normal_user permission sets
...
Both permission sets allow User:update :own, so users should be able
to access their profile page. This makes the implementation consistent
with the documentation and the logical permission model.
2026-01-06 21:55:13 +01:00
3a0fb4e84f
feat: implement PermissionSets module with all 4 permission sets
...
- Add types for scope, action, resource_permission, permission_set
- Implement get_permissions/1 for all 4 sets (own_data, read_only, normal_user, admin)
- Implement valid_permission_set?/1 for string and atom validation
- Implement permission_set_name_to_atom/1 with error handling
2026-01-06 21:33:39 +01:00
