local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Compare commits

base: local-it:6e13a3aa341234de522d2f716ee95f0e50123488
Branches Tags
local-it:main
local-it:renovate/renovate-renovate-43.x
local-it:renovate/ghcr.io-sebadob-rauthy-0.x
local-it:renovate/mix-dependencies
local-it:feature/export_csv
local-it:feature/ui-for-adding-members-groups
local-it:feature/373-member-view-groups-integration
local-it:speed-up-drone
local-it:persist-sort-order
local-it:feature/128_playwright_a11y_test
local-it:feature/backpex-migration
local-it:feature/backpex_translation
local-it:feature/36_add_primerlive
..
compare: local-it:f0134f00eeb7b1f2424be554600779b92a8e4bb8
Branches Tags
local-it:renovate/renovate-renovate-43.x
local-it:renovate/ghcr.io-sebadob-rauthy-0.x
local-it:renovate/mix-dependencies
local-it:main
local-it:feature/export_csv
local-it:feature/ui-for-adding-members-groups
local-it:feature/373-member-view-groups-integration
local-it:speed-up-drone
local-it:persist-sort-order
local-it:feature/128_playwright_a11y_test
local-it:feature/backpex-migration
local-it:feature/backpex_translation
local-it:feature/36_add_primerlive

1 commit
6e13a3aa34 ... f0134f00ee

Author SHA1 Message Date
Moritz
f0134f00ee Docs: note User-Member Linking enforcement in code
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details 
- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI
 2026-01-30 11:13:41 +01:00
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/mv/authorization/permission_sets.ex
View file

@ -120,6 +120,7 @@ defmodule Mv.Authorization.PermissionSets do
pages: [ pages: [
# No "/" - Mitglied must not see member index at root (same content as /members). # No "/" - Mitglied must not see member index at root (same content as /members).
# Own profile (sidebar links to /users/:id) and own user edit # Own profile (sidebar links to /users/:id) and own user edit
"/profile",
"/users/:id", "/users/:id",
"/users/:id/edit", "/users/:id/edit",
"/users/:id/show/edit", "/users/:id/show/edit",
@ -155,6 +156,7 @@ defmodule Mv.Authorization.PermissionSets do
pages: [ pages: [
"/", "/",
# Own profile (sidebar links to /users/:id; redirect target must be allowed) # Own profile (sidebar links to /users/:id; redirect target must be allowed)
"/profile",
"/users/:id", "/users/:id",
"/users/:id/edit", "/users/:id/edit",
"/users/:id/show/edit", "/users/:id/show/edit",
@ -204,6 +206,7 @@ defmodule Mv.Authorization.PermissionSets do
pages: [ pages: [
"/", "/",
# Own profile (sidebar links to /users/:id; redirect target must be allowed) # Own profile (sidebar links to /users/:id; redirect target must be allowed)
"/profile",
"/users/:id", "/users/:id",
"/users/:id/edit", "/users/:id/edit",
"/users/:id/show/edit", "/users/:id/show/edit",

2
lib/mv_web/live/user_live/form.ex
View file

@ -95,7 +95,7 @@ defmodule MvWeb.UserLive.Form do
</ul> </ul>
</div> </div>
<%= if @user && @can_manage_member_linking do %> <%= if @user do %>
<div class="p-3 mt-3 border border-orange-200 rounded bg-orange-50"> <div class="p-3 mt-3 border border-orange-200 rounded bg-orange-50">
<p class="text-sm text-orange-800"> <p class="text-sm text-orange-800">
<strong>{gettext("Admin Note")}:</strong> {gettext( <strong>{gettext("Admin Note")}:</strong> {gettext(