local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 72 Pull requests 3 Projects 4 Releases Packages 1 Activity Actions
751 commits 17 branches 0 tags 7.6 MiB
Commit graph

4 commits

Author SHA1 Message Date
Moritz
fecf98dc0e
Security: Fix critical deny-filter bug and improve authorization
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context
 2026-01-08 23:12:54 +01:00
Moritz
6cd18545bd
Fix: HasPermission auto_filter and strict_check implementation 
Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.
 2026-01-08 22:55:24 +01:00
Moritz
f7cda66598
test: add Member resource policy tests 2026-01-08 21:22:15 +01:00
Moritz
db0a187058
fix: correct relationship filter paths in HasPermission check
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Use user.id instead of user_id for Member linked scope
- Use member.user.id for CustomFieldValue linked scope
- Add lazy logger evaluation
- Improve action nil handling
- Add integration tests for filter expressions
 2026-01-08 17:45:02 +01:00