Comparing bfe9fba2e0..c48feb2128 - local-it/mitgliederverwaltung - Git with solidaritea

local-it/mitgliederverwaltung

Author	SHA1	Message	Date
Moritz	c48feb2128	Docs: document bypass read rule for CustomFieldValue pattern All checks were successful continuous-integration/drone/push Build is passing Details - Bypass action_type(:read) is production-side rule: reading own CFVs always allowed, overrides Permission-Sets. Applies to get/list/load.	2026-01-27 15:44:44 +01:00
Moritz	6e01af10f5	CFV policies test: system_actor for setup, verify destroy with actor - create_linked_member_for_user and create_unlinked_member use actor (system_actor) directly instead of creating admin user per call - Remove create_admin_user helper - After destroy, verify with Ash.get(..., actor: actor) to avoid false positive from Forbidden vs NotFound	2026-01-27 15:44:43 +01:00
Moritz	185ccb0217	HasPermission: remove unused _authorizer from strict_check helper	2026-01-27 15:44:40 +01:00
Moritz	1fb65ace8d	CustomFieldValue: remove unused require Ash.Query	2026-01-27 15:44:39 +01:00
Moritz	5d82769d2d	CustomFieldValueCreateScope: use get_argument_or_attribute for member_id - Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works when set as attribute or argument - Remove unused require Logger - Document member_id source in moduledoc	2026-01-27 15:44:38 +01:00
Moritz	ba8c12f3ea	chore: remove start-database from test action All checks were successful continuous-integration/drone/push Build is passing Details	2026-01-27 13:41:33 +01:00
Moritz	7bd4b41546	Document CustomFieldValue policies and own_data create/destroy in architecture Update roles-and-permissions-architecture.md with policy layout and permission matrix for CustomFieldValue (linked).	2026-01-27 13:40:38 +01:00
Moritz	49af921336	Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin) Covers read/update/create/destroy for linked vs unlinked members and CRUD permissions per permission set.	2026-01-27 13:40:34 +01:00
Moritz	62dd939efa	Pass actor to CustomFieldValue destroy and load in existing tests Required after CustomFieldValue gained authorization policies.	2026-01-27 13:40:29 +01:00
Moritz	1afb97b6df	Add authorization policies to CustomFieldValue resource - Authorizer and policies: bypass for read (member_id == actor.member_id), CustomFieldValueCreateScope for create, HasPermission for read/update/destroy. - HasPermission: pass authorizer into strict_check helper; document that create must use a dedicated check (no filter).	2026-01-27 13:40:22 +01:00
Moritz	80efa5b3bd	Add CustomFieldValueCreateScope check for create actions Ash cannot apply filters to create; this check enforces :linked/:all scope via strict_check only (no filter).	2026-01-27 13:40:17 +01:00
Moritz	b93b419246	Add CustomFieldValue create/destroy :linked to own_data permission set Allows members to create and delete custom field values for their linked member.	2026-01-27 13:40:12 +01:00

1 changed files with 0 additions and 1033 deletions

1033

docs/groups-architecture.md

View file

File diff suppressed because it is too large Load diff