mitgliederverwaltung

Author	SHA1	Message	Date
Moritz	fdbe673a65	feat: Add shared helper functions for actor handling - Add Mv.Helpers module with ash_actor_opts/1 helper - Add current_actor/1 with @spec to LiveHelpers - Add ash_actor_opts/1 delegate and submit_form/3 wrapper to LiveHelpers - Standardize actor access pattern across LiveViews	2026-01-13 14:05:39 +01:00
Moritz	295d711768	test: Add role tag support to ConnCase and fix test issues - Add role tag support (@tag role: :admin/:member/:unauthenticated) to ConnCase - Fix Keyword.get -> Map.get for tags Map - Remove duplicate test file index_display_name_test.exs - Fix CustomField creation in tests (remove slug, use :string instead of :text) - Fix CustomFieldValue value format to use _union_type/_union_value	2026-01-13 14:05:36 +01:00
Moritz	7c821193fc	Fix error handling and actor access in MemberLive.Index All checks were successful continuous-integration/drone/push Build is passing Details Replace bang calls with proper error handling and use current_actor/1 helper for consistent actor access.	2026-01-09 05:26:11 +01:00
Moritz	b0edd25da5	Pass actor parameter in seeds and update test setup Ensure cycle generation in seeds uses admin actor and update test to use global admin_user from ConnCase setup.	2026-01-09 05:26:09 +01:00
Moritz	b409107350	Add missing Gettext translations for member deletion errors Add German and English translations for member deletion success and error messages.	2026-01-09 05:26:08 +01:00
Moritz	5b9830a6cc	Use current_actor/1 helper in all LiveViews Replace inconsistent actor access patterns with current_actor/1 helper and ensure actor is passed to all Ash operations for proper authorization.	2026-01-09 05:26:06 +01:00
Moritz	3778c5259c	Pass actor parameter to member email validation Extract actor from changeset context and pass it to Ash.read and Ash.load calls in email uniqueness validation.	2026-01-09 05:26:04 +01:00
Moritz	e27bfcb851	Pass actor parameter through email sync operations Extract actor from changeset context and pass it to all email sync loader functions to ensure proper authorization when loading linked users and members.	2026-01-09 05:26:02 +01:00
Moritz	c65124c8f4	Pass actor parameter through cycle generation Extract actor from changeset context in Member hooks and pass it through all cycle generation functions to ensure proper authorization.	2026-01-09 05:26:01 +01:00
Moritz	57bcef17ca	Add current_actor/1 helper for consistent actor access Provides a single function to access current_user from socket assigns across all LiveViews, ensuring consistent access pattern.	2026-01-09 05:25:59 +01:00
Moritz	23f00d2cba	Refactor test setup: use global setup and fix MembershipFees domain alias All checks were successful continuous-integration/drone/push Build is passing Details - Remove redundant setup blocks from member_live tests - Add build_unauthenticated_conn helper for AuthController tests - Add global setup in conn_case.ex	2026-01-09 02:25:30 +01:00
Moritz	c544cdc07c	Integrate Member policies in LiveViews - Add on_mount hook to ensure user role is loaded in all Member LiveViews - Pass actor parameter to all Ash operations (read, get, create, update, destroy, load)	2026-01-09 00:03:58 +01:00
Moritz	a42fc8a6eb	Fix: Update comment in auto_filter to reflect expr(false) usage Update comment from 'id IN [] = never matches' to 'expr(false) = match none' to match the actual implementation of deny_filter().	2026-01-08 23:34:04 +01:00
Moritz	dd4b88f0b7	Improve: Make deny_filter robust and add regression test All checks were successful continuous-integration/drone/push Build is passing Details - Change deny_filter from [id: {:in, []}] to expr(false) - Add regression test to ensure deny-filter matches 0 records	2026-01-08 23:30:06 +01:00
Moritz	05cbd833bc	Security: Fix critical deny-filter bug and improve authorization All checks were successful continuous-integration/drone/push Build is passing Details CRITICAL FIX: Deny-filter was allowing all records instead of denying Fix: User validation in Member now uses actor from changeset.context	2026-01-08 23:15:48 +01:00
Moritz	e5eb3b7e89	Docs: Correct :linked scope documentation All checks were successful continuous-integration/drone/push Build is passing Details	2026-01-08 22:56:34 +01:00
Moritz	e8293457a3	Fix: Seeds use admin actor instead of NoActor bypass This ensures seeds work correctly with the new fail-closed NoActor policy in production, using proper authorization instead of bypass.	2026-01-08 22:56:21 +01:00
Moritz	236eb53a24	Refactor: NoActor to SimpleCheck with compile-time environment check This prevents security issues where :create/:read without actor would be allowed in production. Now all operations require an actor in production.	2026-01-08 22:55:45 +01:00
Moritz	6cd18545bd	Fix: HasPermission auto_filter and strict_check implementation Fixes security issue where auto_filter returned nil instead of proper filter expressions, which could lead to incorrect authorization behavior.	2026-01-08 22:55:24 +01:00
Moritz	9d58c9d1ef	feat: implement authorization policies for Member resource All checks were successful continuous-integration/drone/push Build is passing Details	2026-01-08 21:22:45 +01:00
Moritz	f7cda66598	test: add Member resource policy tests	2026-01-08 21:22:15 +01:00
moritz	35aff50bea	Merge pull request 'Custom Policy Check - HasPermission closes #343 ' (#344 ) from feature/343_haspermission into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #344	2026-01-08 18:05:14 +01:00
Moritz	db0a187058	fix: correct relationship filter paths in HasPermission check All checks were successful continuous-integration/drone/push Build is passing Details - Use user.id instead of user_id for Member linked scope - Use member.user.id for CustomFieldValue linked scope - Add lazy logger evaluation - Improve action nil handling - Add integration tests for filter expressions	2026-01-08 17:45:02 +01:00
Moritz	288002f404	feat: implement HasPermission policy check All checks were successful continuous-integration/drone/push Build is passing Details Implement custom Ash Policy Check that reads permissions from PermissionSets module and applies scope filters to Ash queries.	2026-01-08 16:48:43 +01:00
Moritz	cba471dcac	test: add tests for HasPermission policy check Add comprehensive test suite for the HasPermission Ash Policy Check covering permission lookup, scope application, error handling, and logging.	2026-01-08 16:48:42 +01:00
moritz	05b611d880	Merge pull request 'Role CRUD LiveViews closes #325 ' (#326 ) from feature/325_role_view into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #326	2026-01-08 16:21:40 +01:00
Moritz	68c09b761e	perf: optimize load_user_counts with DB-side aggregation All checks were successful continuous-integration/drone/push Build is passing Details Replace Elixir-side counting with Ecto GROUP BY COUNT query for better performance. This avoids loading all users into memory and performs the aggregation directly in the database.	2026-01-08 16:20:27 +01:00
Moritz	5ac9ab7ff9	refactor: add opts_with_actor helper and improve error formatting Add opts_with_actor helper function to reduce duplication when building Ash options with actor and domain. Improve format_error documentation and ensure consistent error message formatting.	2026-01-08 16:20:27 +01:00
Moritz	34afe798ec	fix: use verified routes in navbar and improve can_access_page? Use ~p verified routes instead of string paths in navbar template. Update can_access_page? to handle both string and verified route paths for better type safety.	2026-01-08 16:20:27 +01:00
Moritz	ad0a3cd458	fix: add ensure_user_role_loaded to router live_session globally	2026-01-08 16:20:27 +01:00
Moritz	675ab14fce	fix: correct German translations for role management Fix incorrect translations: - 'Listing Roles' -> 'Rollen auflisten' (was 'Benutzer*innen auflisten') - 'Custom' -> 'Benutzerdefiniert' (was 'Benutzerdefinierte Felder')	2026-01-08 16:20:27 +01:00
Moritz	59d656a07c	fix: add authorization check for Roles link in navbar Only show Roles link in Settings dropdown for users with admin permissions, preventing unauthorized access attempts.	2026-01-08 16:20:26 +01:00
Moritz	32296625fe	refactor: extract shared helpers for RoleLive modules Extract format_error and permission_set_badge_class functions into MvWeb.RoleLive.Helpers module to eliminate code duplication between Index and Show LiveViews.	2026-01-08 16:20:26 +01:00
Moritz	e3cd400899	fix: add actor parameter to Ash.load in LiveHelpers Use self as actor when loading user role relationship to ensure proper authorization and policy enforcement.	2026-01-08 16:20:26 +01:00
Moritz	d9dd936ae3	fix: add actor and domain parameters to user count functions in Show Add actor and domain parameters to recalculate_user_count and load_user_count to ensure consistent authorization. Clarify that load_user_count is for initial display while recalculate_user_count is for fresh count before deletion.	2026-01-08 16:20:26 +01:00
Moritz	548bad6703	fix: add actor and domain parameters to user count functions Add actor parameter to load_user_counts and recalculate_user_count in Index LiveView to ensure consistent authorization and policy enforcement. Also add domain parameter for clarity.	2026-01-08 16:20:25 +01:00
Moritz	37a2fc3e83	refactor: replace cond with if in handle_delete_role functions	2026-01-08 16:20:25 +01:00
Moritz	75ab046be4	refactor: extract ensure_user_role_loaded into shared on_mount hook Move duplicate ensure_user_role_loaded logic into MvWeb.LiveHelpers on_mount hook to eliminate code duplication across RoleLive modules and centralize security-related user role loading.	2026-01-08 16:20:25 +01:00
Moritz	ac67b8073d	fix: eliminate duplicate user_count queries in delete handlers Calculate user_count once and reuse the value instead of calling recalculate_user_count twice, reducing unnecessary database queries.	2026-01-08 16:20:25 +01:00
Moritz	83812193b6	fix: add actor parameter to Authorization.get_role in Index Ensure consistent authorization by passing actor parameter to get_role call, matching the pattern used in Show LiveView.	2026-01-08 16:20:24 +01:00
Moritz	03c1f747c5	chore: update gettext files and test cleanup Update translation files after code changes and remove unused debug logging code from tests.	2026-01-08 16:20:22 +01:00
Moritz	8d36c0b02c	fix: use reraise instead of raise in rescue blocks Replace raise with reraise to preserve the original stacktrace when re-raising exceptions in rescue blocks, improving error debugging.	2026-01-08 16:19:49 +01:00
Moritz	54c825bac3	refactor: reduce nesting depth in RoleLive handle_event functions	2026-01-08 16:19:49 +01:00
Moritz	b638a54bd6	feat: prevent deletion of roles with assigned users	2026-01-08 16:19:47 +01:00
Moritz	954fc4261a	fix: improve contrast for 'No description' text to meet WCAG 2 AA Change text-base-content/50 to text-base-content/70 for better accessibility contrast ratio in role index and show pages	2026-01-08 16:19:02 +01:00
Moritz	a24bbc2188	feat: convert Settings to dropdown menu with sub-items - Convert Settings menu item to dropdown (similar to Contributions) - Add Global Settings and Roles as sub-items - Update German translations: 'Global Settings' and 'Roles'	2026-01-08 16:19:00 +01:00
Moritz	9c8cdb5e17	feat: add user count display for each role - Add Users column showing number of users assigned to each role - Load user counts efficiently in single query to avoid N+1 - Similar implementation to membership fee types member count	2026-01-08 16:18:07 +01:00
Moritz	36858db97c	feat: add German translations for role management	2026-01-08 16:18:04 +01:00
Moritz	7d4bc84ce0	refactor: reduce nesting depth in RoleLive.Index.mount Extract role loading logic into separate private functions to fix Credo warning about nested function body.	2026-01-08 16:16:54 +01:00
Moritz	2f03f7c00c	feat: assign admin role to admin user in seeds - Create Admin role if it doesn't exist - Assign Admin role to admin@mv.local user - Remove separate create_admin_role script (integrated into seeds)	2026-01-08 16:16:54 +01:00

1 2 3 4 5 ...

765 commits