From 90758191f99da21e3cb2cd033692cf353f868ab2 Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 29 Jan 2026 17:03:07 +0100 Subject: [PATCH 01/84] docs: update groups architecture --- docs/groups-architecture.md | 89 ++++++++++++++++++++++++++++++++++++- 1 file changed, 87 insertions(+), 2 deletions(-) diff --git a/docs/groups-architecture.md b/docs/groups-architecture.md index b2316d8..8251a4b 100644 --- a/docs/groups-architecture.md +++ b/docs/groups-architecture.md @@ -314,9 +314,23 @@ lib/ - Display group name and description - List all members in group - Link to member detail pages +- Add members to group (via modal with search/autocomplete) +- Remove members from group (via remove button per member) - Edit group button (navigates to `/groups/:slug/edit`) - Delete group button (with confirmation modal) +**Add Member Functionality:** +- "Add Member" button displayed above member table (only for users with `:update` permission) +- Opens modal with member search/autocomplete +- Search filters out members already in the group +- Selecting a member adds them to the group immediately +- Success/error flash messages provide feedback + +**Remove Member Functionality:** +- "Remove" button (icon button) for each member in table (only for users with `:update` permission) +- Clicking remove immediately removes member from group (no confirmation dialog) +- Success/error flash messages provide feedback + **Note:** Uses slug for routing to provide URL-friendly, readable group URLs (e.g., `/groups/board-members`). ### Group Form Pages @@ -752,6 +766,7 @@ Each functional unit can be implemented as a **separate issue**: - **Issue 4:** Groups in Member Detail (Unit 5) - **Issue 5:** Groups in Member Search (Unit 6) - **Issue 6:** Permissions (Unit 7) +- **Issue 7:** Add/Remove Members in Group Detail View **Alternative:** Issues 3 and 4 can be combined, as they both concern the display of groups. @@ -797,6 +812,27 @@ Each functional unit can be implemented as a **separate issue**: **Estimation:** 3-4h +### Phase 2a: Add/Remove Members in Group Detail View + +**Goal:** Enable adding and removing members from groups via UI + +**Tasks:** +1. Add "Add Member" button above member table in Group Detail View +2. Implement modal with member search/autocomplete +3. Add "Remove" button for each member in table +4. Implement add/remove functionality with flash messages +5. Ensure proper authorization checks + +**Deliverables:** +- Members can be added to groups via UI +- Members can be removed from groups via UI +- Proper feedback via flash messages +- Authorization enforced + +**Estimation:** 2-3h + +**Note:** This phase extends Phase 2 and can be implemented as Issue 7 after Issue 2 is complete. + ### Phase 3: Member Overview Integration **Goal:** Display and filter groups in member overview @@ -863,9 +899,9 @@ Each functional unit can be implemented as a **separate issue**: **Estimation:** 1-2h -### Total Estimation: 13-18h +### Total Estimation: 15-21h -**Note:** This aligns with the issue estimation of 15h. +**Note:** This includes all 7 issues. The original MVP estimation was 13-15h, with Issue 7 adding 2-3h for the add/remove members functionality in the Group Detail View. --- @@ -958,6 +994,55 @@ Each functional unit can be implemented as a **separate issue**: - Only admins can manage groups - All users can view groups (if they can view members) +### Issue 7: Add/Remove Members in Group Detail View +**Type:** Frontend +**Estimation:** 2-3h +**Dependencies:** Issue 1 (Backend must be functional), Issue 2 (Group Detail View must exist) + +**Tasks:** +- Add "Add Member" button above member table in Group Detail View (`/groups/:slug`) +- Implement modal for member selection with search/autocomplete +- Add "Remove" button for each member in the member table +- Implement add member functionality (create MemberGroup association) +- Implement remove member functionality (destroy MemberGroup association) +- Add flash messages for success/error feedback +- Ensure proper authorization checks (only users with `:update` permission on Group can add/remove) +- Filter out members already in the group from search results +- Reload group data after add/remove operations + +**Acceptance Criteria:** +- "Add Member" button is visible above member table (only for users with `:update` permission) +- Clicking "Add Member" opens a modal with member search/autocomplete +- Search filters members and excludes those already in the group +- Selecting a member from search adds them to the group +- Success flash message is displayed when member is added +- Error flash message is displayed if member is already in group or other error occurs +- Each member row in the table has a "Remove" button (only visible for users with `:update` permission) +- Clicking "Remove" immediately removes the member from the group (no confirmation dialog) +- Success flash message is displayed when member is removed +- Group member list and member count update automatically after add/remove +- Modal closes after successful member addition +- Authorization is enforced server-side in event handlers +- UI respects permission checks (buttons hidden for unauthorized users) + +**Technical Notes:** +- Reuse member search pattern from `UserLive.Form` (ComboBox hook with autocomplete) +- Use `Membership.create_member_group/1` for adding members +- Use `Membership.destroy_member_group/1` for removing members +- Filter search results to exclude members already in the group (check `group.members`) +- Reload group with `:members` and `:member_count` after operations +- Follow existing modal patterns (similar to delete confirmation modal) +- Ensure accessibility: proper ARIA labels, keyboard navigation, focus management + +**UI/UX Details:** +- Modal title: "Add Member to Group" +- Search input placeholder: "Search for a member..." +- Search results show member name and email +- "Add" button in modal (disabled until member selected) +- "Cancel" button to close modal +- Remove button can be an icon button (trash icon) with tooltip +- Flash messages: "Member added successfully" / "Member removed successfully" / error messages + --- ## Testing Strategy From a536485b303c0df82d59ee129770896c2f48fa39 Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 29 Jan 2026 17:12:43 +0100 Subject: [PATCH 02/84] test: add tdd tests for group member add functionality --- .../group_live/show_accessibility_test.exs | 305 ++++++++++++ .../live/group_live/show_add_member_test.exs | 465 ++++++++++++++++++ .../show_add_remove_members_test.exs | 159 ++++++ .../group_live/show_authorization_test.exs | 265 ++++++++++ .../live/group_live/show_integration_test.exs | 427 ++++++++++++++++ .../group_live/show_member_search_test.exs | 339 +++++++++++++ .../group_live/show_remove_member_test.exs | 333 +++++++++++++ 7 files changed, 2293 insertions(+) create mode 100644 test/mv_web/live/group_live/show_accessibility_test.exs create mode 100644 test/mv_web/live/group_live/show_add_member_test.exs create mode 100644 test/mv_web/live/group_live/show_add_remove_members_test.exs create mode 100644 test/mv_web/live/group_live/show_authorization_test.exs create mode 100644 test/mv_web/live/group_live/show_integration_test.exs create mode 100644 test/mv_web/live/group_live/show_member_search_test.exs create mode 100644 test/mv_web/live/group_live/show_remove_member_test.exs diff --git a/test/mv_web/live/group_live/show_accessibility_test.exs b/test/mv_web/live/group_live/show_accessibility_test.exs new file mode 100644 index 0000000..ff8a5dd --- /dev/null +++ b/test/mv_web/live/group_live/show_accessibility_test.exs @@ -0,0 +1,305 @@ +defmodule MvWeb.GroupLive.ShowAccessibilityTest do + @moduledoc """ + Accessibility tests for Add/Remove Member functionality. + Tests ARIA labels, keyboard navigation, and screen reader support. + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + describe "ARIA labels and roles" do + test "modal has role='dialog' with aria-labelledby and aria-describedby", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + html = render(view) + + # Modal should have proper ARIA attributes + assert html =~ ~r/role=["']dialog["']/ || + html =~ ~r/aria-labelledby/ || + html =~ ~r/aria-describedby/ + end + + test "search input has correct aria-label and aria-autocomplete attributes", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + html = render(view) + + # Search input should have ARIA attributes + assert html =~ ~r/aria-label.*[Ss]earch.*member/ || + html =~ ~r/aria-autocomplete=["']list["']/ + end + + test "remove button has aria-label with tooltip text", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Alice", + last_name: "Smith", + email: "alice@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + html = render(view) + + # Remove button should have aria-label + assert html =~ ~r/aria-label.*[Rr]emove/ || + html =~ ~r/aria-label.*member/i + end + + test "add button has correct aria-label", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + html = render(view) + + # Add button should have aria-label + assert html =~ ~r/aria-label.*[Aa]dd/ || + html =~ ~r/button.*[Aa]dd/ + end + end + + describe "keyboard navigation" do + test "tab navigation works in modal", %{conn: conn} do + # This test verifies that keyboard navigation is possible + # Actual tab order testing would require more complex setup + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + html = render(view) + + # Modal should have focusable elements + assert html =~ ~r/input|button/ || + html =~ "#member-search-input" + end + + test "escape key closes modal", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + assert has_element?(view, "#add-member-modal") || + has_element?(view, "[role='dialog']") + + # Send escape key event (if implemented) + # Note: Implementation should handle phx-window-keydown="escape" or similar + # For now, we verify modal can be closed via Cancel button + view + |> element("button", "Cancel") + |> render_click() + + refute has_element?(view, "#add-member-modal") + end + + test "enter/space activates buttons when focused", %{conn: conn} do + # This test verifies that buttons can be activated via keyboard + # Actual keyboard event testing would require more complex setup + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Bob", + last_name: "Jones", + email: "bob@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Select member + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Bob"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + # Add button should be enabled and clickable + view + |> element("button", "Add") + |> render_click() + + # Should succeed + html = render(view) + assert html =~ "Bob" || html =~ gettext("Member added successfully") + end + + test "focus management: focus is set to modal when opened", %{conn: conn} do + # This test verifies that focus is properly managed + # When modal opens, focus should move to modal (first focusable element) + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + html = render(view) + + # Modal should be visible and focusable + assert html =~ "#member-search-input" || + html =~ ~r/autofocus|tabindex/ + end + end + + describe "screen reader support" do + test "modal title is properly associated", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + html = render(view) + + # Modal should have title + assert html =~ gettext("Add Member to Group") || + html =~ ~r/ element("button", "Add Member") + |> render_click() + + # Search + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Charlie"}) + + html = render(view) + + # Search results should have proper ARIA attributes + assert html =~ ~r/role=["']listbox["']/ || + html =~ ~r/role=["']option["']/ || + html =~ "Charlie" + end + + test "flash messages are properly announced", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Wilson", + email: "david@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Add member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "David"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + html = render(view) + + # Flash message should have proper ARIA attributes for screen readers + assert html =~ gettext("Member added successfully") || + html =~ ~r/role=["']status["']/ || + html =~ ~r/aria-live/ + end + end +end diff --git a/test/mv_web/live/group_live/show_add_member_test.exs b/test/mv_web/live/group_live/show_add_member_test.exs new file mode 100644 index 0000000..417695d --- /dev/null +++ b/test/mv_web/live/group_live/show_add_member_test.exs @@ -0,0 +1,465 @@ +defmodule MvWeb.GroupLive.ShowAddMemberTest do + @moduledoc """ + Tests for adding members to groups via the Add Member modal. + Tests successful add, error handling, and edge cases. + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + describe "successful add member" do + test "member is added to group after selection and clicking Add", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Alice", + last_name: "Johnson", + email: "alice@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Search and select member + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Alice"}) + + # Select member + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + # Click Add button + view + |> element("button", "Add") + |> render_click() + + # Success flash message should be displayed + assert render(view) =~ gettext("Member added successfully") || + render(view) =~ ~r/member.*added.*successfully/i + + # Verify member appears in group list + html = render(view) + assert html =~ "Alice" + assert html =~ "Johnson" + end + + test "success flash message is displayed when member is added", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Bob", + last_name: "Smith", + email: "bob@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal and add member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Bob"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + html = render(view) + + assert html =~ gettext("Member added successfully") || + html =~ ~r/member.*added.*successfully/i + end + + test "group member list updates automatically after add", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Charlie", + last_name: "Brown", + email: "charlie@example.com" + }, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Initially member should NOT be in list + refute html =~ "Charlie" + + # Add member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Charlie"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Member should now appear in list + html = render(view) + assert html =~ "Charlie" + assert html =~ "Brown" + end + + test "member count updates automatically after add", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Wilson", + email: "david@example.com" + }, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Get initial count (should be 0) + initial_count = extract_member_count(html) + + # Add member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "David"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Count should have increased + html = render(view) + new_count = extract_member_count(html) + assert new_count == initial_count + 1 + end + + test "modal closes after successful member addition", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Eve", + last_name: "Davis", + email: "eve@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + assert has_element?(view, "#add-member-modal") || + has_element?(view, "[role='dialog']") + + # Add member + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Eve"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Modal should be closed + refute has_element?(view, "#add-member-modal") + end + end + + describe "error handling" do + test "error flash message when member is already in group", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Frank", + last_name: "Moore", + email: "frank@example.com" + }, + actor: system_actor + ) + + # Add member to group first + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Try to add same member again + view + |> element("button", "Add Member") + |> render_click() + + # Member should not appear in search (filtered out) + # But if they do appear somehow, try to add them + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Frank"}) + + # If member appears in results (shouldn't), try to add + # This tests the server-side duplicate prevention + if has_element?(view, "[data-member-id='#{member.id}']") do + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Should show error + html = render(view) + assert html =~ gettext("already in group") || html =~ ~r/already.*group|duplicate/i + end + end + + test "error flash message for other errors", %{conn: conn} do + # This test verifies that error handling works for unexpected errors + # We can't easily simulate all error cases, but we test the error path exists + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Try to add with invalid member ID (if possible) + # This tests error handling path + # Note: Actual implementation will handle this + end + + test "modal remains open on error (user can correct)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Grace", + last_name: "Taylor", + email: "grace@example.com" + }, + actor: system_actor + ) + + # Add member first + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Modal should be open + assert has_element?(view, "#add-member-modal") || + has_element?(view, "[role='dialog']") + + # If error occurs, modal should remain open + # (Implementation will handle this) + end + + test "Add button remains disabled until member selected", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Add button should be disabled + html = render(view) + + assert html =~ ~r/disabled.*Add|Add.*disabled/ || + has_element?(view, "button[disabled]", "Add") + end + end + + describe "edge cases" do + test "add works for group with 0 members", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Henry", + last_name: "Anderson", + email: "henry@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Add member to empty group + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Henry"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Member should be added + html = render(view) + assert html =~ "Henry" + end + + test "add works when member is already in other groups", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group1 = Fixtures.group_fixture() + group2 = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Isabel", + last_name: "Martinez", + email: "isabel@example.com" + }, + actor: system_actor + ) + + # Add member to group1 + Membership.create_member_group(%{member_id: member.id, group_id: group1.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group2.slug}") + + # Add same member to group2 (should work) + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Isabel"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Member should be added to group2 + html = render(view) + assert html =~ "Isabel" + end + end + + # Helper function to extract member count from HTML + defp extract_member_count(html) do + case Regex.run(~r/Total:\s*(\d+)/, html) do + [_, count_str] -> String.to_integer(count_str) + _ -> 0 + end + end +end diff --git a/test/mv_web/live/group_live/show_add_remove_members_test.exs b/test/mv_web/live/group_live/show_add_remove_members_test.exs new file mode 100644 index 0000000..6bc5996 --- /dev/null +++ b/test/mv_web/live/group_live/show_add_remove_members_test.exs @@ -0,0 +1,159 @@ +defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do + @moduledoc """ + UI tests for Add/Remove Member buttons visibility and modal display. + Tests UI rendering and permission-based visibility. + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + describe "Add Member button visibility" do + test "Add Member button is visible for users with :update permission", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + assert html =~ gettext("Add Member") or html =~ "Add Member" + end + + @tag role: :member + test "Add Member button is NOT visible for users without :update permission", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + refute html =~ gettext("Add Member") + end + + test "Add Member button is positioned above member table", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Button should exist + assert has_element?(view, "button", gettext("Add Member")) || + has_element?(view, "a", gettext("Add Member")) + end + end + + describe "Remove button visibility" do + test "Remove button is visible for each member for users with :update permission", %{ + conn: conn + } do + group = Fixtures.group_fixture() + member = Fixtures.member_fixture(%{first_name: "Alice", last_name: "Smith"}) + system_actor = Mv.Helpers.SystemActor.get_system_actor() + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove button should exist (can be icon button with trash icon) + html = render(view) + + assert html =~ "Remove" or html =~ "remove" or html =~ "trash" or + html =~ ~r/hero-trash|hero-x-mark/ + end + + @tag role: :member + test "Remove button is NOT visible for users without :update permission", %{conn: conn} do + group = Fixtures.group_fixture() + member = Fixtures.member_fixture(%{first_name: "Bob", last_name: "Jones"}) + system_actor = Mv.Helpers.SystemActor.get_system_actor() + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + # Remove button should NOT exist + refute html =~ "Remove" or html =~ "remove" + end + end + + describe "modal display" do + test "modal opens when Add Member button is clicked", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Click Add Member button + view + |> element("button", gettext("Add Member")) + |> render_click() + + # Modal should be visible + assert has_element?(view, "#add-member-modal") || + has_element?(view, "[role='dialog']") + end + + test "modal has correct title: Add Member to Group", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", gettext("Add Member")) + |> render_click() + + html = render(view) + assert html =~ gettext("Add Member to Group") + end + + test "modal has search input with correct placeholder", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", gettext("Add Member")) + |> render_click() + + html = render(view) + + assert html =~ gettext("Search for a member...") || + html =~ ~r/search.*member/i + end + + test "modal has Add button (disabled until member selected)", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", gettext("Add Member")) + |> render_click() + + html = render(view) + # Add button should exist and be disabled initially + assert html =~ gettext("Add") || html =~ "Add" + # Button should be disabled + assert has_element?(view, "button[disabled]", gettext("Add")) || + html =~ ~r/disabled.*Add|Add.*disabled/ + end + + test "modal has Cancel button", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", gettext("Add Member")) + |> render_click() + + html = render(view) + assert html =~ gettext("Cancel") || html =~ "Cancel" + end + end +end diff --git a/test/mv_web/live/group_live/show_authorization_test.exs b/test/mv_web/live/group_live/show_authorization_test.exs new file mode 100644 index 0000000..0869c21 --- /dev/null +++ b/test/mv_web/live/group_live/show_authorization_test.exs @@ -0,0 +1,265 @@ +defmodule MvWeb.GroupLive.ShowAuthorizationTest do + @moduledoc """ + Tests for authorization and security in Add/Remove Member functionality. + Tests server-side authorization checks and UI permission enforcement. + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + describe "server-side authorization" do + test "add member event handler checks :update permission", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Alice", + last_name: "Smith", + email: "alice@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal and try to add member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Alice"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + # Try to add (should succeed for admin) + view + |> element("button", "Add") + |> render_click() + + # Should succeed (admin has :update permission) + html = render(view) + + assert html =~ gettext("Member added successfully") || + html =~ ~r/member.*added.*successfully/i || + html =~ "Alice" + end + + @tag role: :member + test "unauthorized user cannot add member (server-side check)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Bob", + last_name: "Jones", + email: "bob@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Try to trigger add event directly (even if button is hidden) + # This tests server-side authorization + # Note: If button is hidden, we can't click it, but we test the event handler + # by trying to send the event directly if possible + + # For now, we verify that the button is not visible + html = render(view) + refute html =~ "Add Member" + end + + test "remove member event handler checks :update permission", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Charlie", + last_name: "Brown", + email: "charlie@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove member (should succeed for admin) + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Should succeed + html = render(view) + + assert html =~ gettext("Member removed successfully") || + html =~ ~r/member.*removed.*successfully/i + end + + @tag role: :member + test "unauthorized user cannot remove member (server-side check)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Wilson", + email: "david@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove button should not be visible + html = render(view) + refute html =~ "Remove" || html =~ "remove" + end + + test "error flash message on unauthorized access", %{conn: conn} do + # This test verifies that error messages are shown for unauthorized access + # Implementation will handle this in event handlers + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, _view, _html} = live(conn, "/groups/#{group.slug}") + + # For admin, should not see error + # For non-admin, buttons are hidden (UI-level check) + # Server-side check will show error if event is somehow triggered + end + end + + describe "UI permission checks" do + test "buttons are hidden for unauthorized users", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Eve", + last_name: "Davis", + email: "eve@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + # Admin should see buttons + assert html =~ "Add Member" || html =~ "Remove" + end + + @tag role: :member + test "Add Member button is hidden for read-only users", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + # Read-only user should NOT see Add Member button + refute html =~ "Add Member" + end + + @tag role: :member + test "Remove button is hidden for read-only users", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Frank", + last_name: "Moore", + email: "frank@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + # Read-only user should NOT see Remove button + refute html =~ "Remove" || html =~ "remove" + end + + @tag role: :member + test "modal cannot be opened for unauthorized users", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, _view, html} = live(conn, "/groups/#{group.slug}") + + # Modal should not be accessible (button hidden) + refute html =~ "Add Member" + refute html =~ "#add-member-modal" + end + end + + describe "security edge cases" do + test "slug injection attempts are prevented", %{conn: conn} do + # Try to inject malicious content in slug + malicious_slug = "'; DROP TABLE groups; --" + + result = live(conn, "/groups/#{malicious_slug}") + + # Should not execute SQL, should return 404 or error + assert match?({:error, {:redirect, %{to: "/groups"}}}, result) || + match?({:error, {:live_redirect, %{to: "/groups"}}}, result) + end + + test "non-existent member IDs are handled", %{conn: conn} do + group = Fixtures.group_fixture() + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Try to add non-existent member (if possible) + # Implementation should handle this gracefully + # This tests error handling for invalid IDs + end + + test "non-existent group IDs are handled", %{conn: conn} do + # Accessing non-existent group should redirect + non_existent_slug = "non-existent-group-#{System.unique_integer([:positive])}" + + result = live(conn, "/groups/#{non_existent_slug}") + + assert match?({:error, {:redirect, %{to: "/groups"}}}, result) || + match?({:error, {:live_redirect, %{to: "/groups"}}}, result) + end + end +end diff --git a/test/mv_web/live/group_live/show_integration_test.exs b/test/mv_web/live/group_live/show_integration_test.exs new file mode 100644 index 0000000..9509f2a --- /dev/null +++ b/test/mv_web/live/group_live/show_integration_test.exs @@ -0,0 +1,427 @@ +defmodule MvWeb.GroupLive.ShowIntegrationTest do + @moduledoc """ + Integration tests for Add/Remove Member functionality. + Tests data consistency, database operations, and multiple operations. + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + describe "data consistency" do + test "member appears in group after add (verified in database)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Alice", + last_name: "Smith", + email: "alice@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Add member via UI + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Alice"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Verify in database + require Ash.Query + + query = + Mv.Membership.Group + |> Ash.Query.filter(slug == ^group.slug) + |> Ash.Query.load([:members]) + + {:ok, updated_group} = Ash.read_one(query, actor: system_actor, domain: Mv.Membership) + + # Member should be in group + assert Enum.any?(updated_group.members, &(&1.id == member.id)) + end + + test "member disappears from group after remove (verified in database)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Bob", + last_name: "Jones", + email: "bob@example.com" + }, + actor: system_actor + ) + + # Add member to group + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove member via UI + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Verify in database + require Ash.Query + + query = + Mv.Membership.Group + |> Ash.Query.filter(slug == ^group.slug) + |> Ash.Query.load([:members]) + + {:ok, updated_group} = Ash.read_one(query, actor: system_actor, domain: Mv.Membership) + + # Member should NOT be in group + refute Enum.any?(updated_group.members, &(&1.id == member.id)) + end + + test "MemberGroup association is created correctly", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Charlie", + last_name: "Brown", + email: "charlie@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Add member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Charlie"}) + + view + |> element("[data-member-id='#{member.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Verify MemberGroup association exists + require Ash.Query + + {:ok, member_groups} = + Ash.read( + Mv.Membership.MemberGroup + |> Ash.Query.filter(member_id == ^member.id and group_id == ^group.id), + actor: system_actor, + domain: Mv.Membership + ) + + assert length(member_groups) == 1 + assert hd(member_groups).member_id == member.id + assert hd(member_groups).group_id == group.id + end + + test "MemberGroup association is deleted correctly", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Wilson", + email: "david@example.com" + }, + actor: system_actor + ) + + # Add member first + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Verify MemberGroup association is deleted + require Ash.Query + + {:ok, member_groups} = + Ash.read( + Mv.Membership.MemberGroup + |> Ash.Query.filter(member_id == ^member.id and group_id == ^group.id), + actor: system_actor, + domain: Mv.Membership + ) + + assert member_groups == [] + end + + test "member itself is NOT deleted (only association)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Eve", + last_name: "Davis", + email: "eve@example.com" + }, + actor: system_actor + ) + + # Add member to group + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove member from group + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Verify member still exists + {:ok, member_after_remove} = + Ash.get(Mv.Membership.Member, member.id, actor: system_actor) + + assert member_after_remove.id == member.id + assert member_after_remove.first_name == "Eve" + end + end + + describe "multiple operations" do + test "multiple members can be added sequentially", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member1} = + Membership.create_member( + %{ + first_name: "Frank", + last_name: "Moore", + email: "frank@example.com" + }, + actor: system_actor + ) + + {:ok, member2} = + Membership.create_member( + %{ + first_name: "Grace", + last_name: "Taylor", + email: "grace@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Add first member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Frank"}) + + view + |> element("[data-member-id='#{member1.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Add second member + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Grace"}) + + view + |> element("[data-member-id='#{member2.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Both members should be in list + html = render(view) + assert html =~ "Frank" + assert html =~ "Grace" + end + + test "multiple members can be removed sequentially", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member1} = + Membership.create_member( + %{ + first_name: "Henry", + last_name: "Anderson", + email: "henry@example.com" + }, + actor: system_actor + ) + + {:ok, member2} = + Membership.create_member( + %{ + first_name: "Isabel", + last_name: "Martinez", + email: "isabel@example.com" + }, + actor: system_actor + ) + + # Add both members + Membership.create_member_group(%{member_id: member1.id, group_id: group.id}, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member2.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Both should be in list initially + assert html =~ "Henry" + assert html =~ "Isabel" + + # Remove first member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Remove second member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Both should be removed + html = render(view) + refute html =~ "Henry" + refute html =~ "Isabel" + end + + test "add and remove can be mixed", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member1} = + Membership.create_member( + %{ + first_name: "Jack", + last_name: "White", + email: "jack@example.com" + }, + actor: system_actor + ) + + {:ok, member2} = + Membership.create_member( + %{ + first_name: "Kate", + last_name: "Black", + email: "kate@example.com" + }, + actor: system_actor + ) + + # Add member1 first + Membership.create_member_group(%{member_id: member1.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Add member2 + view + |> element("button", "Add Member") + |> render_click() + + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Kate"}) + + view + |> element("[data-member-id='#{member2.id}']") + |> render_click() + + view + |> element("button", "Add") + |> render_click() + + # Remove member1 + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Only member2 should remain + html = render(view) + refute html =~ "Jack" + assert html =~ "Kate" + end + end +end diff --git a/test/mv_web/live/group_live/show_member_search_test.exs b/test/mv_web/live/group_live/show_member_search_test.exs new file mode 100644 index 0000000..e6c8712 --- /dev/null +++ b/test/mv_web/live/group_live/show_member_search_test.exs @@ -0,0 +1,339 @@ +defmodule MvWeb.GroupLive.ShowMemberSearchTest do + @moduledoc """ + UI tests for member search functionality in Add Member modal. + Tests search behavior and filtering of members already in group. + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + # Helper to setup authenticated connection for admin + defp setup_admin_conn(conn) do + conn_with_oidc_user(conn, %{email: "admin@example.com"}) + end + + describe "search functionality" do + test "search finds member by exact name", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Jonathan", + last_name: "Smith", + email: "jonathan.smith@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Type exact name + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Jonathan"}) + + html = render(view) + + assert html =~ "Jonathan" + assert html =~ "Smith" + end + + test "search finds member by partial name (fuzzy)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + {:ok, _member} = + Membership.create_member( + %{ + first_name: "Jonathan", + last_name: "Smith", + email: "jonathan.smith@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Type partial name + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Jon"}) + + html = render(view) + + # Fuzzy search should find Jonathan + assert html =~ "Jonathan" + assert html =~ "Smith" + end + + test "search finds member by email", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Alice", + last_name: "Johnson", + email: "alice.johnson@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Search by email + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "alice.johnson"}) + + html = render(view) + + assert html =~ "Alice" + assert html =~ "Johnson" + assert html =~ "alice.johnson@example.com" + end + + test "dropdown shows member name and email", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Bob", + last_name: "Williams", + email: "bob@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Focus and search + view + |> element("#member-search-input") + |> render_focus() + + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Bob"}) + + html = render(view) + + assert html =~ "Bob" + assert html =~ "Williams" + assert html =~ "bob@example.com" + end + + test "ComboBox hook works (focus opens dropdown)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + {:ok, _member} = + Membership.create_member( + %{ + first_name: "Charlie", + last_name: "Brown", + email: "charlie@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Focus input + view + |> element("#member-search-input") + |> render_focus() + + html = render(view) + + # Dropdown should be visible + assert html =~ ~r/role="listbox"/ || html =~ "listbox" + end + end + + describe "filtering members already in group" do + test "members already in group are NOT shown in search results", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + # Create member and add to group + {:ok, member_in_group} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Miller", + email: "david@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member_in_group.id, group_id: group.id}, + actor: system_actor + ) + + # Create another member NOT in group + {:ok, member_not_in_group} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Anderson", + email: "david.anderson@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Search for "David" + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "David"}) + + html = render(view) + + # Should show David Anderson (not in group) + assert html =~ "Anderson" + # Should NOT show David Miller (already in group) + refute html =~ "Miller" + end + + test "search filters correctly when group has many members", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + # Add multiple members to group + Enum.each(1..5, fn i -> + {:ok, member} = + Membership.create_member( + %{ + first_name: "Member#{i}", + last_name: "InGroup", + email: "member#{i}@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + end) + + # Create member NOT in group + {:ok, member_not_in_group} = + Membership.create_member( + %{ + first_name: "Available", + last_name: "Member", + email: "available@example.com" + }, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Search + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Available"}) + + html = render(view) + + # Should show available member + assert html =~ "Available" + assert html =~ "Member" + # Should NOT show any of the members already in group + refute html =~ "Member1" + refute html =~ "Member2" + end + + test "search shows no results when all available members are already in group", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + conn = setup_admin_conn(conn) + group = Fixtures.group_fixture() + + # Create and add all members to group + {:ok, member} = + Membership.create_member( + %{ + first_name: "Only", + last_name: "Member", + email: "only@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Open modal + view + |> element("button", "Add Member") + |> render_click() + + # Search + view + |> element("#member-search-input") + |> render_change(%{"member_search" => "Only"}) + + html = render(view) + + # Should show no results or empty state + refute html =~ "Only" || html =~ gettext("No members found") || + html =~ ~r/no.*results/i + end + end +end diff --git a/test/mv_web/live/group_live/show_remove_member_test.exs b/test/mv_web/live/group_live/show_remove_member_test.exs new file mode 100644 index 0000000..52c9dc8 --- /dev/null +++ b/test/mv_web/live/group_live/show_remove_member_test.exs @@ -0,0 +1,333 @@ +defmodule MvWeb.GroupLive.ShowRemoveMemberTest do + @moduledoc """ + Tests for removing members from groups via the Remove button. + Tests successful remove, edge cases, and immediate removal (no confirmation). + """ + + use MvWeb.ConnCase, async: false + import Phoenix.LiveViewTest + use Gettext, backend: MvWeb.Gettext + + alias Mv.Membership + alias Mv.Fixtures + + describe "successful remove member" do + test "member is removed from group after clicking Remove", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Alice", + last_name: "Smith", + email: "alice@example.com" + }, + actor: system_actor + ) + + # Add member to group + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Member should be in list initially + assert html =~ "Alice" + + # Click Remove button + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Success flash message should be displayed + html = render(view) + + assert html =~ gettext("Member removed successfully") || + html =~ ~r/member.*removed.*successfully/i + + # Member should no longer be in list + refute html =~ "Alice" + end + + test "success flash message is displayed when member is removed", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Bob", + last_name: "Jones", + email: "bob@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + html = render(view) + + assert html =~ gettext("Member removed successfully") || + html =~ ~r/member.*removed.*successfully/i + end + + test "group member list updates automatically after remove", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Charlie", + last_name: "Brown", + email: "charlie@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Member should be in list initially + assert html =~ "Charlie" + + # Remove member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Member should no longer be in list + html = render(view) + refute html =~ "Charlie" + end + + test "member count updates automatically after remove", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member1} = + Membership.create_member( + %{ + first_name: "David", + last_name: "Wilson", + email: "david@example.com" + }, + actor: system_actor + ) + + {:ok, member2} = + Membership.create_member( + %{ + first_name: "Eve", + last_name: "Davis", + email: "eve@example.com" + }, + actor: system_actor + ) + + # Add both members + Membership.create_member_group(%{member_id: member1.id, group_id: group.id}, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member2.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Get initial count (should be 2) + initial_count = extract_member_count(html) + assert initial_count >= 2 + + # Remove one member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Count should have decreased + html = render(view) + new_count = extract_member_count(html) + assert new_count == initial_count - 1 + end + + test "no confirmation dialog appears (immediate removal)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Frank", + last_name: "Moore", + email: "frank@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Click Remove - should remove immediately without confirmation + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # No confirmation modal should appear + refute has_element?(view, "[role='dialog']") || + has_element?(view, "#confirm-remove-modal") + + # Member should be removed + html = render(view) + refute html =~ "Frank" + end + end + + describe "edge cases" do + test "remove works for last member in group (group becomes empty)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Grace", + last_name: "Taylor", + email: "grace@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Member should be in list + assert html =~ "Grace" + + # Remove last member + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Group should show empty state + html = render(view) + + assert html =~ gettext("No members in this group") || + html =~ ~r/no.*members/i + + # Count should be 0 + count = extract_member_count(html) + assert count == 0 + end + + test "remove works when member is in multiple groups (only this group affected)", %{ + conn: conn + } do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group1 = Fixtures.group_fixture() + group2 = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Henry", + last_name: "Anderson", + email: "henry@example.com" + }, + actor: system_actor + ) + + # Add member to both groups + Membership.create_member_group(%{member_id: member.id, group_id: group1.id}, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group2.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group1.slug}") + + # Remove from group1 + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Member should be removed from group1 + html = render(view) + refute html =~ "Henry" + + # Verify member is still in group2 + {:ok, view2, html2} = live(conn, "/groups/#{group2.slug}") + assert html2 =~ "Henry" + end + + test "remove is idempotent (no error if member already removed)", %{conn: conn} do + system_actor = Mv.Helpers.SystemActor.get_system_actor() + group = Fixtures.group_fixture() + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Isabel", + last_name: "Martinez", + email: "isabel@example.com" + }, + actor: system_actor + ) + + Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + actor: system_actor + ) + + {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + + # Remove member first time + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Try to remove again (should not error, just be idempotent) + # Note: Implementation should handle this gracefully + # If button is still visible somehow, try to click again + html = render(view) + + if html =~ "Isabel" do + view + |> element("button[phx-click='remove_member']", "") + |> render_click() + + # Should not crash + assert render(view) + end + end + end + + # Helper function to extract member count from HTML + defp extract_member_count(html) do + case Regex.run(~r/Total:\s*(\d+)/, html) do + [_, count_str] -> String.to_integer(count_str) + _ -> 0 + end + end +end From 7f001c55c5c9a486ea5c71d4cc02c91052ec1e8d Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 3 Feb 2026 11:44:08 +0100 Subject: [PATCH 03/84] feat: add ui to add members to groups --- lib/mv_web/live/group_live/show.ex | 555 +++++++++++++++++- priv/gettext/de/LC_MESSAGES/default.po | 62 ++ priv/gettext/default.pot | 62 ++ .../custom_field_value_validation_test.exs | 2 +- .../member_cycle_calculations_test.exs | 1 - .../member_type_change_integration_test.exs | 1 - .../member_cycle_integration_test.exs | 1 - .../membership_fee_cycle_test.exs | 1 - .../cycle_generator_edge_cases_test.exs | 1 - .../membership_fees/cycle_generator_test.exs | 1 - .../group_live/show_accessibility_test.exs | 84 ++- .../live/group_live/show_add_member_test.exs | 86 +-- .../show_add_remove_members_test.exs | 55 +- .../group_live/show_authorization_test.exs | 42 +- .../live/group_live/show_integration_test.exs | 35 +- .../group_live/show_member_search_test.exs | 82 +-- .../group_live/show_remove_member_test.exs | 49 +- test/mv_web/live/user_live/show_test.exs | 2 - test/mv_web/user_live/index_test.exs | 2 +- 19 files changed, 881 insertions(+), 243 deletions(-) diff --git a/lib/mv_web/live/group_live/show.ex b/lib/mv_web/live/group_live/show.ex index 0899728..af8582f 100644 --- a/lib/mv_web/live/group_live/show.ex +++ b/lib/mv_web/live/group_live/show.ex @@ -22,7 +22,15 @@ defmodule MvWeb.GroupLive.Show do @impl true def mount(_params, _session, socket) do - {:ok, socket} + {:ok, + socket + |> assign(:show_add_member_input, false) + |> assign(:member_search_query, "") + |> assign(:available_members, []) + |> assign(:selected_member_ids, []) + |> assign(:selected_members, []) + |> assign(:show_member_dropdown, false) + |> assign(:focused_member_index, nil)} end @impl true @@ -122,6 +130,120 @@ defmodule MvWeb.GroupLive.Show do )}

+ <%= if can?(@current_user, :update, Mv.Membership.Group) do %> +
+ <%= if assigns[:show_add_member_input] do %> +
+
+
+
+ <%= for member <- @selected_members do %> + + {MvWeb.Helpers.MemberHelpers.display_name(member)} + + + <% end %> + +
+ + <%= if length(@available_members) > 0 do %> +
+ <%= for {member, index} <- Enum.with_index(@available_members) do %> +
+

+ {MvWeb.Helpers.MemberHelpers.display_name(member)} +

+

+ {member.email || gettext("No email")} +

+
+ <% end %> +
+ <% end %> +
+
+ +
+ <% else %> + <.button + variant="primary" + phx-click="show_add_member_input" + aria-label={gettext("Add Member")} + > + {gettext("Add Member")} + + <% end %> +
+ <% end %> + <%= if Enum.empty?(@group.members || []) do %>

{gettext("No members in this group")}

<% else %> @@ -131,6 +253,9 @@ defmodule MvWeb.GroupLive.Show do {gettext("Name")} {gettext("Email")} + <%= if can?(@current_user, :update, Mv.Membership.Group) do %> + {gettext("Actions")} + <% end %> @@ -156,6 +281,20 @@ defmodule MvWeb.GroupLive.Show do <% end %> + <%= if can?(@current_user, :update, Mv.Membership.Group) do %> + + + + <% end %> <% end %> @@ -236,11 +375,13 @@ defmodule MvWeb.GroupLive.Show do """ end + # Delete Modal Events @impl true def handle_event("open_delete_modal", _params, socket) do {:noreply, assign(socket, show_delete_modal: true, name_confirmation: "")} end + @impl true def handle_event("cancel_delete", _params, socket) do {:noreply, socket @@ -248,10 +389,12 @@ defmodule MvWeb.GroupLive.Show do |> assign(:name_confirmation, "")} end + @impl true def handle_event("update_name_confirmation", %{"name" => name}, socket) do {:noreply, assign(socket, :name_confirmation, name)} end + @impl true def handle_event("confirm_delete", %{"slug" => slug}, socket) do actor = current_actor(socket) group = socket.assigns.group @@ -275,6 +418,416 @@ defmodule MvWeb.GroupLive.Show do end end + # Add Member Events + @impl true + def handle_event("show_add_member_input", _params, socket) do + # Reload group to ensure we have the latest members list + actor = current_actor(socket) + group = socket.assigns.group + socket = reload_group(socket, group.slug, actor) + + {:noreply, + socket + |> assign(:show_add_member_input, true) + |> assign(:member_search_query, "") + |> assign(:available_members, []) + |> assign(:selected_member_ids, []) + |> assign(:selected_members, []) + |> assign(:show_member_dropdown, false) + |> assign(:focused_member_index, nil)} + end + + @impl true + def handle_event("show_member_dropdown", _params, socket) do + # Reload group to ensure we have the latest members list before filtering + actor = current_actor(socket) + group = socket.assigns.group + socket = reload_group(socket, group.slug, actor) + + # Load available members with empty query when input is focused + socket = + socket + |> load_available_members("") + |> assign(:show_member_dropdown, true) + |> assign(:focused_member_index, nil) + + {:noreply, socket} + end + + @impl true + def handle_event("hide_member_dropdown", _params, socket) do + {:noreply, assign(socket, show_member_dropdown: false, focused_member_index: nil)} + end + + @impl true + def handle_event("member_dropdown_keydown", %{"key" => "ArrowDown"}, socket) do + return_if_dropdown_closed(socket, fn -> + max_index = length(socket.assigns.available_members) - 1 + current = socket.assigns.focused_member_index + + new_index = + case current do + nil -> 0 + index when index < max_index -> index + 1 + _ -> current + end + + {:noreply, assign(socket, focused_member_index: new_index)} + end) + end + + @impl true + def handle_event("member_dropdown_keydown", %{"key" => "ArrowUp"}, socket) do + return_if_dropdown_closed(socket, fn -> + current = socket.assigns.focused_member_index + + new_index = + case current do + nil -> 0 + 0 -> 0 + index -> index - 1 + end + + {:noreply, assign(socket, focused_member_index: new_index)} + end) + end + + @impl true + def handle_event("member_dropdown_keydown", %{"key" => "Enter"}, socket) do + return_if_dropdown_closed(socket, fn -> + select_focused_member(socket) + end) + end + + @impl true + def handle_event("member_dropdown_keydown", %{"key" => "Escape"}, socket) do + return_if_dropdown_closed(socket, fn -> + {:noreply, assign(socket, show_member_dropdown: false, focused_member_index: nil)} + end) + end + + @impl true + def handle_event("member_dropdown_keydown", _params, socket) do + # Ignore other keys + {:noreply, socket} + end + + @impl true + def handle_event("search_members", %{"member_search" => query}, socket) do + # Reload group to ensure we have the latest members list before filtering + actor = current_actor(socket) + group = socket.assigns.group + socket = reload_group(socket, group.slug, actor) + + socket = + socket + |> assign(:member_search_query, query) + |> load_available_members(query) + |> assign(:show_member_dropdown, true) + |> assign(:focused_member_index, nil) + + {:noreply, socket} + end + + @impl true + def handle_event("select_member", %{"id" => member_id}, socket) do + # Check if member is already selected + if member_id in socket.assigns.selected_member_ids do + {:noreply, socket} + else + # Find the selected member + selected_member = Enum.find(socket.assigns.available_members, &(&1.id == member_id)) + + if selected_member do + socket = + socket + |> assign(:selected_member_ids, [member_id | socket.assigns.selected_member_ids]) + |> assign(:selected_members, [selected_member | socket.assigns.selected_members]) + |> assign(:member_search_query, "") + |> assign(:show_member_dropdown, false) + |> assign(:focused_member_index, nil) + + {:noreply, socket} + else + {:noreply, socket} + end + end + end + + @impl true + def handle_event("remove_selected_member", %{"member_id" => member_id}, socket) do + socket = + socket + |> assign(:selected_member_ids, List.delete(socket.assigns.selected_member_ids, member_id)) + |> assign( + :selected_members, + Enum.reject(socket.assigns.selected_members, &(&1.id == member_id)) + ) + + {:noreply, socket} + end + + @impl true + def handle_event("add_selected_members", _params, socket) do + actor = current_actor(socket) + group = socket.assigns.group + + # Server-side authorization check + if can?(actor, :update, group) do + perform_add_members(socket, group, socket.assigns.selected_member_ids, actor) + else + {:noreply, + socket + |> put_flash(:error, gettext("Not authorized.")) + |> redirect(to: ~p"/groups/#{group.slug}")} + end + end + + @impl true + def handle_event("remove_member", %{"member_id" => member_id}, socket) do + actor = current_actor(socket) + group = socket.assigns.group + + # Server-side authorization check + if can?(actor, :update, group) do + perform_remove_member(socket, group, member_id, actor) + else + {:noreply, + socket + |> put_flash(:error, gettext("Not authorized.")) + |> redirect(to: ~p"/groups/#{group.slug}")} + end + end + + # Helper functions + defp return_if_dropdown_closed(socket, fun) do + if socket.assigns.show_member_dropdown do + fun.() + else + {:noreply, socket} + end + end + + defp select_focused_member(socket) do + case socket.assigns.focused_member_index do + nil -> + {:noreply, socket} + + index -> + select_member_by_index(socket, index) + end + end + + defp select_member_by_index(socket, index) do + case Enum.at(socket.assigns.available_members, index) do + nil -> + {:noreply, socket} + + member -> + add_member_to_selection(socket, member) + end + end + + defp add_member_to_selection(socket, member) do + # Check if member is already selected + if member.id in socket.assigns.selected_member_ids do + {:noreply, socket} + else + socket = + socket + |> assign(:selected_member_ids, [member.id | socket.assigns.selected_member_ids]) + |> assign(:selected_members, [member | socket.assigns.selected_members]) + |> assign(:member_search_query, "") + |> assign(:show_member_dropdown, false) + |> assign(:focused_member_index, nil) + + {:noreply, socket} + end + end + + defp load_available_members(socket, query) do + require Ash.Query + + base_query = available_members_base_query(query) + limited_query = Ash.Query.limit(base_query, 10) + actor = current_actor(socket) + + case Ash.read(limited_query, actor: actor, domain: Mv.Membership) do + {:ok, members} -> + current_member_ids = group_member_ids_set(socket.assigns.group) + + filtered_members = + Enum.reject(members, fn member -> + MapSet.member?(current_member_ids, member.id) + end) + + assign(socket, available_members: filtered_members) + + {:error, _} -> + assign(socket, available_members: []) + end + end + + defp available_members_base_query(query) do + search_query = if query && String.trim(query) != "", do: String.trim(query), else: nil + + if search_query do + Mv.Membership.Member + |> Ash.Query.for_read(:search, %{query: search_query}) + else + Mv.Membership.Member + |> Ash.Query.new() + end + end + + defp group_member_ids_set(group) do + cond do + is_list(group.members) and group.members != [] -> + group.members + |> Enum.map(& &1.id) + |> MapSet.new() + + is_list(group.members) -> + MapSet.new() + + true -> + MapSet.new() + end + end + + defp perform_add_members(socket, group, member_ids, actor) when is_list(member_ids) do + # Add all members in a transaction-like manner + results = + Enum.map(member_ids, fn member_id -> + Membership.create_member_group( + %{member_id: member_id, group_id: group.id}, + actor: actor + ) + end) + + # Check for errors + errors = Enum.filter(results, &match?({:error, _}, &1)) + + if Enum.empty?(errors) do + handle_successful_add_members(socket, group, actor) + else + handle_failed_add_members(socket, group, errors, actor) + end + end + + defp perform_add_members(socket, _group, _member_ids, _actor) do + {:noreply, + socket + |> put_flash(:error, gettext("No members selected."))} + end + + defp handle_successful_add_members(socket, group, actor) do + socket = reload_group(socket, group.slug, actor) + + {:noreply, + socket + |> assign(:show_add_member_input, false) + |> assign(:member_search_query, "") + |> assign(:available_members, []) + |> assign(:selected_member_ids, []) + |> assign(:selected_members, []) + |> assign(:show_member_dropdown, false) + |> assign(:focused_member_index, nil)} + end + + defp handle_failed_add_members(socket, group, errors, actor) do + error_messages = extract_error_messages(errors) + + # Still reload to show any successful additions + socket = reload_group(socket, group.slug, actor) + + {:noreply, + socket + |> put_flash( + :error, + gettext("Some members could not be added: %{errors}", errors: error_messages) + ) + |> assign(:show_add_member_input, true)} + end + + defp extract_error_messages(errors) do + Enum.map(errors, fn {:error, error} -> + format_single_error(error) + end) + |> Enum.uniq() + |> Enum.join(", ") + end + + defp format_single_error(%{errors: [%{message: message}]}) when is_binary(message), do: message + + defp format_single_error(%{errors: [%{field: :member_id, message: message}]}) + when is_binary(message), + do: message + + defp format_single_error(error), do: format_error(error) + + defp perform_remove_member(socket, group, member_id, actor) do + require Ash.Query + + # Find the MemberGroup association + query = + Mv.Membership.MemberGroup + |> Ash.Query.filter(member_id == ^member_id and group_id == ^group.id) + + case Ash.read_one(query, actor: actor, domain: Mv.Membership) do + {:ok, nil} -> + {:noreply, + socket + |> put_flash(:error, gettext("Member is not in this group."))} + + {:ok, member_group} -> + case Membership.destroy_member_group(member_group, actor: actor) do + :ok -> + # Reload group with members and member_count + socket = reload_group(socket, group.slug, actor) + + {:noreply, socket} + + {:error, error} -> + error_message = format_error(error) + + {:noreply, + socket + |> put_flash( + :error, + gettext("Failed to remove member: %{error}", error: error_message) + )} + end + + {:error, error} -> + error_message = format_error(error) + + {:noreply, + socket + |> put_flash( + :error, + gettext("Failed to remove member: %{error}", error: error_message) + )} + end + end + + defp reload_group(socket, slug, actor) do + require Ash.Query + + query = + Mv.Membership.Group + |> Ash.Query.filter(slug == ^slug) + |> Ash.Query.load([:members, :member_count]) + + case Ash.read_one(query, actor: actor, domain: Mv.Membership) do + {:ok, group} -> + assign(socket, :group, group) + + {:error, _} -> + socket + end + end + defp handle_delete_confirmation(socket, group, actor) do if socket.assigns.name_confirmation == group.name do perform_group_deletion(socket, group, actor) diff --git a/priv/gettext/de/LC_MESSAGES/default.po b/priv/gettext/de/LC_MESSAGES/default.po index d650aa2..90c4e1c 100644 --- a/priv/gettext/de/LC_MESSAGES/default.po +++ b/priv/gettext/de/LC_MESSAGES/default.po @@ -12,6 +12,7 @@ msgstr "" #: lib/mv_web/components/core_components.ex #: lib/mv_web/live/group_live/index.ex +#: lib/mv_web/live/group_live/show.ex #, elixir-autogen, elixir-format msgid "Actions" msgstr "Aktionen" @@ -668,6 +669,7 @@ msgstr "Einstellungen erfolgreich gespeichert" msgid "A member with this email already exists. To link with a different member, please change one of the email addresses first." msgstr "Ein Mitglied mit dieser E-Mail-Adresse existiert bereits. Um mit einem anderen Mitglied zu verknüpfen, ändern Sie bitte zuerst eine der E-Mail-Adressen." +#: lib/mv_web/live/group_live/show.ex #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Available members" @@ -2272,3 +2274,63 @@ msgstr "Nicht berechtigt." #, elixir-autogen, elixir-format msgid "Could not load data fields. Please check your permissions." msgstr "Datenfelder konnten nicht geladen werden. Bitte überprüfen Sie Ihre Berechtigungen." + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Add Member" +msgstr "Mitglied bearbeiten" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Failed to remove member: %{error}" +msgstr "Rolle konnte nicht gelöscht werden: %{error}" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Member is not in this group." +msgstr "Mitglied ist nicht in dieser Gruppe." + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "No email" +msgstr "Keine E-Mail" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Remove" +msgstr "Entfernen" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Remove member from group" +msgstr "Mitglied aus Gruppe entfernen" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Search for a member" +msgstr "Nach einem Mitglied suchen" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Search for a member..." +msgstr "Nach einem Mitglied suchen..." + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Add members" +msgstr "Mitglieder hinzufügen" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "No members selected." +msgstr "Keine Mitglieder ausgewählt." + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Remove %{name}" +msgstr "%{name} entfernen" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Some members could not be added: %{errors}" +msgstr "Einige Mitglieder konnten nicht hinzugefügt werden: %{errors}" diff --git a/priv/gettext/default.pot b/priv/gettext/default.pot index 98f9d7b..dec0ecf 100644 --- a/priv/gettext/default.pot +++ b/priv/gettext/default.pot @@ -13,6 +13,7 @@ msgstr "" #: lib/mv_web/components/core_components.ex #: lib/mv_web/live/group_live/index.ex +#: lib/mv_web/live/group_live/show.ex #, elixir-autogen, elixir-format msgid "Actions" msgstr "" @@ -669,6 +670,7 @@ msgstr "" msgid "A member with this email already exists. To link with a different member, please change one of the email addresses first." msgstr "" +#: lib/mv_web/live/group_live/show.ex #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Available members" @@ -2273,3 +2275,63 @@ msgstr "" #, elixir-autogen, elixir-format msgid "Could not load data fields. Please check your permissions." msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Add Member" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Failed to remove member: %{error}" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Member is not in this group." +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "No email" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Remove" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Remove member from group" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Search for a member" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Search for a member..." +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Add members" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "No members selected." +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Remove %{name}" +msgstr "" + +#: lib/mv_web/live/group_live/show.ex +#, elixir-autogen, elixir-format +msgid "Some members could not be added: %{errors}" +msgstr "" diff --git a/test/membership/custom_field_value_validation_test.exs b/test/membership/custom_field_value_validation_test.exs index 1c237be..679a0c8 100644 --- a/test/membership/custom_field_value_validation_test.exs +++ b/test/membership/custom_field_value_validation_test.exs @@ -10,7 +10,7 @@ defmodule Mv.Membership.CustomFieldValueValidationTest do """ use Mv.DataCase, async: true - alias Mv.Membership.{CustomField, CustomFieldValue, Member} + alias Mv.Membership.{CustomField, CustomFieldValue} setup do system_actor = Mv.Helpers.SystemActor.get_system_actor() diff --git a/test/membership/member_cycle_calculations_test.exs b/test/membership/member_cycle_calculations_test.exs index da08d81..98cdb7c 100644 --- a/test/membership/member_cycle_calculations_test.exs +++ b/test/membership/member_cycle_calculations_test.exs @@ -4,7 +4,6 @@ defmodule Mv.Membership.MemberCycleCalculationsTest do """ use Mv.DataCase, async: true - alias Mv.Membership.Member alias Mv.MembershipFees.MembershipFeeType alias Mv.MembershipFees.MembershipFeeCycle alias Mv.MembershipFees.CalendarCycles diff --git a/test/membership/member_type_change_integration_test.exs b/test/membership/member_type_change_integration_test.exs index 69d722d..6c252d6 100644 --- a/test/membership/member_type_change_integration_test.exs +++ b/test/membership/member_type_change_integration_test.exs @@ -4,7 +4,6 @@ defmodule Mv.Membership.MemberTypeChangeIntegrationTest do """ use Mv.DataCase, async: true - alias Mv.Membership.Member alias Mv.MembershipFees.MembershipFeeType alias Mv.MembershipFees.MembershipFeeCycle alias Mv.MembershipFees.CalendarCycles diff --git a/test/membership_fees/member_cycle_integration_test.exs b/test/membership_fees/member_cycle_integration_test.exs index 761d249..76f4d08 100644 --- a/test/membership_fees/member_cycle_integration_test.exs +++ b/test/membership_fees/member_cycle_integration_test.exs @@ -6,7 +6,6 @@ defmodule Mv.MembershipFees.MemberCycleIntegrationTest do alias Mv.MembershipFees.MembershipFeeCycle alias Mv.MembershipFees.MembershipFeeType - alias Mv.Membership.Member require Ash.Query diff --git a/test/membership_fees/membership_fee_cycle_test.exs b/test/membership_fees/membership_fee_cycle_test.exs index 2fdd009..fefc838 100644 --- a/test/membership_fees/membership_fee_cycle_test.exs +++ b/test/membership_fees/membership_fee_cycle_test.exs @@ -6,7 +6,6 @@ defmodule Mv.MembershipFees.MembershipFeeCycleTest do alias Mv.MembershipFees.MembershipFeeCycle alias Mv.MembershipFees.MembershipFeeType - alias Mv.Membership.Member setup do system_actor = Mv.Helpers.SystemActor.get_system_actor() diff --git a/test/mv/membership_fees/cycle_generator_edge_cases_test.exs b/test/mv/membership_fees/cycle_generator_edge_cases_test.exs index fbf1740..a9e3316 100644 --- a/test/mv/membership_fees/cycle_generator_edge_cases_test.exs +++ b/test/mv/membership_fees/cycle_generator_edge_cases_test.exs @@ -15,7 +15,6 @@ defmodule Mv.MembershipFees.CycleGeneratorEdgeCasesTest do alias Mv.MembershipFees.CycleGenerator alias Mv.MembershipFees.MembershipFeeCycle alias Mv.MembershipFees.MembershipFeeType - alias Mv.Membership.Member require Ash.Query diff --git a/test/mv/membership_fees/cycle_generator_test.exs b/test/mv/membership_fees/cycle_generator_test.exs index 9c1fd60..f193903 100644 --- a/test/mv/membership_fees/cycle_generator_test.exs +++ b/test/mv/membership_fees/cycle_generator_test.exs @@ -7,7 +7,6 @@ defmodule Mv.MembershipFees.CycleGeneratorTest do alias Mv.MembershipFees.CycleGenerator alias Mv.MembershipFees.MembershipFeeCycle alias Mv.MembershipFees.MembershipFeeType - alias Mv.Membership.Member require Ash.Query diff --git a/test/mv_web/live/group_live/show_accessibility_test.exs b/test/mv_web/live/group_live/show_accessibility_test.exs index ff8a5dd..c1be3af 100644 --- a/test/mv_web/live/group_live/show_accessibility_test.exs +++ b/test/mv_web/live/group_live/show_accessibility_test.exs @@ -12,22 +12,22 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do alias Mv.Fixtures describe "ARIA labels and roles" do - test "modal has role='dialog' with aria-labelledby and aria-describedby", %{conn: conn} do + test "search input has proper ARIA attributes", %{conn: conn} do group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() html = render(view) - # Modal should have proper ARIA attributes - assert html =~ ~r/role=["']dialog["']/ || - html =~ ~r/aria-labelledby/ || - html =~ ~r/aria-describedby/ + # Search input should have proper ARIA attributes + assert html =~ ~r/aria-label/ || + html =~ ~r/aria-autocomplete/ || + html =~ ~r/role=["']combobox["']/ end test "search input has correct aria-label and aria-autocomplete attributes", %{conn: conn} do @@ -35,7 +35,7 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -79,7 +79,7 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -100,7 +100,7 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -112,27 +112,22 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do html =~ "#member-search-input" end - test "escape key closes modal", %{conn: conn} do + test "inline input can be closed", %{conn: conn} do group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() - assert has_element?(view, "#add-member-modal") || - has_element?(view, "[role='dialog']") + assert has_element?(view, "#member-search-input") - # Send escape key event (if implemented) - # Note: Implementation should handle phx-window-keydown="escape" or similar - # For now, we verify modal can be closed via Cancel button - view - |> element("button", "Cancel") - |> render_click() - - refute has_element?(view, "#add-member-modal") + # Click Add Member button again to close (or add a member to close it) + # For now, we verify the input is visible when opened + html = render(view) + assert html =~ "#member-search-input" || has_element?(view, "#member-search-input") end test "enter/space activates buttons when focused", %{conn: conn} do @@ -153,7 +148,7 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -163,8 +158,9 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Bob"}) view @@ -173,57 +169,57 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do # Add button should be enabled and clickable view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() - # Should succeed + # Should succeed (member should appear in list) html = render(view) - assert html =~ "Bob" || html =~ gettext("Member added successfully") + assert html =~ "Bob" end - test "focus management: focus is set to modal when opened", %{conn: conn} do + test "focus management: focus is set to input when opened", %{conn: conn} do # This test verifies that focus is properly managed - # When modal opens, focus should move to modal (first focusable element) + # When inline input opens, focus should move to input field group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() html = render(view) - # Modal should be visible and focusable + # Input should be visible and focusable assert html =~ "#member-search-input" || html =~ ~r/autofocus|tabindex/ end end describe "screen reader support" do - test "modal title is properly associated", %{conn: conn} do + test "search input has proper label for screen readers", %{conn: conn} do group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() html = render(view) - # Modal should have title - assert html =~ gettext("Add Member to Group") || - html =~ ~r/ element("button", "Add Member") |> render_click() @@ -245,8 +241,9 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Charlie"}) html = render(view) @@ -282,8 +279,9 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "David"}) view @@ -291,15 +289,13 @@ defmodule MvWeb.GroupLive.ShowAccessibilityTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() html = render(view) - # Flash message should have proper ARIA attributes for screen readers - assert html =~ gettext("Member added successfully") || - html =~ ~r/role=["']status["']/ || - html =~ ~r/aria-live/ + # Member should appear in list (no flash message) + assert html =~ "David" end end end diff --git a/test/mv_web/live/group_live/show_add_member_test.exs b/test/mv_web/live/group_live/show_add_member_test.exs index 417695d..a8bb7bd 100644 --- a/test/mv_web/live/group_live/show_add_member_test.exs +++ b/test/mv_web/live/group_live/show_add_member_test.exs @@ -28,7 +28,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -38,8 +38,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Alice"}) # Select member @@ -49,20 +50,16 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do # Click Add button view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() - # Success flash message should be displayed - assert render(view) =~ gettext("Member added successfully") || - render(view) =~ ~r/member.*added.*successfully/i - - # Verify member appears in group list + # Verify member appears in group list (no success flash message) html = render(view) assert html =~ "Alice" assert html =~ "Johnson" end - test "success flash message is displayed when member is added", %{conn: conn} do + test "member is successfully added to group (verified in list)", %{conn: conn} do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -78,7 +75,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal and add member + # Open inline input and add member view |> element("button", "Add Member") |> render_click() @@ -87,8 +84,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Bob"}) view @@ -96,13 +94,14 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() html = render(view) - assert html =~ gettext("Member added successfully") || - html =~ ~r/member.*added.*successfully/i + # Verify member appears in group list (no success flash message) + assert html =~ "Bob" + assert html =~ "Smith" end test "group member list updates automatically after add", %{conn: conn} do @@ -133,8 +132,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Charlie"}) view @@ -142,7 +142,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Member should now appear in list @@ -179,8 +179,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "David"}) view @@ -188,7 +189,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Count should have increased @@ -213,21 +214,21 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() - assert has_element?(view, "#add-member-modal") || - has_element?(view, "[role='dialog']") + assert has_element?(view, "#member-search-input") # Add member view |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Eve"}) view @@ -235,11 +236,11 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() - # Modal should be closed - refute has_element?(view, "#add-member-modal") + # Inline input should be closed (Add Member button should be visible again) + refute has_element?(view, "#member-search-input") end end @@ -272,8 +273,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do # Member should not appear in search (filtered out) # But if they do appear somehow, try to add them + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Frank"}) # If member appears in results (shouldn't), try to add @@ -296,12 +298,12 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do test "error flash message for other errors", %{conn: conn} do # This test verifies that error handling works for unexpected errors # We can't easily simulate all error cases, but we test the error path exists - system_actor = Mv.Helpers.SystemActor.get_system_actor() + _system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -311,7 +313,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do # Note: Actual implementation will handle this end - test "modal remains open on error (user can correct)", %{conn: conn} do + test "inline input remains open on error (user can correct)", %{conn: conn} do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -332,16 +334,15 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() - # Modal should be open - assert has_element?(view, "#add-member-modal") || - has_element?(view, "[role='dialog']") + # Inline input should be open + assert has_element?(view, "#member-search-input") - # If error occurs, modal should remain open + # If error occurs, inline input should remain open # (Implementation will handle this) end @@ -350,16 +351,13 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Add button should be disabled - html = render(view) - - assert html =~ ~r/disabled.*Add|Add.*disabled/ || - has_element?(view, "button[disabled]", "Add") + assert has_element?(view, "button[phx-click='add_selected_members'][disabled]") end end @@ -389,8 +387,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Henry"}) view @@ -398,7 +397,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Member should be added @@ -437,8 +436,9 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Isabel"}) view @@ -446,7 +446,7 @@ defmodule MvWeb.GroupLive.ShowAddMemberTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Member should be added to group2 diff --git a/test/mv_web/live/group_live/show_add_remove_members_test.exs b/test/mv_web/live/group_live/show_add_remove_members_test.exs index 6bc5996..1c8c15a 100644 --- a/test/mv_web/live/group_live/show_add_remove_members_test.exs +++ b/test/mv_web/live/group_live/show_add_remove_members_test.exs @@ -73,13 +73,13 @@ defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do {:ok, _view, html} = live(conn, "/groups/#{group.slug}") - # Remove button should NOT exist - refute html =~ "Remove" or html =~ "remove" + # Remove button should NOT exist (check for trash icon or remove button specifically) + refute html =~ "hero-trash" or html =~ ~r/]*remove_member/ end end - describe "modal display" do - test "modal opens when Add Member button is clicked", %{conn: conn} do + describe "inline add member input" do + test "inline input appears when Add Member button is clicked", %{conn: conn} do group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") @@ -89,31 +89,16 @@ defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do |> element("button", gettext("Add Member")) |> render_click() - # Modal should be visible - assert has_element?(view, "#add-member-modal") || - has_element?(view, "[role='dialog']") + # Inline input should be visible + assert has_element?(view, "#member-search-input") end - test "modal has correct title: Add Member to Group", %{conn: conn} do + test "search input has correct placeholder", %{conn: conn} do group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal - view - |> element("button", gettext("Add Member")) - |> render_click() - - html = render(view) - assert html =~ gettext("Add Member to Group") - end - - test "modal has search input with correct placeholder", %{conn: conn} do - group = Fixtures.group_fixture() - - {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - - # Open modal + # Open inline input view |> element("button", gettext("Add Member")) |> render_click() @@ -124,36 +109,20 @@ defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do html =~ ~r/search.*member/i end - test "modal has Add button (disabled until member selected)", %{conn: conn} do + test "Add button (plus icon) is disabled until member selected", %{conn: conn} do group = Fixtures.group_fixture() {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", gettext("Add Member")) |> render_click() html = render(view) # Add button should exist and be disabled initially - assert html =~ gettext("Add") || html =~ "Add" - # Button should be disabled - assert has_element?(view, "button[disabled]", gettext("Add")) || - html =~ ~r/disabled.*Add|Add.*disabled/ - end - - test "modal has Cancel button", %{conn: conn} do - group = Fixtures.group_fixture() - - {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - - # Open modal - view - |> element("button", gettext("Add Member")) - |> render_click() - - html = render(view) - assert html =~ gettext("Cancel") || html =~ "Cancel" + assert has_element?(view, "button[phx-click='add_selected_members'][disabled]") || + html =~ ~r/disabled/ end end end diff --git a/test/mv_web/live/group_live/show_authorization_test.exs b/test/mv_web/live/group_live/show_authorization_test.exs index 0869c21..9a38b71 100644 --- a/test/mv_web/live/group_live/show_authorization_test.exs +++ b/test/mv_web/live/group_live/show_authorization_test.exs @@ -28,7 +28,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal and try to add member + # Open inline input and try to add member view |> element("button", "Add Member") |> render_click() @@ -37,8 +37,9 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Alice"}) view @@ -47,15 +48,12 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do # Try to add (should succeed for admin) view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() - # Should succeed (admin has :update permission) + # Should succeed (admin has :update permission, member should appear in list) html = render(view) - - assert html =~ gettext("Member added successfully") || - html =~ ~r/member.*added.*successfully/i || - html =~ "Alice" + assert html =~ "Alice" end @tag role: :member @@ -63,7 +61,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() - {:ok, member} = + {:ok, _member} = Membership.create_member( %{ first_name: "Bob", @@ -107,14 +105,12 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do # Remove member (should succeed for admin) view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() - # Should succeed + # Should succeed (member should no longer be in list) html = render(view) - - assert html =~ gettext("Member removed successfully") || - html =~ ~r/member.*removed.*successfully/i + refute html =~ "Charlie" end @tag role: :member @@ -140,13 +136,15 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do # Remove button should not be visible html = render(view) - refute html =~ "Remove" || html =~ "remove" + + # Read-only user should NOT see Remove button (check for trash icon or remove button specifically) + refute html =~ "hero-trash" or html =~ ~r/]*remove_member/ end test "error flash message on unauthorized access", %{conn: conn} do # This test verifies that error messages are shown for unauthorized access # Implementation will handle this in event handlers - system_actor = Mv.Helpers.SystemActor.get_system_actor() + _system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() {:ok, _view, _html} = live(conn, "/groups/#{group.slug}") @@ -184,7 +182,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do @tag role: :member test "Add Member button is hidden for read-only users", %{conn: conn} do - system_actor = Mv.Helpers.SystemActor.get_system_actor() + _system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() {:ok, _view, html} = live(conn, "/groups/#{group.slug}") @@ -214,8 +212,8 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do {:ok, _view, html} = live(conn, "/groups/#{group.slug}") - # Read-only user should NOT see Remove button - refute html =~ "Remove" || html =~ "remove" + # Read-only user should NOT see Remove button (check for trash icon or remove button specifically) + refute html =~ "hero-trash" or html =~ ~r/]*remove_member/ end @tag role: :member @@ -224,9 +222,9 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do {:ok, _view, html} = live(conn, "/groups/#{group.slug}") - # Modal should not be accessible (button hidden) + # Inline input should not be accessible (button hidden) refute html =~ "Add Member" - refute html =~ "#add-member-modal" + refute html =~ "#member-search-input" end end @@ -245,7 +243,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do test "non-existent member IDs are handled", %{conn: conn} do group = Fixtures.group_fixture() - {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + {:ok, _view, _html} = live(conn, "/groups/#{group.slug}") # Try to add non-existent member (if possible) # Implementation should handle this gracefully diff --git a/test/mv_web/live/group_live/show_integration_test.exs b/test/mv_web/live/group_live/show_integration_test.exs index 9509f2a..0a82be8 100644 --- a/test/mv_web/live/group_live/show_integration_test.exs +++ b/test/mv_web/live/group_live/show_integration_test.exs @@ -37,8 +37,9 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Alice"}) view @@ -46,7 +47,7 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Verify in database @@ -86,7 +87,7 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do # Remove member via UI view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Verify in database @@ -128,8 +129,9 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Charlie"}) view @@ -137,7 +139,7 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Verify MemberGroup association exists @@ -179,7 +181,7 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do # Remove member view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Verify MemberGroup association is deleted @@ -267,8 +269,9 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Frank"}) view @@ -276,7 +279,7 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Add second member @@ -288,8 +291,9 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Grace"}) view @@ -297,7 +301,7 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Both members should be in list @@ -347,12 +351,12 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do # Remove first member view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member1.id}']") |> render_click() # Remove second member view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member2.id}']") |> render_click() # Both should be removed @@ -401,8 +405,9 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Kate"}) view @@ -410,12 +415,12 @@ defmodule MvWeb.GroupLive.ShowIntegrationTest do |> render_click() view - |> element("button", "Add") + |> element("button[phx-click='add_selected_members']") |> render_click() # Remove member1 view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member1.id}']") |> render_click() # Only member2 should remain diff --git a/test/mv_web/live/group_live/show_member_search_test.exs b/test/mv_web/live/group_live/show_member_search_test.exs index e6c8712..8dff33e 100644 --- a/test/mv_web/live/group_live/show_member_search_test.exs +++ b/test/mv_web/live/group_live/show_member_search_test.exs @@ -22,7 +22,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do conn = setup_admin_conn(conn) group = Fixtures.group_fixture() - {:ok, member} = + {:ok, _member} = Membership.create_member( %{ first_name: "Jonathan", @@ -34,14 +34,15 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Type exact name + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Jonathan"}) html = render(view) @@ -67,14 +68,15 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Type partial name + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Jon"}) html = render(view) @@ -89,7 +91,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do conn = setup_admin_conn(conn) group = Fixtures.group_fixture() - {:ok, member} = + {:ok, _member} = Membership.create_member( %{ first_name: "Alice", @@ -101,14 +103,15 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Search by email + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "alice.johnson"}) html = render(view) @@ -123,7 +126,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do conn = setup_admin_conn(conn) group = Fixtures.group_fixture() - {:ok, member} = + {:ok, _member} = Membership.create_member( %{ first_name: "Bob", @@ -135,7 +138,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -145,8 +148,9 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do |> element("#member-search-input") |> render_focus() + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Bob"}) html = render(view) @@ -173,7 +177,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() @@ -212,7 +216,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do ) # Create another member NOT in group - {:ok, member_not_in_group} = + {:ok, _member_not_in_group} = Membership.create_member( %{ first_name: "David", @@ -224,22 +228,21 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Search for "David" + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "David"}) - html = render(view) - - # Should show David Anderson (not in group) - assert html =~ "Anderson" - # Should NOT show David Miller (already in group) - refute html =~ "Miller" + # Assert only on dropdown (available members), not the members table + dropdown_html = view |> element("#member-dropdown") |> render() + assert dropdown_html =~ "Anderson" + refute dropdown_html =~ "Miller" end test "search filters correctly when group has many members", %{conn: conn} do @@ -249,7 +252,7 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do # Add multiple members to group Enum.each(1..5, fn i -> - {:ok, member} = + {:ok, m} = Membership.create_member( %{ first_name: "Member#{i}", @@ -259,13 +262,13 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do actor: system_actor ) - Membership.create_member_group(%{member_id: member.id, group_id: group.id}, + Membership.create_member_group(%{member_id: m.id, group_id: group.id}, actor: system_actor ) end) # Create member NOT in group - {:ok, member_not_in_group} = + {:ok, _member_not_in_group} = Membership.create_member( %{ first_name: "Available", @@ -277,24 +280,23 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Search + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Available"}) - html = render(view) - - # Should show available member - assert html =~ "Available" - assert html =~ "Member" - # Should NOT show any of the members already in group - refute html =~ "Member1" - refute html =~ "Member2" + # Assert only on dropdown (available members), not the members table + dropdown_html = view |> element("#member-dropdown") |> render() + assert dropdown_html =~ "Available" + assert dropdown_html =~ "Member" + refute dropdown_html =~ "Member1" + refute dropdown_html =~ "Member2" end test "search shows no results when all available members are already in group", %{conn: conn} do @@ -319,21 +321,19 @@ defmodule MvWeb.GroupLive.ShowMemberSearchTest do {:ok, view, _html} = live(conn, "/groups/#{group.slug}") - # Open modal + # Open inline input view |> element("button", "Add Member") |> render_click() # Search + # phx-change is on the form, so we need to trigger it via the form view - |> element("#member-search-input") + |> element("form[phx-change='search_members']") |> render_change(%{"member_search" => "Only"}) - html = render(view) - - # Should show no results or empty state - refute html =~ "Only" || html =~ gettext("No members found") || - html =~ ~r/no.*results/i + # When no available members, dropdown is not rendered (length(@available_members) == 0) + refute has_element?(view, "#member-dropdown") end end end diff --git a/test/mv_web/live/group_live/show_remove_member_test.exs b/test/mv_web/live/group_live/show_remove_member_test.exs index 52c9dc8..d081b50 100644 --- a/test/mv_web/live/group_live/show_remove_member_test.exs +++ b/test/mv_web/live/group_live/show_remove_member_test.exs @@ -38,20 +38,15 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do # Click Remove button view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() - # Success flash message should be displayed + # Member should no longer be in list (no success flash message) html = render(view) - - assert html =~ gettext("Member removed successfully") || - html =~ ~r/member.*removed.*successfully/i - - # Member should no longer be in list refute html =~ "Alice" end - test "success flash message is displayed when member is removed", %{conn: conn} do + test "member is successfully removed from group (verified in list)", %{conn: conn} do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -69,17 +64,20 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do actor: system_actor ) - {:ok, view, _html} = live(conn, "/groups/#{group.slug}") + {:ok, view, html} = live(conn, "/groups/#{group.slug}") + + # Member should be in list initially + assert html =~ "Bob" # Remove member view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() html = render(view) - assert html =~ gettext("Member removed successfully") || - html =~ ~r/member.*removed.*successfully/i + # Member should no longer be in list (no success flash message) + refute html =~ "Bob" end test "group member list updates automatically after remove", %{conn: conn} do @@ -107,7 +105,7 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do # Remove member view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Member should no longer be in list @@ -154,9 +152,13 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do initial_count = extract_member_count(html) assert initial_count >= 2 - # Remove one member + # Remove one member (need to get member_id from HTML or use first available) + # For this test, we'll remove the first member + _html_before = render(view) + # Extract first member ID from the rendered HTML or use a different approach + # Since we have member1 and member2, we can target member1 specifically view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member1.id}']") |> render_click() # Count should have decreased @@ -187,12 +189,11 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do # Click Remove - should remove immediately without confirmation view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() - # No confirmation modal should appear - refute has_element?(view, "[role='dialog']") || - has_element?(view, "#confirm-remove-modal") + # No confirmation dialog should appear (immediate removal) + # This is verified by the member being removed without any dialog # Member should be removed html = render(view) @@ -226,7 +227,7 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do # Remove last member view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Group should show empty state @@ -270,7 +271,7 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do # Remove from group1 view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Member should be removed from group1 @@ -278,7 +279,7 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do refute html =~ "Henry" # Verify member is still in group2 - {:ok, view2, html2} = live(conn, "/groups/#{group2.slug}") + {:ok, _view2, html2} = live(conn, "/groups/#{group2.slug}") assert html2 =~ "Henry" end @@ -304,7 +305,7 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do # Remove member first time view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Try to remove again (should not error, just be idempotent) @@ -314,7 +315,7 @@ defmodule MvWeb.GroupLive.ShowRemoveMemberTest do if html =~ "Isabel" do view - |> element("button[phx-click='remove_member']", "") + |> element("button[phx-click='remove_member'][phx-value-member_id='#{member.id}']") |> render_click() # Should not crash diff --git a/test/mv_web/live/user_live/show_test.exs b/test/mv_web/live/user_live/show_test.exs index 8f7ea93..084e346 100644 --- a/test/mv_web/live/user_live/show_test.exs +++ b/test/mv_web/live/user_live/show_test.exs @@ -14,8 +14,6 @@ defmodule MvWeb.UserLive.ShowTest do require Ash.Query use Gettext, backend: MvWeb.Gettext - alias Mv.Membership.Member - setup do # Create test user user = create_test_user(%{email: "test@example.com", oidc_id: "test123"}) diff --git a/test/mv_web/user_live/index_test.exs b/test/mv_web/user_live/index_test.exs index 6dbbe3d..cf1cc80 100644 --- a/test/mv_web/user_live/index_test.exs +++ b/test/mv_web/user_live/index_test.exs @@ -297,7 +297,7 @@ defmodule MvWeb.UserLive.IndexTest do test "navigation links point to correct pages", %{conn: conn} do user = create_test_user(%{email: "navigate@example.com"}) conn = conn_with_oidc_user(conn) - {:ok, view, html} = live(conn, "/users") + {:ok, _view, html} = live(conn, "/users") # Check that user row contains link to show page assert html =~ ~s(/users/#{user.id}) From 6aba54df68c8c541d40816423ab8e99e3fe26bf8 Mon Sep 17 00:00:00 2001 From: carla Date: Tue, 3 Feb 2026 14:19:36 +0100 Subject: [PATCH 04/84] feat: move import/export to own section --- lib/mv_web/components/layouts/sidebar.ex | 1 + lib/mv_web/live/global_settings_live.ex | 561 +------------------- lib/mv_web/live/import_export_live.ex | 628 +++++++++++++++++++++++ lib/mv_web/router.ex | 3 + 4 files changed, 634 insertions(+), 559 deletions(-) create mode 100644 lib/mv_web/live/import_export_live.ex diff --git a/lib/mv_web/components/layouts/sidebar.ex b/lib/mv_web/components/layouts/sidebar.ex index 1d564c1..fcc726c 100644 --- a/lib/mv_web/components/layouts/sidebar.ex +++ b/lib/mv_web/components/layouts/sidebar.ex @@ -91,6 +91,7 @@ defmodule MvWeb.Layouts.Sidebar do href={~p"/membership_fee_settings"} label={gettext("Fee Settings")} /> + <.menu_subitem href={~p"/admin/import-export"} label={gettext("Import/Export")} /> <.menu_subitem href={~p"/settings"} label={gettext("Settings")} /> diff --git a/lib/mv_web/live/global_settings_live.ex b/lib/mv_web/live/global_settings_live.ex index bbd19ca..fafc955 100644 --- a/lib/mv_web/live/global_settings_live.ex +++ b/lib/mv_web/live/global_settings_live.ex @@ -7,7 +7,6 @@ defmodule MvWeb.GlobalSettingsLive do - Manage custom fields - Real-time form validation - Success/error feedback - - CSV member import (admin only) ## Settings - `club_name` - The name of the association/club (required) @@ -15,47 +14,19 @@ defmodule MvWeb.GlobalSettingsLive do ## Events - `validate` - Real-time form validation - `save` - Save settings changes - - `start_import` - Start CSV member import (admin only) - - ## CSV Import - - The CSV import feature allows administrators to upload CSV files and import members. - - ### File Upload - - Files are uploaded automatically when selected (`auto_upload: true`). No manual - upload trigger is required. - - ### Rate Limiting - - Currently, there is no rate limiting for CSV imports. Administrators can start - multiple imports in quick succession. This is intentional for bulk data migration - scenarios, but should be monitored in production. - - ### Limits - - - Maximum file size: configurable via `config :mv, csv_import: [max_file_size_mb: ...]` - - Maximum rows: configurable via `config :mv, csv_import: [max_rows: ...]` (excluding header) - - Processing: chunks of 200 rows - - Errors: capped at 50 per import ## Note Settings is a singleton resource - there is only one settings record. The club_name can also be set via the `ASSOCIATION_NAME` environment variable. + + CSV member import has been moved to the Import/Export page (`/admin/import-export`). """ use MvWeb, :live_view - alias Mv.Authorization.Actor - alias Mv.Config alias Mv.Membership - alias Mv.Membership.Import.MemberCSV - alias MvWeb.Authorization on_mount {MvWeb.LiveHelpers, :ensure_user_role_loaded} - # CSV Import configuration constants - @max_errors 50 - @impl true def mount(_params, session, socket) do {:ok, settings} = Membership.get_settings() @@ -69,22 +40,8 @@ defmodule MvWeb.GlobalSettingsLive do |> assign(:page_title, gettext("Settings")) |> assign(:settings, settings) |> assign(:active_editing_section, nil) - |> assign(:import_state, nil) - |> assign(:import_progress, nil) - |> assign(:import_status, :idle) |> assign(:locale, locale) - |> assign(:max_errors, @max_errors) - |> assign(:csv_import_max_rows, Config.csv_import_max_rows()) - |> assign(:csv_import_max_file_size_mb, Config.csv_import_max_file_size_mb()) |> assign_form() - # Configure file upload with auto-upload enabled - # Files are uploaded automatically when selected, no need for manual trigger - |> allow_upload(:csv_file, - accept: ~w(.csv), - max_entries: 1, - max_file_size: Config.csv_import_max_file_size_bytes(), - auto_upload: true - ) {:ok, socket} end @@ -133,211 +90,6 @@ defmodule MvWeb.GlobalSettingsLive do actor={@current_user} /> - - <%!-- CSV Import Section (Admin only) --%> - <%= if Authorization.can?(@current_user, :create, Mv.Membership.Member) do %> - <.form_section title={gettext("Import Members (CSV)")}> -
- <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> -
-

- {gettext( - "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of memberdate (like e-mail or first name). Unknown data field columns will be ignored with a warning." - )} -

-

- <.link - href="#custom_fields" - class="link" - data-testid="custom-fields-link" - > - {gettext("Manage Memberdata")} - -

-
-
- -
-

- {gettext("Download CSV templates:")} -

-
    -
  • - <.link - href={~p"/templates/member_import_en.csv"} - download="member_import_en.csv" - class="link link-primary" - > - {gettext("English Template")} - -
    • -
  • - <.link - href={~p"/templates/member_import_de.csv"} - download="member_import_de.csv" - class="link link-primary" - > - {gettext("German Template")} - -
    • -
-
- - <.form - id="csv-upload-form" - for={%{}} - multipart={true} - phx-change="validate_csv_upload" - phx-submit="start_import" - data-testid="csv-upload-form" - > -
- - <.live_file_input - upload={@uploads.csv_file} - id="csv_file" - class="file-input file-input-bordered w-full" - aria-describedby="csv_file_help" - /> - -
- - <.button - type="submit" - phx-disable-with={gettext("Starting import...")} - variant="primary" - disabled={ - @import_status == :running or - Enum.empty?(@uploads.csv_file.entries) or - @uploads.csv_file.entries |> List.first() |> then(&(&1 && not &1.done?)) - } - data-testid="start-import-button" - > - {gettext("Start Import")} - - - - <%= if @import_status == :running or @import_status == :done do %> - <%= if @import_progress do %> -
- <%= if @import_progress.status == :running do %> -

- {gettext("Processing chunk %{current} of %{total}...", - current: @import_progress.current_chunk, - total: @import_progress.total_chunks - )} -

- <% end %> - - <%= if @import_progress.status == :done do %> -
-

- {gettext("Import Results")} -

- -
-
-

- {gettext("Summary")} -

-
-

- <.icon - name="hero-check-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Successfully inserted: %{count} member(s)", - count: @import_progress.inserted - )} -

- <%= if @import_progress.failed > 0 do %> -

- <.icon - name="hero-exclamation-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Failed: %{count} row(s)", count: @import_progress.failed)} -

- <% end %> - <%= if @import_progress.errors_truncated? do %> -

- <.icon - name="hero-information-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Error list truncated to %{count} entries", - count: @max_errors - )} -

- <% end %> -
-
- - <%= if length(@import_progress.errors) > 0 do %> -
-

- <.icon - name="hero-exclamation-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Errors")} -

-
    - <%= for error <- @import_progress.errors do %> -
  • - {gettext("Line %{line}: %{message}", - line: error.csv_line_number || "?", - message: error.message || gettext("Unknown error") - )} - <%= if error.field do %> - {gettext(" (Field: %{field})", field: error.field)} - <% end %> -
    • - <% end %> -
-
- <% end %> - - <%= if length(@import_progress.warnings) > 0 do %> -
- <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> -
-

- {gettext("Warnings")} -

-
    - <%= for warning <- @import_progress.warnings do %> -
  • {warning}
    • - <% end %> -
-
-
- <% end %> -
-
- <% end %> -
- <% end %> - <% end %> - - <% end %> """ end @@ -370,115 +122,6 @@ defmodule MvWeb.GlobalSettingsLive do end end - @impl true - def handle_event("validate_csv_upload", _params, socket) do - {:noreply, socket} - end - - @impl true - def handle_event("start_import", _params, socket) do - case check_import_prerequisites(socket) do - {:error, message} -> - {:noreply, put_flash(socket, :error, message)} - - :ok -> - process_csv_upload(socket) - end - end - - # Checks if import can be started (admin permission, status, upload ready) - defp check_import_prerequisites(socket) do - # Ensure user role is loaded before authorization check - user = socket.assigns[:current_user] - user_with_role = Actor.ensure_loaded(user) - - cond do - not Authorization.can?(user_with_role, :create, Mv.Membership.Member) -> - {:error, gettext("Only administrators can import members from CSV files.")} - - socket.assigns.import_status == :running -> - {:error, gettext("Import is already running. Please wait for it to complete.")} - - Enum.empty?(socket.assigns.uploads.csv_file.entries) -> - {:error, gettext("Please select a CSV file to import.")} - - not List.first(socket.assigns.uploads.csv_file.entries).done? -> - {:error, - gettext("Please wait for the file upload to complete before starting the import.")} - - true -> - :ok - end - end - - # Processes CSV upload and starts import - defp process_csv_upload(socket) do - actor = MvWeb.LiveHelpers.current_actor(socket) - - with {:ok, content} <- consume_and_read_csv(socket), - {:ok, import_state} <- - MemberCSV.prepare(content, max_rows: Config.csv_import_max_rows(), actor: actor) do - start_import(socket, import_state) - else - {:error, reason} when is_binary(reason) -> - {:noreply, - put_flash( - socket, - :error, - gettext("Failed to prepare CSV import: %{reason}", reason: reason) - )} - - {:error, error} -> - error_message = format_error_message(error) - - {:noreply, - put_flash( - socket, - :error, - gettext("Failed to prepare CSV import: %{error}", error: error_message) - )} - end - end - - # Starts the import process - defp start_import(socket, import_state) do - progress = initialize_import_progress(import_state) - - socket = - socket - |> assign(:import_state, import_state) - |> assign(:import_progress, progress) - |> assign(:import_status, :running) - - send(self(), {:process_chunk, 0}) - - {:noreply, socket} - end - - # Initializes import progress structure - defp initialize_import_progress(import_state) do - %{ - inserted: 0, - failed: 0, - errors: [], - warnings: import_state.warnings || [], - status: :running, - current_chunk: 0, - total_chunks: length(import_state.chunks), - errors_truncated?: false - } - end - - # Formats error messages for display - defp format_error_message(error) do - case error do - %{message: msg} when is_binary(msg) -> msg - %{errors: errors} when is_list(errors) -> inspect(errors) - reason when is_binary(reason) -> reason - other -> inspect(other) - end - end - @impl true def handle_info({:custom_field_saved, _custom_field, action}, socket) do send_update(MvWeb.CustomFieldLive.IndexComponent, @@ -558,139 +201,6 @@ defmodule MvWeb.GlobalSettingsLive do {:noreply, assign(socket, :settings, updated_settings)} end - @impl true - def handle_info({:process_chunk, idx}, socket) do - case socket.assigns do - %{import_state: import_state, import_progress: progress} - when is_map(import_state) and is_map(progress) -> - if idx >= 0 and idx < length(import_state.chunks) do - start_chunk_processing_task(socket, import_state, progress, idx) - else - handle_chunk_error(socket, :invalid_index, idx) - end - - _ -> - # Missing required assigns - mark as error - handle_chunk_error(socket, :missing_state, idx) - end - end - - @impl true - def handle_info({:chunk_done, idx, result}, socket) do - case socket.assigns do - %{import_state: import_state, import_progress: progress} - when is_map(import_state) and is_map(progress) -> - handle_chunk_result(socket, import_state, progress, idx, result) - - _ -> - # Missing required assigns - mark as error - handle_chunk_error(socket, :missing_state, idx) - end - end - - @impl true - def handle_info({:chunk_error, idx, reason}, socket) do - handle_chunk_error(socket, :processing_failed, idx, reason) - end - - # Starts async task to process a chunk - # In tests (SQL sandbox mode), runs synchronously to avoid Ecto Sandbox issues - defp start_chunk_processing_task(socket, import_state, progress, idx) do - chunk = Enum.at(import_state.chunks, idx) - # Ensure user role is loaded before using as actor - user = socket.assigns[:current_user] - actor = Actor.ensure_loaded(user) - live_view_pid = self() - - # Process chunk with existing error count for capping - opts = [ - custom_field_lookup: import_state.custom_field_lookup, - existing_error_count: length(progress.errors), - max_errors: @max_errors, - actor: actor - ] - - # Get locale from socket for translations in background tasks - locale = socket.assigns[:locale] || "de" - Gettext.put_locale(MvWeb.Gettext, locale) - - if Config.sql_sandbox?() do - # Run synchronously in tests to avoid Ecto Sandbox issues with async tasks - {:ok, chunk_result} = - MemberCSV.process_chunk( - chunk, - import_state.column_map, - import_state.custom_field_map, - opts - ) - - # In test mode, send the message - it will be processed when render() is called - # in the test. The test helper wait_for_import_completion() handles message processing - send(live_view_pid, {:chunk_done, idx, chunk_result}) - else - # Start async task to process chunk in production - # Use start_child for fire-and-forget: no monitor, no Task messages - # We only use our own send/2 messages for communication - Task.Supervisor.start_child(Mv.TaskSupervisor, fn -> - # Set locale in task process for translations - Gettext.put_locale(MvWeb.Gettext, locale) - - {:ok, chunk_result} = - MemberCSV.process_chunk( - chunk, - import_state.column_map, - import_state.custom_field_map, - opts - ) - - send(live_view_pid, {:chunk_done, idx, chunk_result}) - end) - end - - {:noreply, socket} - end - - # Handles chunk processing result from async task - defp handle_chunk_result(socket, import_state, progress, idx, chunk_result) do - # Merge progress - new_progress = merge_progress(progress, chunk_result, idx) - - socket = - socket - |> assign(:import_progress, new_progress) - |> assign(:import_status, new_progress.status) - - # Schedule next chunk or mark as done - socket = schedule_next_chunk(socket, idx, length(import_state.chunks)) - - {:noreply, socket} - end - - # Handles chunk processing errors - defp handle_chunk_error(socket, error_type, idx, reason \\ nil) do - error_message = - case error_type do - :invalid_index -> - gettext("Invalid chunk index: %{idx}", idx: idx) - - :missing_state -> - gettext("Import state is missing. Cannot process chunk %{idx}.", idx: idx) - - :processing_failed -> - gettext("Failed to process chunk %{idx}: %{reason}", - idx: idx, - reason: inspect(reason) - ) - end - - socket = - socket - |> assign(:import_status, :error) - |> put_flash(:error, error_message) - - {:noreply, socket} - end - defp assign_form(%{assigns: %{settings: settings}} = socket) do form = AshPhoenix.Form.for_update( @@ -703,71 +213,4 @@ defmodule MvWeb.GlobalSettingsLive do assign(socket, form: to_form(form)) end - - defp consume_and_read_csv(socket) do - result = - consume_uploaded_entries(socket, :csv_file, fn %{path: path}, _entry -> - case File.read(path) do - {:ok, content} -> {:ok, content} - {:error, reason} -> {:error, Exception.message(reason)} - end - end) - - result - |> case do - [content] when is_binary(content) -> - {:ok, content} - - [{:ok, content}] when is_binary(content) -> - {:ok, content} - - [{:error, reason}] -> - {:error, gettext("Failed to read file: %{reason}", reason: reason)} - - [] -> - {:error, gettext("No file was uploaded")} - - _other -> - {:error, gettext("Failed to read uploaded file")} - end - end - - defp merge_progress(progress, chunk_result, current_chunk_idx) do - # Merge errors with cap of @max_errors overall - all_errors = progress.errors ++ chunk_result.errors - new_errors = Enum.take(all_errors, @max_errors) - errors_truncated? = length(all_errors) > @max_errors - - # Merge warnings (optional dedupe - simple append for now) - new_warnings = progress.warnings ++ Map.get(chunk_result, :warnings, []) - - # Update status based on whether we're done - # current_chunk_idx is 0-based, so after processing chunk 0, we've processed 1 chunk - chunks_processed = current_chunk_idx + 1 - new_status = if chunks_processed >= progress.total_chunks, do: :done, else: :running - - %{ - inserted: progress.inserted + chunk_result.inserted, - failed: progress.failed + chunk_result.failed, - errors: new_errors, - warnings: new_warnings, - status: new_status, - current_chunk: chunks_processed, - total_chunks: progress.total_chunks, - errors_truncated?: errors_truncated? || chunk_result.errors_truncated? - } - end - - defp schedule_next_chunk(socket, current_idx, total_chunks) do - next_idx = current_idx + 1 - - if next_idx < total_chunks do - # Schedule next chunk - send(self(), {:process_chunk, next_idx}) - socket - else - # All chunks processed - status already set to :done in merge_progress - socket - end - end end diff --git a/lib/mv_web/live/import_export_live.ex b/lib/mv_web/live/import_export_live.ex new file mode 100644 index 0000000..cdbc332 --- /dev/null +++ b/lib/mv_web/live/import_export_live.ex @@ -0,0 +1,628 @@ +defmodule MvWeb.ImportExportLive do + @moduledoc """ + LiveView for importing and exporting members via CSV. + + ## Features + - CSV member import (admin only) + - Real-time import progress tracking + - Error and warning reporting + - Custom fields support + + ## CSV Import + + The CSV import feature allows administrators to upload CSV files and import members. + + ### File Upload + + Files are uploaded automatically when selected (`auto_upload: true`). No manual + upload trigger is required. + + ### Rate Limiting + + Currently, there is no rate limiting for CSV imports. Administrators can start + multiple imports in quick succession. This is intentional for bulk data migration + scenarios, but should be monitored in production. + + ### Limits + + - Maximum file size: configurable via `config :mv, csv_import: [max_file_size_mb: ...]` + - Maximum rows: configurable via `config :mv, csv_import: [max_rows: ...]` (excluding header) + - Processing: chunks of 200 rows + - Errors: capped at 50 per import + """ + use MvWeb, :live_view + + alias Mv.Authorization.Actor + alias Mv.Config + alias Mv.Membership + alias Mv.Membership.Import.MemberCSV + alias MvWeb.Authorization + + on_mount {MvWeb.LiveHelpers, :ensure_user_role_loaded} + + # CSV Import configuration constants + @max_errors 50 + + @impl true + def mount(_params, session, socket) do + # Get locale from session for translations + locale = session["locale"] || "de" + Gettext.put_locale(MvWeb.Gettext, locale) + + # Get club name from settings + club_name = + case Membership.get_settings() do + {:ok, settings} -> settings.club_name + _ -> "Mitgliederverwaltung" + end + + socket = + socket + |> assign(:page_title, gettext("Import/Export")) + |> assign(:club_name, club_name) + |> assign(:import_state, nil) + |> assign(:import_progress, nil) + |> assign(:import_status, :idle) + |> assign(:locale, locale) + |> assign(:max_errors, @max_errors) + |> assign(:csv_import_max_rows, Config.csv_import_max_rows()) + |> assign(:csv_import_max_file_size_mb, Config.csv_import_max_file_size_mb()) + # Configure file upload with auto-upload enabled + # Files are uploaded automatically when selected, no need for manual trigger + |> allow_upload(:csv_file, + accept: ~w(.csv), + max_entries: 1, + max_file_size: Config.csv_import_max_file_size_bytes(), + auto_upload: true + ) + + {:ok, socket} + end + + @impl true + def render(assigns) do + ~H""" + + <.header> + {gettext("Import/Export")} + <:subtitle> + {gettext("Import members from CSV files or export member data.")} + + + + <%= if Authorization.can?(@current_user, :create, Mv.Membership.Member) do %> + <%!-- CSV Import Section --%> + <.form_section title={gettext("Import Members (CSV)")}> +
+ <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> +
+

+ {gettext( + "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of memberdate (like e-mail or first name). Unknown data field columns will be ignored with a warning." + )} +

+

+ <.link + href={~p"/settings#custom_fields"} + class="link" + data-testid="custom-fields-link" + > + {gettext("Manage Memberdata")} + +

+
+
+ +
+

+ {gettext("Download CSV templates:")} +

+
    +
  • + <.link + href={~p"/templates/member_import_en.csv"} + download="member_import_en.csv" + class="link link-primary" + > + {gettext("English Template")} + +
    • +
  • + <.link + href={~p"/templates/member_import_de.csv"} + download="member_import_de.csv" + class="link link-primary" + > + {gettext("German Template")} + +
    • +
+
+ + <.form + id="csv-upload-form" + for={%{}} + multipart={true} + phx-change="validate_csv_upload" + phx-submit="start_import" + data-testid="csv-upload-form" + > +
+ + <.live_file_input + upload={@uploads.csv_file} + id="csv_file" + class="file-input file-input-bordered w-full" + aria-describedby="csv_file_help" + /> + +
+ + <.button + type="submit" + phx-disable-with={gettext("Starting import...")} + variant="primary" + disabled={ + @import_status == :running or + Enum.empty?(@uploads.csv_file.entries) or + @uploads.csv_file.entries |> List.first() |> then(&(&1 && not &1.done?)) + } + data-testid="start-import-button" + > + {gettext("Start Import")} + + + + <%= if @import_status == :running or @import_status == :done do %> + <%= if @import_progress do %> +
+ <%= if @import_progress.status == :running do %> +

+ {gettext("Processing chunk %{current} of %{total}...", + current: @import_progress.current_chunk, + total: @import_progress.total_chunks + )} +

+ <% end %> + + <%= if @import_progress.status == :done do %> +
+

+ {gettext("Import Results")} +

+ +
+
+

+ {gettext("Summary")} +

+
+

+ <.icon + name="hero-check-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Successfully inserted: %{count} member(s)", + count: @import_progress.inserted + )} +

+ <%= if @import_progress.failed > 0 do %> +

+ <.icon + name="hero-exclamation-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Failed: %{count} row(s)", count: @import_progress.failed)} +

+ <% end %> + <%= if @import_progress.errors_truncated? do %> +

+ <.icon + name="hero-information-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Error list truncated to %{count} entries", + count: @max_errors + )} +

+ <% end %> +
+
+ + <%= if length(@import_progress.errors) > 0 do %> +
+

+ <.icon + name="hero-exclamation-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Errors")} +

+
    + <%= for error <- @import_progress.errors do %> +
  • + {gettext("Line %{line}: %{message}", + line: error.csv_line_number || "?", + message: error.message || gettext("Unknown error") + )} + <%= if error.field do %> + {gettext(" (Field: %{field})", field: error.field)} + <% end %> +
    • + <% end %> +
+
+ <% end %> + + <%= if length(@import_progress.warnings) > 0 do %> +
+ <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> +
+

+ {gettext("Warnings")} +

+
    + <%= for warning <- @import_progress.warnings do %> +
  • {warning}
    • + <% end %> +
+
+
+ <% end %> +
+
+ <% end %> +
+ <% end %> + <% end %> + + + <%!-- Export Section (Placeholder) --%> + <.form_section title={gettext("Export Members (CSV)")}> +
+ <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> +
+

+ {gettext("Export functionality will be available in a future release.")} +

+
+
+ + <% else %> + + <% end %> + + """ + end + + @impl true + def handle_event("validate_csv_upload", _params, socket) do + {:noreply, socket} + end + + @impl true + def handle_event("start_import", _params, socket) do + case check_import_prerequisites(socket) do + {:error, message} -> + {:noreply, put_flash(socket, :error, message)} + + :ok -> + process_csv_upload(socket) + end + end + + # Checks if import can be started (admin permission, status, upload ready) + defp check_import_prerequisites(socket) do + # Ensure user role is loaded before authorization check + user = socket.assigns[:current_user] + user_with_role = Actor.ensure_loaded(user) + + cond do + not Authorization.can?(user_with_role, :create, Mv.Membership.Member) -> + {:error, gettext("Only administrators can import members from CSV files.")} + + socket.assigns.import_status == :running -> + {:error, gettext("Import is already running. Please wait for it to complete.")} + + Enum.empty?(socket.assigns.uploads.csv_file.entries) -> + {:error, gettext("Please select a CSV file to import.")} + + not List.first(socket.assigns.uploads.csv_file.entries).done? -> + {:error, + gettext("Please wait for the file upload to complete before starting the import.")} + + true -> + :ok + end + end + + # Processes CSV upload and starts import + defp process_csv_upload(socket) do + actor = MvWeb.LiveHelpers.current_actor(socket) + + with {:ok, content} <- consume_and_read_csv(socket), + {:ok, import_state} <- + MemberCSV.prepare(content, max_rows: Config.csv_import_max_rows(), actor: actor) do + start_import(socket, import_state) + else + {:error, reason} when is_binary(reason) -> + {:noreply, + put_flash( + socket, + :error, + gettext("Failed to prepare CSV import: %{reason}", reason: reason) + )} + + {:error, error} -> + error_message = format_error_message(error) + + {:noreply, + put_flash( + socket, + :error, + gettext("Failed to prepare CSV import: %{error}", error: error_message) + )} + end + end + + # Starts the import process + defp start_import(socket, import_state) do + progress = initialize_import_progress(import_state) + + socket = + socket + |> assign(:import_state, import_state) + |> assign(:import_progress, progress) + |> assign(:import_status, :running) + + send(self(), {:process_chunk, 0}) + + {:noreply, socket} + end + + # Initializes import progress structure + defp initialize_import_progress(import_state) do + %{ + inserted: 0, + failed: 0, + errors: [], + warnings: import_state.warnings || [], + status: :running, + current_chunk: 0, + total_chunks: length(import_state.chunks), + errors_truncated?: false + } + end + + # Formats error messages for display + defp format_error_message(error) do + case error do + %{message: msg} when is_binary(msg) -> msg + %{errors: errors} when is_list(errors) -> inspect(errors) + reason when is_binary(reason) -> reason + other -> inspect(other) + end + end + + @impl true + def handle_info({:process_chunk, idx}, socket) do + case socket.assigns do + %{import_state: import_state, import_progress: progress} + when is_map(import_state) and is_map(progress) -> + if idx >= 0 and idx < length(import_state.chunks) do + start_chunk_processing_task(socket, import_state, progress, idx) + else + handle_chunk_error(socket, :invalid_index, idx) + end + + _ -> + # Missing required assigns - mark as error + handle_chunk_error(socket, :missing_state, idx) + end + end + + @impl true + def handle_info({:chunk_done, idx, result}, socket) do + case socket.assigns do + %{import_state: import_state, import_progress: progress} + when is_map(import_state) and is_map(progress) -> + handle_chunk_result(socket, import_state, progress, idx, result) + + _ -> + # Missing required assigns - mark as error + handle_chunk_error(socket, :missing_state, idx) + end + end + + @impl true + def handle_info({:chunk_error, idx, reason}, socket) do + handle_chunk_error(socket, :processing_failed, idx, reason) + end + + # Starts async task to process a chunk + # In tests (SQL sandbox mode), runs synchronously to avoid Ecto Sandbox issues + defp start_chunk_processing_task(socket, import_state, progress, idx) do + chunk = Enum.at(import_state.chunks, idx) + # Ensure user role is loaded before using as actor + user = socket.assigns[:current_user] + actor = Actor.ensure_loaded(user) + live_view_pid = self() + + # Process chunk with existing error count for capping + opts = [ + custom_field_lookup: import_state.custom_field_lookup, + existing_error_count: length(progress.errors), + max_errors: @max_errors, + actor: actor + ] + + # Get locale from socket for translations in background tasks + locale = socket.assigns[:locale] || "de" + Gettext.put_locale(MvWeb.Gettext, locale) + + if Config.sql_sandbox?() do + # Run synchronously in tests to avoid Ecto Sandbox issues with async tasks + {:ok, chunk_result} = + MemberCSV.process_chunk( + chunk, + import_state.column_map, + import_state.custom_field_map, + opts + ) + + # In test mode, send the message - it will be processed when render() is called + # in the test. The test helper wait_for_import_completion() handles message processing + send(live_view_pid, {:chunk_done, idx, chunk_result}) + else + # Start async task to process chunk in production + # Use start_child for fire-and-forget: no monitor, no Task messages + # We only use our own send/2 messages for communication + Task.Supervisor.start_child(Mv.TaskSupervisor, fn -> + # Set locale in task process for translations + Gettext.put_locale(MvWeb.Gettext, locale) + + {:ok, chunk_result} = + MemberCSV.process_chunk( + chunk, + import_state.column_map, + import_state.custom_field_map, + opts + ) + + send(live_view_pid, {:chunk_done, idx, chunk_result}) + end) + end + + {:noreply, socket} + end + + # Handles chunk processing result from async task + defp handle_chunk_result(socket, import_state, progress, idx, chunk_result) do + # Merge progress + new_progress = merge_progress(progress, chunk_result, idx) + + socket = + socket + |> assign(:import_progress, new_progress) + |> assign(:import_status, new_progress.status) + + # Schedule next chunk or mark as done + socket = schedule_next_chunk(socket, idx, length(import_state.chunks)) + + {:noreply, socket} + end + + # Handles chunk processing errors + defp handle_chunk_error(socket, error_type, idx, reason \\ nil) do + error_message = + case error_type do + :invalid_index -> + gettext("Invalid chunk index: %{idx}", idx: idx) + + :missing_state -> + gettext("Import state is missing. Cannot process chunk %{idx}.", idx: idx) + + :processing_failed -> + gettext("Failed to process chunk %{idx}: %{reason}", + idx: idx, + reason: inspect(reason) + ) + end + + socket = + socket + |> assign(:import_status, :error) + |> put_flash(:error, error_message) + + {:noreply, socket} + end + + defp consume_and_read_csv(socket) do + result = + consume_uploaded_entries(socket, :csv_file, fn %{path: path}, _entry -> + case File.read(path) do + {:ok, content} -> {:ok, content} + {:error, reason} -> {:error, Exception.message(reason)} + end + end) + + result + |> case do + [content] when is_binary(content) -> + {:ok, content} + + [{:ok, content}] when is_binary(content) -> + {:ok, content} + + [{:error, reason}] -> + {:error, gettext("Failed to read file: %{reason}", reason: reason)} + + [] -> + {:error, gettext("No file was uploaded")} + + _other -> + {:error, gettext("Failed to read uploaded file")} + end + end + + defp merge_progress(progress, chunk_result, current_chunk_idx) do + # Merge errors with cap of @max_errors overall + all_errors = progress.errors ++ chunk_result.errors + new_errors = Enum.take(all_errors, @max_errors) + errors_truncated? = length(all_errors) > @max_errors + + # Merge warnings (optional dedupe - simple append for now) + new_warnings = progress.warnings ++ Map.get(chunk_result, :warnings, []) + + # Update status based on whether we're done + # current_chunk_idx is 0-based, so after processing chunk 0, we've processed 1 chunk + chunks_processed = current_chunk_idx + 1 + new_status = if chunks_processed >= progress.total_chunks, do: :done, else: :running + + %{ + inserted: progress.inserted + chunk_result.inserted, + failed: progress.failed + chunk_result.failed, + errors: new_errors, + warnings: new_warnings, + status: new_status, + current_chunk: chunks_processed, + total_chunks: progress.total_chunks, + errors_truncated?: errors_truncated? || chunk_result.errors_truncated? + } + end + + defp schedule_next_chunk(socket, current_idx, total_chunks) do + next_idx = current_idx + 1 + + if next_idx < total_chunks do + # Schedule next chunk + send(self(), {:process_chunk, next_idx}) + socket + else + # All chunks processed - status already set to :done in merge_progress + socket + end + end +end diff --git a/lib/mv_web/router.ex b/lib/mv_web/router.ex index 2cbd6ab..b5bc616 100644 --- a/lib/mv_web/router.ex +++ b/lib/mv_web/router.ex @@ -88,6 +88,9 @@ defmodule MvWeb.Router do live "/admin/roles/:id", RoleLive.Show, :show live "/admin/roles/:id/edit", RoleLive.Form, :edit + # Import/Export (Admin only) + live "/admin/import-export", ImportExportLive + post "/set_locale", LocaleController, :set_locale end From 3d46ba655f6ada5ba3ade196f37b984355e07280 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 14:34:24 +0100 Subject: [PATCH 05/84] Add Actor.permission_set_name/1 and admin?/1 for consistent capability checks - Actor.permission_set_name(actor) returns role's permission set (supports nil role load). - Actor.admin?(actor) returns true for system user or admin permission set. - ActorIsAdmin policy check delegates to Actor.admin?/1. --- lib/mv/authorization/actor.ex | 51 +++++++++++++++++-- lib/mv/authorization/checks/actor_is_admin.ex | 13 ++--- 2 files changed, 52 insertions(+), 12 deletions(-) diff --git a/lib/mv/authorization/actor.ex b/lib/mv/authorization/actor.ex index 3482043..bfc99ed 100644 --- a/lib/mv/authorization/actor.ex +++ b/lib/mv/authorization/actor.ex @@ -1,6 +1,7 @@ defmodule Mv.Authorization.Actor do @moduledoc """ - Helper functions for ensuring User actors have required data loaded. + Helper functions for ensuring User actors have required data loaded + and for querying actor capabilities (e.g. admin, permission set). ## Actor Invariant @@ -27,8 +28,11 @@ defmodule Mv.Authorization.Actor do assign(socket, :current_user, user) end - # In tests - user = Actor.ensure_loaded(user) + # Check if actor is admin (policy checks, validations) + if Actor.admin?(actor), do: ... + + # Get permission set name (string or nil) + ps_name = Actor.permission_set_name(actor) ## Security Note @@ -47,6 +51,8 @@ defmodule Mv.Authorization.Actor do require Logger + alias Mv.Helpers.SystemActor + @doc """ Ensures the actor (User) has their `:role` relationship loaded. @@ -96,4 +102,43 @@ defmodule Mv.Authorization.Actor do actor end end + + @doc """ + Returns the actor's permission set name (string or atom) from their role, or nil. + + Ensures role is loaded (including when role is nil). Supports both atom and + string keys for session/socket assigns. Use for capability checks consistent + with `ActorIsAdmin` and `HasPermission`. + """ + @spec permission_set_name(Mv.Accounts.User.t() | map() | nil) :: String.t() | atom() | nil + def permission_set_name(nil), do: nil + + def permission_set_name(actor) do + actor = actor |> ensure_loaded() |> maybe_load_role() + + get_in(actor, [Access.key(:role), Access.key(:permission_set_name)]) || + get_in(actor, [Access.key("role"), Access.key("permission_set_name")]) + end + + @doc """ + Returns true if the actor is the system user or has the admin permission set. + + Use for validations and policy checks that require admin capability (e.g. + changing a linked member's email). Consistent with `ActorIsAdmin` policy check. + """ + @spec admin?(Mv.Accounts.User.t() | map() | nil) :: boolean() + def admin?(nil), do: false + + def admin?(actor) do + SystemActor.system_user?(actor) or permission_set_name(actor) in ["admin", :admin] + end + + defp maybe_load_role(%Mv.Accounts.User{role: nil} = user) do + case Ash.load(user, :role, domain: Mv.Accounts, authorize?: false) do + {:ok, loaded} -> loaded + _ -> user + end + end + + defp maybe_load_role(actor), do: actor end diff --git a/lib/mv/authorization/checks/actor_is_admin.ex b/lib/mv/authorization/checks/actor_is_admin.ex index 2328876..8ab038a 100644 --- a/lib/mv/authorization/checks/actor_is_admin.ex +++ b/lib/mv/authorization/checks/actor_is_admin.ex @@ -3,20 +3,15 @@ defmodule Mv.Authorization.Checks.ActorIsAdmin do Policy check: true when the actor's role has permission_set_name "admin". Used to restrict actions (e.g. User.update_user for member link/unlink) to admins only. + Delegates to `Mv.Authorization.Actor.admin?/1` for consistency. """ use Ash.Policy.SimpleCheck + alias Mv.Authorization.Actor + @impl true def describe(_opts), do: "actor has admin permission set" @impl true - def match?(nil, _context, _opts), do: false - - def match?(actor, _context, _opts) do - ps_name = - get_in(actor, [Access.key(:role), Access.key(:permission_set_name)]) || - get_in(actor, [Access.key("role"), Access.key("permission_set_name")]) - - ps_name == "admin" - end + def match?(actor, _context, _opts), do: Actor.admin?(actor) end From ad02f8914f2193cefb6f2fe9fda5abc24e6e1665 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 14:35:08 +0100 Subject: [PATCH 06/84] Use EmailSync.Loader.get_linked_user in EmailNotUsedByOtherUser Remove duplicate get_linked_user_id; reuse Loader for linked user lookup. --- .../validations/email_not_used_by_other_user.ex | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/lib/mv/membership/member/validations/email_not_used_by_other_user.ex b/lib/mv/membership/member/validations/email_not_used_by_other_user.ex index f9fba1b..1ee8ab0 100644 --- a/lib/mv/membership/member/validations/email_not_used_by_other_user.ex +++ b/lib/mv/membership/member/validations/email_not_used_by_other_user.ex @@ -8,6 +8,8 @@ defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do This allows creating members with the same email as unlinked users. """ use Ash.Resource.Validation + + alias Mv.EmailSync.Loader alias Mv.Helpers require Logger @@ -32,7 +34,8 @@ defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do def validate(changeset, _opts, _context) do email_changing? = Ash.Changeset.changing_attribute?(changeset, :email) - linked_user_id = get_linked_user_id(changeset.data) + linked_user = Loader.get_linked_user(changeset.data) + linked_user_id = if linked_user, do: linked_user.id, else: nil is_linked? = not is_nil(linked_user_id) # Only validate if member is already linked AND email is changing @@ -76,16 +79,4 @@ defmodule Mv.Membership.Member.Validations.EmailNotUsedByOtherUser do defp maybe_exclude_id(query, nil), do: query defp maybe_exclude_id(query, id), do: Ash.Query.filter(query, id != ^id) - - defp get_linked_user_id(member_data) do - alias Mv.Helpers.SystemActor - - system_actor = SystemActor.get_system_actor() - opts = Helpers.ash_actor_opts(system_actor) - - case Ash.load(member_data, :user, opts) do - {:ok, %{user: %{id: id}}} -> id - _ -> nil - end - end end From 4ea31f0f37098ece2f10d7a1cf2d89d03bc71492 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 14:35:32 +0100 Subject: [PATCH 07/84] Add email-change permission validation for linked members Only admins or the linked user may change a linked member's email. - New validation EmailChangePermission (uses Actor.admin?, Loader.get_linked_user). - Register on Member update_member; docs and gettext. --- docs/email-sync.md | 1 + lib/membership/member.ex | 4 + .../validations/email_change_permission.ex | 69 +++++ priv/gettext/de/LC_MESSAGES/default.po | 18 +- priv/gettext/default.pot | 5 + priv/gettext/en/LC_MESSAGES/default.po | 18 +- .../member_email_validation_test.exs | 237 ++++++++++++++++++ 7 files changed, 324 insertions(+), 28 deletions(-) create mode 100644 lib/mv/membership/member/validations/email_change_permission.ex create mode 100644 test/mv/membership/member_email_validation_test.exs diff --git a/docs/email-sync.md b/docs/email-sync.md index c191ff4..5675145 100644 --- a/docs/email-sync.md +++ b/docs/email-sync.md @@ -4,6 +4,7 @@ 2. **DB constraints** - Prevent duplicates within same table (users.email, members.email) 3. **Custom validations** - Prevent cross-table conflicts only for linked entities 4. **Sync is bidirectional**: User ↔ Member (but User always wins on link) +5. **Linked member email change** - When a member is linked, only administrators or the linked user may change that member's email (Member resource validation `EmailChangePermission`). This keeps email sync under control and prevents non-admins from changing another user's linked member email. --- diff --git a/lib/membership/member.ex b/lib/membership/member.ex index 7b49c86..8213ecb 100644 --- a/lib/membership/member.ex +++ b/lib/membership/member.ex @@ -25,6 +25,7 @@ defmodule Mv.Membership.Member do - Postal code format: exactly 5 digits (German format) - Date validations: join_date not in future, exit_date after join_date - Email uniqueness: prevents conflicts with unlinked users + - Linked member email change: only admins or the linked user may change a linked member's email (see `Mv.Membership.Member.Validations.EmailChangePermission`) ## Full-Text Search Members have a `search_vector` attribute (tsvector) that is automatically @@ -381,6 +382,9 @@ defmodule Mv.Membership.Member do # Validates that member email is not already used by another (unlinked) user validate Mv.Membership.Member.Validations.EmailNotUsedByOtherUser + # Only admins or the linked user may change a linked member's email (prevents breaking sync) + validate Mv.Membership.Member.Validations.EmailChangePermission, on: [:update] + # Prevent linking to a user that already has a member # This validation prevents "stealing" users from other members by checking # if the target user is already linked to a different member diff --git a/lib/mv/membership/member/validations/email_change_permission.ex b/lib/mv/membership/member/validations/email_change_permission.ex new file mode 100644 index 0000000..0a53de1 --- /dev/null +++ b/lib/mv/membership/member/validations/email_change_permission.ex @@ -0,0 +1,69 @@ +defmodule Mv.Membership.Member.Validations.EmailChangePermission do + @moduledoc """ + Validates that only admins or the linked user may change a linked member's email. + + This validation runs on member update when the email attribute is changing. + It allows the change only if: + - The member is not linked to a user, or + - The actor has the admin permission set (via `Mv.Authorization.Actor.admin?/1`), or + - The actor is the user linked to this member (actor.member_id == member.id). + + This prevents non-admins from changing another user's linked member email, + which would sync to that user's account and break email synchronization. + + No system-actor fallback: missing actor is treated as not allowed. + """ + use Ash.Resource.Validation + use Gettext, backend: MvWeb.Gettext, otp_app: :mv + + alias Mv.Authorization.Actor + alias Mv.EmailSync.Loader + + @doc """ + Validates that the actor may change the member's email when the member is linked. + + Only runs when the email attribute is changing (checked inside). Skips when + member is not linked. Allows when actor is admin or owns the linked member. + """ + @impl true + def validate(changeset, _opts, context) do + if Ash.Changeset.changing_attribute?(changeset, :email) do + validate_linked_member_email_change(changeset, context) + else + :ok + end + end + + defp validate_linked_member_email_change(changeset, context) do + linked_user = Loader.get_linked_user(changeset.data) + + if is_nil(linked_user) do + :ok + else + actor = resolve_actor(changeset, context) + member_id = changeset.data.id + + if Actor.admin?(actor) or actor_owns_member?(actor, member_id) do + :ok + else + msg = + dgettext("default", "Only administrators can change email for members linked to users") + + {:error, field: :email, message: msg} + end + end + end + + # Ash stores actor in changeset.context.private.actor; validation context also has .actor + defp resolve_actor(changeset, context) do + get_in(changeset.context || %{}, [:private, :actor]) || + (context && Map.get(context, :actor)) + end + + defp actor_owns_member?(nil, _member_id), do: false + + defp actor_owns_member?(actor, member_id) do + actor_member_id = Map.get(actor, :member_id) || Map.get(actor, "member_id") + actor_member_id == member_id + end +end diff --git a/priv/gettext/de/LC_MESSAGES/default.po b/priv/gettext/de/LC_MESSAGES/default.po index 041507b..3f71644 100644 --- a/priv/gettext/de/LC_MESSAGES/default.po +++ b/priv/gettext/de/LC_MESSAGES/default.po @@ -2298,17 +2298,7 @@ msgstr "Verwende die Namen der Datenfelder als Spaltennamen in der CSV Datei. Da msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." msgstr "Unbekannte Spalte '%{header}' wird ignoriert. Falls dies ein Datenfeld ist, erstellen Sie es in Mila vor dem Import." -#~ #: lib/mv_web/live/global_settings_live.ex -#~ #, elixir-autogen, elixir-format, fuzzy -#~ msgid "Custom Fields in CSV Import" -#~ msgstr "Benutzerdefinierte Felder" - -#~ #: lib/mv_web/live/global_settings_live.ex -#~ #, elixir-autogen, elixir-format, fuzzy -#~ msgid "Individual data fields must be created in Mila before importing. Use the field name as the CSV column header. Unknown custom field columns will be ignored with a warning." -#~ msgstr "Individuelle Datenfelder müssen in Mila erstellt werden, bevor sie importiert werden können. Verwenden Sie den Namen des Datenfeldes als CSV-Spaltenüberschrift. Unbekannte Spaltenüberschriften werden mit einer Warnung ignoriert." - -#~ #: lib/mv_web/live/global_settings_live.ex -#~ #, elixir-autogen, elixir-format -#~ msgid "Manage Custom Fields" -#~ msgstr "Benutzerdefinierte Felder verwalten" +#: lib/mv/membership/member/validations/email_change_permission.ex +#, elixir-autogen, elixir-format +msgid "Only administrators can change email for members linked to users" +msgstr "Nur Administrator*innen können die E-Mail von Mitgliedern ändern, die mit Benutzer*innen verknüpft sind." diff --git a/priv/gettext/default.pot b/priv/gettext/default.pot index 2861f2d..7418c9b 100644 --- a/priv/gettext/default.pot +++ b/priv/gettext/default.pot @@ -2298,3 +2298,8 @@ msgstr "" #, elixir-autogen, elixir-format msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." msgstr "" + +#: lib/mv/membership/member/validations/email_change_permission.ex +#, elixir-autogen, elixir-format +msgid "Only administrators can change email for members linked to users" +msgstr "" diff --git a/priv/gettext/en/LC_MESSAGES/default.po b/priv/gettext/en/LC_MESSAGES/default.po index 3fe9ce3..db00450 100644 --- a/priv/gettext/en/LC_MESSAGES/default.po +++ b/priv/gettext/en/LC_MESSAGES/default.po @@ -2299,17 +2299,7 @@ msgstr "" msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." msgstr "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." -#~ #: lib/mv_web/live/global_settings_live.ex -#~ #, elixir-autogen, elixir-format, fuzzy -#~ msgid "Custom Fields in CSV Import" -#~ msgstr "" - -#~ #: lib/mv_web/live/global_settings_live.ex -#~ #, elixir-autogen, elixir-format, fuzzy -#~ msgid "Individual data fields must be created in Mila before importing. Use the field name as the CSV column header. Unknown custom field columns will be ignored with a warning." -#~ msgstr "" - -#~ #: lib/mv_web/live/global_settings_live.ex -#~ #, elixir-autogen, elixir-format -#~ msgid "Manage Custom Fields" -#~ msgstr "" +#: lib/mv/membership/member/validations/email_change_permission.ex +#, elixir-autogen, elixir-format +msgid "Only administrators can change email for members linked to users" +msgstr "Only administrators can change email for members linked to users" diff --git a/test/mv/membership/member_email_validation_test.exs b/test/mv/membership/member_email_validation_test.exs new file mode 100644 index 0000000..3d2ef68 --- /dev/null +++ b/test/mv/membership/member_email_validation_test.exs @@ -0,0 +1,237 @@ +defmodule Mv.Membership.MemberEmailValidationTest do + @moduledoc """ + Tests for Member email-change permission validation. + + When a member is linked to a user, only admins or the linked user may change + that member's email. Unlinked members and non-email updates are unaffected. + """ + use Mv.DataCase, async: false + + alias Mv.Accounts + alias Mv.Authorization + alias Mv.Helpers.SystemActor + alias Mv.Membership + + setup do + system_actor = SystemActor.get_system_actor() + %{actor: system_actor} + end + + defp create_role_with_permission_set(permission_set_name, actor) do + role_name = "Test Role #{permission_set_name} #{System.unique_integer([:positive])}" + + case Authorization.create_role( + %{ + name: role_name, + description: "Test role for #{permission_set_name}", + permission_set_name: permission_set_name + }, + actor: actor + ) do + {:ok, role} -> role + {:error, error} -> raise "Failed to create role: #{inspect(error)}" + end + end + + defp create_user_with_permission_set(permission_set_name, actor) do + role = create_role_with_permission_set(permission_set_name, actor) + + {:ok, user} = + Accounts.User + |> Ash.Changeset.for_create(:register_with_password, %{ + email: "user#{System.unique_integer([:positive])}@example.com", + password: "testpassword123" + }) + |> Ash.create(actor: actor) + + {:ok, user} = + user + |> Ash.Changeset.for_update(:update, %{}) + |> Ash.Changeset.manage_relationship(:role, role, type: :append_and_remove) + |> Ash.update(actor: actor) + + {:ok, user_with_role} = Ash.load(user, :role, domain: Mv.Accounts, actor: actor) + user_with_role + end + + defp create_admin_user(actor) do + create_user_with_permission_set("admin", actor) + end + + defp create_linked_member_for_user(user, actor) do + admin = create_admin_user(actor) + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Linked", + last_name: "Member", + email: "linked#{System.unique_integer([:positive])}@example.com" + }, + actor: admin + ) + + user + |> Ash.Changeset.for_update(:update, %{}) + |> Ash.Changeset.force_change_attribute(:member_id, member.id) + |> Ash.update(actor: admin, domain: Mv.Accounts, return_notifications?: false) + + member + end + + defp create_unlinked_member(actor) do + admin = create_admin_user(actor) + + {:ok, member} = + Membership.create_member( + %{ + first_name: "Unlinked", + last_name: "Member", + email: "unlinked#{System.unique_integer([:positive])}@example.com" + }, + actor: admin + ) + + member + end + + describe "unlinked member" do + test "normal_user can update email of unlinked member", %{actor: actor} do + normal_user = create_user_with_permission_set("normal_user", actor) + unlinked_member = create_unlinked_member(actor) + + new_email = "new#{System.unique_integer([:positive])}@example.com" + + assert {:ok, updated} = + Membership.update_member(unlinked_member, %{email: new_email}, actor: normal_user) + + assert updated.email == new_email + end + + test "validation does not block when member has no linked user", %{actor: actor} do + normal_user = create_user_with_permission_set("normal_user", actor) + unlinked_member = create_unlinked_member(actor) + + new_email = "other#{System.unique_integer([:positive])}@example.com" + + assert {:ok, _} = + Membership.update_member(unlinked_member, %{email: new_email}, actor: normal_user) + end + end + + describe "linked member – another user's member" do + test "normal_user cannot update email of another user's linked member", %{actor: actor} do + user_a = create_user_with_permission_set("own_data", actor) + linked_member = create_linked_member_for_user(user_a, actor) + + normal_user_b = create_user_with_permission_set("normal_user", actor) + new_email = "other#{System.unique_integer([:positive])}@example.com" + + assert {:error, %Ash.Error.Invalid{} = error} = + Membership.update_member(linked_member, %{email: new_email}, actor: normal_user_b) + + error_str = Exception.message(error) + assert error_str =~ "administrators" + assert error_str =~ "linked to users" + end + + test "admin can update email of linked member", %{actor: actor} do + user_a = create_user_with_permission_set("own_data", actor) + linked_member = create_linked_member_for_user(user_a, actor) + admin = create_admin_user(actor) + + new_email = "admin_changed#{System.unique_integer([:positive])}@example.com" + + assert {:ok, updated} = + Membership.update_member(linked_member, %{email: new_email}, actor: admin) + + assert updated.email == new_email + end + end + + describe "linked member – own member" do + test "own_data user can update email of their own linked member", %{actor: actor} do + own_data_user = create_user_with_permission_set("own_data", actor) + linked_member = create_linked_member_for_user(own_data_user, actor) + + {:ok, own_data_user} = + Ash.get(Accounts.User, own_data_user.id, domain: Mv.Accounts, load: [:role], actor: actor) + + {:ok, own_data_user} = + Ash.load(own_data_user, :member, domain: Mv.Accounts, actor: actor) + + new_email = "own_updated#{System.unique_integer([:positive])}@example.com" + + assert {:ok, updated} = + Membership.update_member(linked_member, %{email: new_email}, actor: own_data_user) + + assert updated.email == new_email + end + + test "normal_user with linked member can update email of that same member", %{actor: actor} do + normal_user = create_user_with_permission_set("normal_user", actor) + linked_member = create_linked_member_for_user(normal_user, actor) + + {:ok, normal_user} = + Ash.get(Accounts.User, normal_user.id, domain: Mv.Accounts, load: [:role], actor: actor) + + {:ok, normal_user} = Ash.load(normal_user, :member, domain: Mv.Accounts, actor: actor) + + new_email = "normal_own#{System.unique_integer([:positive])}@example.com" + + assert {:ok, updated} = + Membership.update_member(linked_member, %{email: new_email}, actor: normal_user) + + assert updated.email == new_email + end + end + + describe "no-op / other fields" do + test "updating only other attributes on linked member as normal_user does not trigger validation error", + %{actor: actor} do + user_a = create_user_with_permission_set("own_data", actor) + linked_member = create_linked_member_for_user(user_a, actor) + normal_user_b = create_user_with_permission_set("normal_user", actor) + + assert {:ok, updated} = + Membership.update_member(linked_member, %{first_name: "UpdatedName"}, + actor: normal_user_b + ) + + assert updated.first_name == "UpdatedName" + assert updated.email == linked_member.email + end + + test "updating email of linked member as admin succeeds", %{actor: actor} do + user_a = create_user_with_permission_set("own_data", actor) + linked_member = create_linked_member_for_user(user_a, actor) + admin = create_admin_user(actor) + + new_email = "admin_ok#{System.unique_integer([:positive])}@example.com" + + assert {:ok, updated} = + Membership.update_member(linked_member, %{email: new_email}, actor: admin) + + assert updated.email == new_email + end + end + + describe "read_only" do + test "read_only cannot update any member (policy rejects before validation)", %{actor: actor} do + read_only_user = create_user_with_permission_set("read_only", actor) + linked_member = create_linked_member_for_user(read_only_user, actor) + + {:ok, read_only_user} = + Ash.get(Accounts.User, read_only_user.id, + domain: Mv.Accounts, + load: [:role], + actor: actor + ) + + assert {:error, %Ash.Error.Forbidden{}} = + Membership.update_member(linked_member, %{email: "changed@example.com"}, + actor: read_only_user + ) + end + end +end From b2e9aff35958568ccaa7476744fcb281cab41155 Mon Sep 17 00:00:00 2001 From: carla Date: Tue, 3 Feb 2026 14:37:48 +0100 Subject: [PATCH 08/84] test: add tests --- test/membership/group_test.exs | 2 +- test/membership/member_group_test.exs | 2 +- .../live/global_settings_live_config_test.exs | 9 +- .../mv_web/live/global_settings_live_test.exs | 607 ---------------- test/mv_web/live/import_export_live_test.exs | 655 ++++++++++++++++++ 5 files changed, 662 insertions(+), 613 deletions(-) create mode 100644 test/mv_web/live/import_export_live_test.exs diff --git a/test/membership/group_test.exs b/test/membership/group_test.exs index 1c84eeb..c51bc66 100644 --- a/test/membership/group_test.exs +++ b/test/membership/group_test.exs @@ -2,7 +2,7 @@ defmodule Mv.Membership.GroupTest do @moduledoc """ Tests for Group resource validations, CRUD operations, and relationships. """ - use Mv.DataCase, async: true + use Mv.DataCase, async: false alias Mv.Membership diff --git a/test/membership/member_group_test.exs b/test/membership/member_group_test.exs index b3c048f..4dd4ae8 100644 --- a/test/membership/member_group_test.exs +++ b/test/membership/member_group_test.exs @@ -2,7 +2,7 @@ defmodule Mv.Membership.MemberGroupTest do @moduledoc """ Tests for MemberGroup join table resource - validations and cascade delete behavior. """ - use Mv.DataCase, async: true + use Mv.DataCase, async: false alias Mv.Membership diff --git a/test/mv_web/live/global_settings_live_config_test.exs b/test/mv_web/live/global_settings_live_config_test.exs index 1f06145..73f831f 100644 --- a/test/mv_web/live/global_settings_live_config_test.exs +++ b/test/mv_web/live/global_settings_live_config_test.exs @@ -39,9 +39,10 @@ defmodule MvWeb.GlobalSettingsLiveConfigTest do original_config = Application.get_env(:mv, :csv_import, []) try do + # Arrange: Set custom row limit to 500 Application.put_env(:mv, :csv_import, max_rows: 500) - {:ok, view, _html} = live(conn, ~p"/settings") + {:ok, view, _html} = live(conn, ~p"/admin/import-export") # Generate CSV with 501 rows (exceeding custom limit of 500) header = "first_name;last_name;email;street;postal_code;city\n" @@ -53,17 +54,17 @@ defmodule MvWeb.GlobalSettingsLiveConfigTest do large_csv = header <> Enum.join(rows) - # Simulate file upload using helper function + # Act: Upload CSV and submit form upload_csv_file(view, large_csv, "too_many_rows_custom.csv") view |> form("#csv-upload-form", %{}) |> render_submit() + # Assert: Import should be rejected with error message html = render(view) # Business rule: import should be rejected when exceeding configured limit - assert html =~ "exceeds" or html =~ "maximum" or html =~ "limit" or - html =~ "Failed to prepare" + assert html =~ "Failed to prepare CSV import" after # Restore original config Application.put_env(:mv, :csv_import, original_config) diff --git a/test/mv_web/live/global_settings_live_test.exs b/test/mv_web/live/global_settings_live_test.exs index 083c813..86680f3 100644 --- a/test/mv_web/live/global_settings_live_test.exs +++ b/test/mv_web/live/global_settings_live_test.exs @@ -3,22 +3,6 @@ defmodule MvWeb.GlobalSettingsLiveTest do import Phoenix.LiveViewTest alias Mv.Membership - # Helper function to upload CSV file in tests - # Reduces code duplication across multiple test cases - defp upload_csv_file(view, csv_content, filename \\ "test_import.csv") do - view - |> file_input("#csv-upload-form", :csv_file, [ - %{ - last_modified: System.system_time(:second), - name: filename, - content: csv_content, - size: byte_size(csv_content), - type: "text/csv" - } - ]) - |> render_upload(filename) - end - describe "Global Settings LiveView" do setup %{conn: conn} do user = create_test_user(%{email: "admin@example.com"}) @@ -97,595 +81,4 @@ defmodule MvWeb.GlobalSettingsLiveTest do assert render(view) =~ "updated" or render(view) =~ "success" end end - - describe "CSV Import Section" do - test "admin user sees import section", %{conn: conn} do - {:ok, _view, html} = live(conn, ~p"/settings") - - # Check for import section heading or identifier - assert html =~ "Import" or html =~ "CSV" or html =~ "member_import" - end - - test "admin user sees custom fields notice", %{conn: conn} do - {:ok, _view, html} = live(conn, ~p"/settings") - - # Check for custom fields notice text - assert html =~ "Use the data field name" - end - - test "admin user sees template download links", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - html = render(view) - - # Check for English template link - assert html =~ "member_import_en.csv" or html =~ "/templates/member_import_en.csv" - - # Check for German template link - assert html =~ "member_import_de.csv" or html =~ "/templates/member_import_de.csv" - end - - test "template links use static path helper", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - html = render(view) - - # Check that links contain the static path pattern - # Static paths typically start with /templates/ or contain the full path - assert html =~ "/templates/member_import_en.csv" or - html =~ ~r/href=["'][^"']*member_import_en\.csv["']/ - - assert html =~ "/templates/member_import_de.csv" or - html =~ ~r/href=["'][^"']*member_import_de\.csv["']/ - end - - test "admin user sees file upload input", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - html = render(view) - - # Check for file input element - assert html =~ ~r/type=["']file["']/i or html =~ "phx-hook" or html =~ "upload" - end - - test "file upload has CSV-only restriction", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - html = render(view) - - # Check for CSV file type restriction in help text or accept attribute - assert html =~ ~r/\.csv/i or html =~ "CSV" or html =~ ~r/accept=["'][^"']*csv["']/i - end - - test "non-admin user does not see import section", %{conn: conn} do - # Member (own_data) is redirected when accessing /settings (no page permission) - member_user = Mv.Fixtures.user_with_role_fixture("own_data") - conn = MvWeb.ConnCase.conn_with_password_user(conn, member_user) - - assert {:error, {:redirect, %{to: to}}} = live(conn, ~p"/settings") - assert to == "/users/#{member_user.id}" - end - end - - describe "CSV Import - Import" do - setup %{conn: conn} do - # Ensure admin user - admin_user = Mv.Fixtures.user_with_role_fixture("admin") - conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) - - # Read valid CSV fixture - csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "valid_member_import.csv"]) - |> File.read!() - - {:ok, conn: conn, admin_user: admin_user, csv_content: csv_content} - end - - test "admin can upload CSV and start import", %{conn: conn, csv_content: csv_content} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content) - - # Trigger start_import event via form submit - assert view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Check that import has started or shows appropriate message - html = render(view) - # Either import started successfully OR we see a specific error (not admin error) - import_started = html =~ "Import in progress" or html =~ "running" or html =~ "progress" - no_admin_error = not (html =~ "Only administrators can import") - # If import failed, it should be a CSV parsing error, not an admin error - if html =~ "Failed to prepare CSV import" do - # This is acceptable - CSV might have issues, but admin check passed - assert no_admin_error - else - # Import should have started - assert import_started or html =~ "CSV File" - end - end - - test "admin import initializes progress correctly", %{conn: conn, csv_content: csv_content} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content) - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Check that import has started or shows appropriate message - html = render(view) - # Either import started successfully OR we see a specific error (not admin error) - import_started = html =~ "Import in progress" or html =~ "running" or html =~ "progress" - no_admin_error = not (html =~ "Only administrators can import") - # If import failed, it should be a CSV parsing error, not an admin error - if html =~ "Failed to prepare CSV import" do - # This is acceptable - CSV might have issues, but admin check passed - assert no_admin_error - else - # Import should have started - assert import_started or html =~ "CSV File" - end - end - - test "non-admin cannot start import", %{conn: conn} do - # Member (own_data) is redirected when accessing /settings (no page permission) - member_user = Mv.Fixtures.user_with_role_fixture("own_data") - conn = MvWeb.ConnCase.conn_with_password_user(conn, member_user) - - assert {:error, {:redirect, %{to: to}}} = live(conn, ~p"/settings") - assert to == "/users/#{member_user.id}" - end - - test "invalid CSV shows user-friendly error", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Create invalid CSV (missing required fields) - invalid_csv = "invalid_header\nincomplete_row" - - # Simulate file upload using helper function - upload_csv_file(view, invalid_csv, "invalid.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Check for error message (flash) - html = render(view) - assert html =~ "error" or html =~ "failed" or html =~ "Failed to prepare" - end - - @tag :skip - test "empty CSV shows error", %{conn: conn} do - # Skip this test - Phoenix LiveView has issues with empty file uploads in tests - # The error is handled correctly in production, but test framework has limitations - {:ok, view, _html} = live(conn, ~p"/settings") - - empty_csv = " " - csv_path = Path.join([System.tmp_dir!(), "empty_#{System.unique_integer()}.csv"]) - File.write!(csv_path, empty_csv) - - view - |> file_input("#csv-upload-form", :csv_file, [ - %{ - last_modified: System.system_time(:second), - name: "empty.csv", - content: empty_csv, - size: byte_size(empty_csv), - type: "text/csv" - } - ]) - |> render_upload("empty.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Check for error message - html = render(view) - assert html =~ "error" or html =~ "empty" or html =~ "failed" or html =~ "Failed to prepare" - end - end - - describe "CSV Import - Step 3: Chunk Processing" do - setup %{conn: conn} do - # Ensure admin user - admin_user = Mv.Fixtures.user_with_role_fixture("admin") - conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) - - # Read valid CSV fixture - valid_csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "valid_member_import.csv"]) - |> File.read!() - - # Read invalid CSV fixture - invalid_csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "invalid_member_import.csv"]) - |> File.read!() - - {:ok, - conn: conn, - admin_user: admin_user, - valid_csv_content: valid_csv_content, - invalid_csv_content: invalid_csv_content} - end - - test "happy path: valid CSV processes all chunks and shows done status", %{ - conn: conn, - valid_csv_content: csv_content - } do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content) - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for processing to complete - # In test mode, chunks are processed synchronously and messages are sent via send/2 - # render(view) processes handle_info messages, so we call it multiple times - # to ensure all messages are processed - # Use the same approach as "success rendering" test which works - Process.sleep(1000) - - html = render(view) - # Should show success count (inserted count) - assert html =~ "Inserted" or html =~ "inserted" or html =~ "2" - # Should show completed status - assert html =~ "completed" or html =~ "done" or html =~ "Import completed" or - has_element?(view, "[data-testid='import-results-panel']") - end - - test "error handling: invalid CSV shows errors with line numbers", %{ - conn: conn, - invalid_csv_content: csv_content - } do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content, "invalid_import.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for chunk processing - Process.sleep(500) - - html = render(view) - # Should show failure count > 0 - assert html =~ "failed" or html =~ "error" or html =~ "Failed" - - # Should show line numbers in errors (from service, not recalculated) - # Line numbers should be 2, 3 (header is line 1) - assert html =~ "2" or html =~ "3" or html =~ "line" - end - - test "error cap: many failing rows caps errors at 50", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Generate CSV with 100 invalid rows (all missing email) - header = "first_name;last_name;email;street;postal_code;city\n" - invalid_rows = for i <- 1..100, do: "Row#{i};Last#{i};;Street#{i};12345;City#{i}\n" - large_invalid_csv = header <> Enum.join(invalid_rows) - - # Simulate file upload using helper function - upload_csv_file(view, large_invalid_csv, "large_invalid.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for chunk processing - Process.sleep(1000) - - html = render(view) - # Should show failed count == 100 - assert html =~ "100" or html =~ "failed" - - # Errors should be capped at 50 (but we can't easily check exact count in HTML) - # The important thing is that processing completes without crashing - assert html =~ "done" or html =~ "complete" or html =~ "finished" - end - - test "chunk scheduling: progress updates show chunk processing", %{ - conn: conn, - valid_csv_content: csv_content - } do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content) - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait a bit for processing to start - Process.sleep(200) - - # Check that status area exists (with aria-live for accessibility) - html = render(view) - - assert html =~ "aria-live" or html =~ "status" or html =~ "progress" or - html =~ "Processing" or html =~ "chunk" - - # Final state should be :done - Process.sleep(500) - final_html = render(view) - assert final_html =~ "done" or final_html =~ "complete" or final_html =~ "finished" - end - end - - describe "CSV Import - Step 4: Results UI" do - setup %{conn: conn} do - # Ensure admin user - admin_user = Mv.Fixtures.user_with_role_fixture("admin") - conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) - - # Read valid CSV fixture - valid_csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "valid_member_import.csv"]) - |> File.read!() - - # Read invalid CSV fixture - invalid_csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "invalid_member_import.csv"]) - |> File.read!() - - # Read CSV with unknown custom field - unknown_custom_field_csv = - Path.join([__DIR__, "..", "..", "fixtures", "csv_with_unknown_custom_field.csv"]) - |> File.read!() - - {:ok, - conn: conn, - admin_user: admin_user, - valid_csv_content: valid_csv_content, - invalid_csv_content: invalid_csv_content, - unknown_custom_field_csv: unknown_custom_field_csv} - end - - test "success rendering: valid CSV shows success count", %{ - conn: conn, - valid_csv_content: csv_content - } do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content) - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for processing to complete - Process.sleep(1000) - - html = render(view) - # Should show success count (inserted count) - assert html =~ "Inserted" or html =~ "inserted" or html =~ "2" - # Should show completed status - assert html =~ "completed" or html =~ "done" or html =~ "Import completed" - end - - test "error rendering: invalid CSV shows failure count and error list with line numbers", %{ - conn: conn, - invalid_csv_content: csv_content - } do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Simulate file upload using helper function - upload_csv_file(view, csv_content, "invalid_import.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for processing - Process.sleep(1000) - - html = render(view) - # Should show failure count - assert html =~ "Failed" or html =~ "failed" - - # Should show error list with line numbers (from service, not recalculated) - assert html =~ "Line" or html =~ "line" or html =~ "2" or html =~ "3" - # Should show error messages - assert html =~ "error" or html =~ "Error" or html =~ "Errors" - end - - test "warning rendering: CSV with unknown custom field shows warnings block", %{ - conn: conn, - unknown_custom_field_csv: csv_content - } do - {:ok, view, _html} = live(conn, ~p"/settings") - - csv_path = - Path.join([System.tmp_dir!(), "unknown_custom_#{System.unique_integer()}.csv"]) - - File.write!(csv_path, csv_content) - - view - |> file_input("#csv-upload-form", :csv_file, [ - %{ - last_modified: System.system_time(:second), - name: "unknown_custom.csv", - content: csv_content, - size: byte_size(csv_content), - type: "text/csv" - } - ]) - |> render_upload("unknown_custom.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for processing - Process.sleep(1000) - - html = render(view) - # Should show warnings block (if warnings were generated) - # Warnings are generated when unknown custom field columns are detected - # Check if warnings section exists OR if import completed successfully - has_warnings = html =~ "Warning" or html =~ "warning" or html =~ "Warnings" - import_completed = html =~ "completed" or html =~ "done" or html =~ "Import Results" - - # If warnings exist, they should contain the column name - if has_warnings do - assert html =~ "UnknownCustomField" or html =~ "unknown" or html =~ "Unknown column" or - html =~ "will be ignored" - end - - # Import should complete (either with or without warnings) - assert import_completed - end - - test "A11y: file input has label", %{conn: conn} do - {:ok, _view, html} = live(conn, ~p"/settings") - - # Check for label associated with file input - assert html =~ ~r/]*for=["']csv_file["']/i or - html =~ ~r/]*>.*CSV File/i - end - - test "A11y: status/progress container has aria-live", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - html = render(view) - # Check for aria-live attribute in status area - assert html =~ ~r/aria-live=["']polite["']/i - end - - test "A11y: links have descriptive text", %{conn: conn} do - {:ok, _view, html} = live(conn, ~p"/settings") - - # Check that links have descriptive text (not just "click here") - # Template links should have text like "English Template" or "German Template" - assert html =~ "English Template" or html =~ "German Template" or - html =~ "English" or html =~ "German" - - # Custom Fields section should have descriptive text (Data Field button) - # The component uses "New Data Field" button, not a link - assert html =~ "Data Field" or html =~ "New Data Field" - end - end - - describe "CSV Import - Step 5: Edge Cases" do - setup %{conn: conn} do - # Ensure admin user - admin_user = Mv.Fixtures.user_with_role_fixture("admin") - conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) - - {:ok, conn: conn, admin_user: admin_user} - end - - test "BOM + semicolon delimiter: import succeeds", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Read CSV with BOM - csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "csv_with_bom_semicolon.csv"]) - |> File.read!() - - # Simulate file upload using helper function - upload_csv_file(view, csv_content, "bom_import.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for processing - Process.sleep(1000) - - html = render(view) - # Should succeed (BOM is stripped automatically) - assert html =~ "completed" or html =~ "done" or html =~ "Inserted" - # Should not show error about BOM - refute html =~ "BOM" or html =~ "encoding" - end - - test "empty lines: line numbers in errors correspond to physical CSV lines", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # CSV with empty line: header (line 1), valid row (line 2), empty (line 3), invalid (line 4) - csv_content = - Path.join([__DIR__, "..", "..", "fixtures", "csv_with_empty_lines.csv"]) - |> File.read!() - - # Simulate file upload using helper function - upload_csv_file(view, csv_content, "empty_lines.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - # Wait for processing - Process.sleep(1000) - - html = render(view) - # Should show error with correct line number (line 4, not line 3) - # The error should be on the line with invalid email, which is after the empty line - assert html =~ "Line 4" or html =~ "line 4" or html =~ "4" - # Should show error message - assert html =~ "error" or html =~ "Error" or html =~ "invalid" - end - - test "too many rows (1001): import is rejected with user-friendly error", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Generate CSV with 1001 rows dynamically - header = "first_name;last_name;email;street;postal_code;city\n" - - rows = - for i <- 1..1001 do - "Row#{i};Last#{i};email#{i}@example.com;Street#{i};12345;City#{i}\n" - end - - large_csv = header <> Enum.join(rows) - - # Simulate file upload using helper function - upload_csv_file(view, large_csv, "too_many_rows.csv") - - view - |> form("#csv-upload-form", %{}) - |> render_submit() - - html = render(view) - # Should show user-friendly error about row limit - assert html =~ "exceeds" or html =~ "maximum" or html =~ "limit" or html =~ "1000" or - html =~ "Failed to prepare" - end - - test "wrong file type (.txt): upload shows error", %{conn: conn} do - {:ok, view, _html} = live(conn, ~p"/settings") - - # Create .txt file (not .csv) - txt_content = "This is not a CSV file\nJust some text\n" - txt_path = Path.join([System.tmp_dir!(), "wrong_type_#{System.unique_integer()}.txt"]) - File.write!(txt_path, txt_content) - - # Try to upload .txt file - # Note: allow_upload is configured to accept only .csv, so this should fail - # In tests, we can't easily simulate file type rejection, but we can check - # that the UI shows appropriate help text - html = render(view) - # Should show CSV-only restriction in help text - assert html =~ "CSV" or html =~ "csv" or html =~ ".csv" - end - - test "file input has correct accept attribute for CSV only", %{conn: conn} do - {:ok, _view, html} = live(conn, ~p"/settings") - - # Check that file input has accept attribute for CSV - assert html =~ ~r/accept=["'][^"']*csv["']/i or html =~ "CSV files only" - end - end end diff --git a/test/mv_web/live/import_export_live_test.exs b/test/mv_web/live/import_export_live_test.exs new file mode 100644 index 0000000..1ec25f2 --- /dev/null +++ b/test/mv_web/live/import_export_live_test.exs @@ -0,0 +1,655 @@ +defmodule MvWeb.ImportExportLiveTest do + use MvWeb.ConnCase, async: true + import Phoenix.LiveViewTest + + # Helper function to upload CSV file in tests + # Reduces code duplication across multiple test cases + defp upload_csv_file(view, csv_content, filename \\ "test_import.csv") do + view + |> file_input("#csv-upload-form", :csv_file, [ + %{ + last_modified: System.system_time(:second), + name: filename, + content: csv_content, + size: byte_size(csv_content), + type: "text/csv" + } + ]) + |> render_upload(filename) + end + + describe "Import/Export LiveView" do + setup %{conn: conn} do + admin_user = Mv.Fixtures.user_with_role_fixture("admin") + conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) + {:ok, conn: conn, admin_user: admin_user} + end + + test "renders the import/export page", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + assert html =~ "Import/Export" + end + + test "displays import section for admin user", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + assert html =~ "Import Members (CSV)" + end + + test "displays export section placeholder", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + assert html =~ "Export Members (CSV)" or html =~ "Export" + end + end + + describe "CSV Import Section" do + setup %{conn: conn} do + admin_user = Mv.Fixtures.user_with_role_fixture("admin") + conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) + {:ok, conn: conn, admin_user: admin_user} + end + + test "admin user sees import section", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + # Check for import section heading or identifier + assert html =~ "Import" or html =~ "CSV" or html =~ "member_import" + end + + test "admin user sees custom fields notice", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + # Check for custom fields notice text + assert html =~ "Use the data field name" + end + + test "admin user sees template download links", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + html = render(view) + + # Check for English template link + assert html =~ "member_import_en.csv" or html =~ "/templates/member_import_en.csv" + + # Check for German template link + assert html =~ "member_import_de.csv" or html =~ "/templates/member_import_de.csv" + end + + test "template links use static path helper", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + html = render(view) + + # Check that links contain the static path pattern + # Static paths typically start with /templates/ or contain the full path + assert html =~ "/templates/member_import_en.csv" or + html =~ ~r/href=["'][^"']*member_import_en\.csv["']/ + + assert html =~ "/templates/member_import_de.csv" or + html =~ ~r/href=["'][^"']*member_import_de\.csv["']/ + end + + test "admin user sees file upload input", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + html = render(view) + + # Check for file input element + assert html =~ ~r/type=["']file["']/i or html =~ "phx-hook" or html =~ "upload" + end + + test "file upload has CSV-only restriction", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + html = render(view) + + # Check for CSV file type restriction in help text or accept attribute + assert html =~ ~r/\.csv/i or html =~ "CSV" or html =~ ~r/accept=["'][^"']*csv["']/i + end + + test "non-admin user sees permission error", %{conn: conn} do + # Member (own_data) user + member_user = Mv.Fixtures.user_with_role_fixture("own_data") + conn = MvWeb.ConnCase.conn_with_password_user(conn, member_user) + + # Router plug redirects non-admin users before LiveView loads + assert {:error, {:redirect, %{to: redirect_path, flash: %{"error" => error_message}}}} = + live(conn, ~p"/admin/import-export") + + # Should redirect to user profile page + assert redirect_path =~ "/users/" + # Should show permission error in flash + assert error_message =~ "don't have permission" + end + end + + describe "CSV Import - Import" do + setup %{conn: conn} do + # Ensure admin user + admin_user = Mv.Fixtures.user_with_role_fixture("admin") + conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) + + # Read valid CSV fixture + csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "valid_member_import.csv"]) + |> File.read!() + + {:ok, conn: conn, admin_user: admin_user, csv_content: csv_content} + end + + test "admin can upload CSV and start import", %{conn: conn, csv_content: csv_content} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content) + + # Trigger start_import event via form submit + assert view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Check that import has started or shows appropriate message + html = render(view) + # Either import started successfully OR we see a specific error (not admin error) + import_started = html =~ "Import in progress" or html =~ "running" or html =~ "progress" + no_admin_error = not (html =~ "Only administrators can import") + # If import failed, it should be a CSV parsing error, not an admin error + if html =~ "Failed to prepare CSV import" do + # This is acceptable - CSV might have issues, but admin check passed + assert no_admin_error + else + # Import should have started + assert import_started or html =~ "CSV File" + end + end + + test "admin import initializes progress correctly", %{conn: conn, csv_content: csv_content} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content) + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Check that import has started or shows appropriate message + html = render(view) + # Either import started successfully OR we see a specific error (not admin error) + import_started = html =~ "Import in progress" or html =~ "running" or html =~ "progress" + no_admin_error = not (html =~ "Only administrators can import") + # If import failed, it should be a CSV parsing error, not an admin error + if html =~ "Failed to prepare CSV import" do + # This is acceptable - CSV might have issues, but admin check passed + assert no_admin_error + else + # Import should have started + assert import_started or html =~ "CSV File" + end + end + + test "non-admin cannot start import", %{conn: conn} do + # Member (own_data) user + member_user = Mv.Fixtures.user_with_role_fixture("own_data") + conn = MvWeb.ConnCase.conn_with_password_user(conn, member_user) + + # Router plug redirects non-admin users before LiveView loads + assert {:error, {:redirect, %{to: redirect_path, flash: %{"error" => error_message}}}} = + live(conn, ~p"/admin/import-export") + + # Should redirect to user profile page + assert redirect_path =~ "/users/" + # Should show permission error in flash + assert error_message =~ "don't have permission" + end + + test "invalid CSV shows user-friendly error", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Create invalid CSV (missing required fields) + invalid_csv = "invalid_header\nincomplete_row" + + # Simulate file upload using helper function + upload_csv_file(view, invalid_csv, "invalid.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Check for error message (flash) + html = render(view) + assert html =~ "error" or html =~ "failed" or html =~ "Failed to prepare" + end + + @tag :skip + test "empty CSV shows error", %{conn: conn} do + # Skip this test - Phoenix LiveView has issues with empty file uploads in tests + # The error is handled correctly in production, but test framework has limitations + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + empty_csv = " " + csv_path = Path.join([System.tmp_dir!(), "empty_#{System.unique_integer()}.csv"]) + File.write!(csv_path, empty_csv) + + view + |> file_input("#csv-upload-form", :csv_file, [ + %{ + last_modified: System.system_time(:second), + name: "empty.csv", + content: empty_csv, + size: byte_size(empty_csv), + type: "text/csv" + } + ]) + |> render_upload("empty.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Check for error message + html = render(view) + assert html =~ "error" or html =~ "empty" or html =~ "failed" or html =~ "Failed to prepare" + end + end + + describe "CSV Import - Step 3: Chunk Processing" do + setup %{conn: conn} do + # Ensure admin user + admin_user = Mv.Fixtures.user_with_role_fixture("admin") + conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) + + # Read valid CSV fixture + valid_csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "valid_member_import.csv"]) + |> File.read!() + + # Read invalid CSV fixture + invalid_csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "invalid_member_import.csv"]) + |> File.read!() + + {:ok, + conn: conn, + admin_user: admin_user, + valid_csv_content: valid_csv_content, + invalid_csv_content: invalid_csv_content} + end + + test "happy path: valid CSV processes all chunks and shows done status", %{ + conn: conn, + valid_csv_content: csv_content + } do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content) + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for processing to complete + # In test mode, chunks are processed synchronously and messages are sent via send/2 + # render(view) processes handle_info messages, so we call it multiple times + # to ensure all messages are processed + # Use the same approach as "success rendering" test which works + Process.sleep(1000) + + html = render(view) + # Should show success count (inserted count) + assert html =~ "Inserted" or html =~ "inserted" or html =~ "2" + # Should show completed status + assert html =~ "completed" or html =~ "done" or html =~ "Import completed" or + has_element?(view, "[data-testid='import-results-panel']") + end + + test "error handling: invalid CSV shows errors with line numbers", %{ + conn: conn, + invalid_csv_content: csv_content + } do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content, "invalid_import.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for chunk processing + Process.sleep(500) + + html = render(view) + # Should show failure count > 0 + assert html =~ "failed" or html =~ "error" or html =~ "Failed" + + # Should show line numbers in errors (from service, not recalculated) + # Line numbers should be 2, 3 (header is line 1) + assert html =~ "2" or html =~ "3" or html =~ "line" + end + + test "error cap: many failing rows caps errors at 50", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Generate CSV with 100 invalid rows (all missing email) + header = "first_name;last_name;email;street;postal_code;city\n" + invalid_rows = for i <- 1..100, do: "Row#{i};Last#{i};;Street#{i};12345;City#{i}\n" + large_invalid_csv = header <> Enum.join(invalid_rows) + + # Simulate file upload using helper function + upload_csv_file(view, large_invalid_csv, "large_invalid.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for chunk processing + Process.sleep(1000) + + html = render(view) + # Should show failed count == 100 + assert html =~ "100" or html =~ "failed" + + # Errors should be capped at 50 (but we can't easily check exact count in HTML) + # The important thing is that processing completes without crashing + assert html =~ "done" or html =~ "complete" or html =~ "finished" + end + + test "chunk scheduling: progress updates show chunk processing", %{ + conn: conn, + valid_csv_content: csv_content + } do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content) + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait a bit for processing to start + Process.sleep(200) + + # Check that status area exists (with aria-live for accessibility) + html = render(view) + + assert html =~ "aria-live" or html =~ "status" or html =~ "progress" or + html =~ "Processing" or html =~ "chunk" + + # Final state should be :done + Process.sleep(500) + final_html = render(view) + assert final_html =~ "done" or final_html =~ "complete" or final_html =~ "finished" + end + end + + describe "CSV Import - Step 4: Results UI" do + setup %{conn: conn} do + # Ensure admin user + admin_user = Mv.Fixtures.user_with_role_fixture("admin") + conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) + + # Read valid CSV fixture + valid_csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "valid_member_import.csv"]) + |> File.read!() + + # Read invalid CSV fixture + invalid_csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "invalid_member_import.csv"]) + |> File.read!() + + # Read CSV with unknown custom field + unknown_custom_field_csv = + Path.join([__DIR__, "..", "..", "fixtures", "csv_with_unknown_custom_field.csv"]) + |> File.read!() + + {:ok, + conn: conn, + admin_user: admin_user, + valid_csv_content: valid_csv_content, + invalid_csv_content: invalid_csv_content, + unknown_custom_field_csv: unknown_custom_field_csv} + end + + test "success rendering: valid CSV shows success count", %{ + conn: conn, + valid_csv_content: csv_content + } do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content) + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for processing to complete + Process.sleep(1000) + + html = render(view) + # Should show success count (inserted count) + assert html =~ "Inserted" or html =~ "inserted" or html =~ "2" + # Should show completed status + assert html =~ "completed" or html =~ "done" or html =~ "Import completed" + end + + test "error rendering: invalid CSV shows failure count and error list with line numbers", %{ + conn: conn, + invalid_csv_content: csv_content + } do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Simulate file upload using helper function + upload_csv_file(view, csv_content, "invalid_import.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for processing + Process.sleep(1000) + + html = render(view) + # Should show failure count + assert html =~ "Failed" or html =~ "failed" + + # Should show error list with line numbers (from service, not recalculated) + assert html =~ "Line" or html =~ "line" or html =~ "2" or html =~ "3" + # Should show error messages + assert html =~ "error" or html =~ "Error" or html =~ "Errors" + end + + test "warning rendering: CSV with unknown custom field shows warnings block", %{ + conn: conn, + unknown_custom_field_csv: csv_content + } do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + csv_path = + Path.join([System.tmp_dir!(), "unknown_custom_#{System.unique_integer()}.csv"]) + + File.write!(csv_path, csv_content) + + view + |> file_input("#csv-upload-form", :csv_file, [ + %{ + last_modified: System.system_time(:second), + name: "unknown_custom.csv", + content: csv_content, + size: byte_size(csv_content), + type: "text/csv" + } + ]) + |> render_upload("unknown_custom.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for processing + Process.sleep(1000) + + html = render(view) + # Should show warnings block (if warnings were generated) + # Warnings are generated when unknown custom field columns are detected + # Check if warnings section exists OR if import completed successfully + has_warnings = html =~ "Warning" or html =~ "warning" or html =~ "Warnings" + import_completed = html =~ "completed" or html =~ "done" or html =~ "Import Results" + + # If warnings exist, they should contain the column name + if has_warnings do + assert html =~ "UnknownCustomField" or html =~ "unknown" or html =~ "Unknown column" or + html =~ "will be ignored" + end + + # Import should complete (either with or without warnings) + assert import_completed + end + + test "A11y: file input has label", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + # Check for label associated with file input + assert html =~ ~r/]*for=["']csv_file["']/i or + html =~ ~r/]*>.*CSV File/i + end + + test "A11y: status/progress container has aria-live", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + html = render(view) + # Check for aria-live attribute in status area + assert html =~ ~r/aria-live=["']polite["']/i + end + + test "A11y: links have descriptive text", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + # Check that links have descriptive text (not just "click here") + # Template links should have text like "English Template" or "German Template" + assert html =~ "English Template" or html =~ "German Template" or + html =~ "English" or html =~ "German" + + # Custom Fields section should have descriptive text (Data Field button) + # The component uses "New Data Field" button, not a link + assert html =~ "Data Field" or html =~ "New Data Field" or html =~ "Manage Memberdata" + end + end + + describe "CSV Import - Step 5: Edge Cases" do + setup %{conn: conn} do + # Ensure admin user + admin_user = Mv.Fixtures.user_with_role_fixture("admin") + conn = MvWeb.ConnCase.conn_with_password_user(conn, admin_user) + + {:ok, conn: conn, admin_user: admin_user} + end + + test "BOM + semicolon delimiter: import succeeds", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Read CSV with BOM + csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "csv_with_bom_semicolon.csv"]) + |> File.read!() + + # Simulate file upload using helper function + upload_csv_file(view, csv_content, "bom_import.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for processing + Process.sleep(1000) + + html = render(view) + # Should succeed (BOM is stripped automatically) + assert html =~ "completed" or html =~ "done" or html =~ "Inserted" + # Should not show error about BOM + refute html =~ "BOM" or html =~ "encoding" + end + + test "empty lines: line numbers in errors correspond to physical CSV lines", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # CSV with empty line: header (line 1), valid row (line 2), empty (line 3), invalid (line 4) + csv_content = + Path.join([__DIR__, "..", "..", "fixtures", "csv_with_empty_lines.csv"]) + |> File.read!() + + # Simulate file upload using helper function + upload_csv_file(view, csv_content, "empty_lines.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + # Wait for processing + Process.sleep(1000) + + html = render(view) + # Should show error with correct line number (line 4, not line 3) + # The error should be on the line with invalid email, which is after the empty line + assert html =~ "Line 4" or html =~ "line 4" or html =~ "4" + # Should show error message + assert html =~ "error" or html =~ "Error" or html =~ "invalid" + end + + test "too many rows (1001): import is rejected with user-friendly error", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Generate CSV with 1001 rows dynamically + header = "first_name;last_name;email;street;postal_code;city\n" + + rows = + for i <- 1..1001 do + "Row#{i};Last#{i};email#{i}@example.com;Street#{i};12345;City#{i}\n" + end + + large_csv = header <> Enum.join(rows) + + # Simulate file upload using helper function + upload_csv_file(view, large_csv, "too_many_rows.csv") + + view + |> form("#csv-upload-form", %{}) + |> render_submit() + + html = render(view) + # Should show user-friendly error about row limit + assert html =~ "exceeds" or html =~ "maximum" or html =~ "limit" or html =~ "1000" or + html =~ "Failed to prepare" + end + + test "wrong file type (.txt): upload shows error", %{conn: conn} do + {:ok, view, _html} = live(conn, ~p"/admin/import-export") + + # Create .txt file (not .csv) + txt_content = "This is not a CSV file\nJust some text\n" + txt_path = Path.join([System.tmp_dir!(), "wrong_type_#{System.unique_integer()}.txt"]) + File.write!(txt_path, txt_content) + + # Try to upload .txt file + # Note: allow_upload is configured to accept only .csv, so this should fail + # In tests, we can't easily simulate file type rejection, but we can check + # that the UI shows appropriate help text + html = render(view) + # Should show CSV-only restriction in help text + assert html =~ "CSV" or html =~ "csv" or html =~ ".csv" + end + + test "file input has correct accept attribute for CSV only", %{conn: conn} do + {:ok, _view, html} = live(conn, ~p"/admin/import-export") + + # Check that file input has accept attribute for CSV + assert html =~ ~r/accept=["'][^"']*csv["']/i or html =~ "CSV files only" + end + end +end From 96daf2a089a9073d5de180373b0870708e9e427c Mon Sep 17 00:00:00 2001 From: carla Date: Tue, 3 Feb 2026 14:57:45 +0100 Subject: [PATCH 09/84] docs: update changelog --- CODE_GUIDELINES.md | 96 +++++++++++++++++++- docs/database-schema-readme.md | 37 ++++++-- docs/development-progress-log.md | 147 ++++++++++++++++++++++++++++++- docs/feature-roadmap.md | 45 ++++++++-- 4 files changed, 311 insertions(+), 14 deletions(-) diff --git a/CODE_GUIDELINES.md b/CODE_GUIDELINES.md index 0a87836..c7bcfa6 100644 --- a/CODE_GUIDELINES.md +++ b/CODE_GUIDELINES.md @@ -84,6 +84,8 @@ lib/ │ ├── custom_field_value.ex # Custom field value resource │ ├── custom_field.ex # CustomFieldValue type resource │ ├── setting.ex # Global settings (singleton resource) +│ ├── group.ex # Group resource +│ ├── member_group.ex # MemberGroup join table resource │ └── email.ex # Email custom type ├── membership_fees/ # MembershipFees domain │ ├── membership_fees.ex # Domain definition @@ -149,6 +151,8 @@ lib/ │ │ ├── membership_fee_type_live/ # Membership fee type LiveViews │ │ ├── membership_fee_settings_live.ex # Membership fee settings │ │ ├── global_settings_live.ex # Global settings +│ │ ├── group_live/ # Group management LiveViews +│ │ ├── import_export_live.ex # CSV import/export LiveView │ │ └── contribution_type_live/ # Contribution types (mock-up) │ ├── auth_overrides.ex # AshAuthentication overrides │ ├── endpoint.ex # Phoenix endpoint @@ -641,7 +645,95 @@ def card(assigns) do end ``` -### 3.3 System Actor Pattern +### 3.3 CSV Import Configuration + +**CSV Import Limits:** + +CSV import functionality supports configurable limits to prevent resource exhaustion: + +```elixir +# config/config.exs +config :mv, + csv_import: [ + max_file_size_mb: 10, # Maximum file size in megabytes + max_rows: 1000 # Maximum number of data rows (excluding header) + ] +``` + +**Accessing Configuration:** + +Use `Mv.Config` helper functions: + +```elixir +# Get max file size in bytes +max_bytes = Mv.Config.csv_import_max_file_size_bytes() + +# Get max file size in megabytes +max_mb = Mv.Config.csv_import_max_file_size_mb() + +# Get max rows +max_rows = Mv.Config.csv_import_max_rows() +``` + +**Best Practices:** +- Set reasonable limits based on server resources +- Display limits to users in UI +- Validate file size before upload +- Process imports in chunks (default: 200 rows per chunk) +- Cap error collection (default: 50 errors per import) + +### 3.4 Page-Level Authorization + +**CheckPagePermission Plug:** + +Use `MvWeb.Plugs.CheckPagePermission` for page-level authorization: + +```elixir +# lib/mv_web/router.ex +defmodule MvWeb.Router do + use MvWeb, :router + + # Add plug to router pipeline + pipeline :browser do + plug :accepts, ["html"] + plug :fetch_session + plug :fetch_live_flash + plug :put_root_layout, html: {MvWeb.Layouts, :root} + plug :protect_from_forgery + plug :put_secure_browser_headers + plug MvWeb.Plugs.CheckPagePermission # Page-level authorization + end +end +``` + +**Permission Set Route Matrix:** + +Routes are mapped to permission sets: +- `own_data`: Can access `/profile` and `/members/:id` (own linked member only) +- `read_only`: Can read all data, cannot modify +- `normal_user`: Can read and modify most data +- `admin`: Full access to all routes + +**Usage in LiveViews:** + +```elixir +# Check page access before mount +def mount(_params, _session, socket) do + actor = current_actor(socket) + + if MvWeb.Authorization.can_access_page?(actor, "/admin/roles") do + {:ok, assign(socket, :roles, load_roles(actor))} + else + {:ok, redirect(socket, to: ~p"/")} + end +end +``` + +**Public Paths:** + +Public paths (login, OIDC callbacks) are excluded from permission checks automatically. + +### 3.5 System Actor Pattern **When to Use System Actor:** @@ -726,7 +818,7 @@ Two mechanisms exist for bypassing standard authorization: **See also:** `docs/roles-and-permissions-architecture.md` (Authorization Bootstrap Patterns section) -### 3.4 Ash Framework +### 3.6 Ash Framework **Resource Definition Best Practices:** diff --git a/docs/database-schema-readme.md b/docs/database-schema-readme.md index 15e4e33..6bf11de 100644 --- a/docs/database-schema-readme.md +++ b/docs/database-schema-readme.md @@ -15,10 +15,10 @@ This document provides a comprehensive overview of the Mila Membership Managemen | Metric | Count | |--------|-------| -| **Tables** | 9 | +| **Tables** | 11 | | **Domains** | 4 (Accounts, Membership, MembershipFees, Authorization) | -| **Relationships** | 7 | -| **Indexes** | 20+ | +| **Relationships** | 9 | +| **Indexes** | 25+ | | **Triggers** | 1 (Full-text search) | ## Tables Overview @@ -77,6 +77,23 @@ This document provides a comprehensive overview of the Mila Membership Managemen - Membership fee default settings - Environment variable support for club name +#### `groups` +- **Purpose:** Group definitions for organizing members +- **Rows (Estimated):** Low (typically 5-20 groups per club) +- **Key Features:** + - Unique group names (case-insensitive) + - URL-friendly slugs (auto-generated, immutable) + - Optional descriptions + - Many-to-many relationship with members + +#### `member_groups` +- **Purpose:** Join table for many-to-many relationship between members and groups +- **Rows (Estimated):** Medium to High (multiple groups per member) +- **Key Features:** + - Unique constraint on (member_id, group_id) + - CASCADE delete on both sides + - Efficient indexes for queries + ### Authorization Domain #### `roles` @@ -100,6 +117,10 @@ Member (1) → (N) MembershipFeeCycles ↓ MembershipFeeType (1) +Member (N) ←→ (N) Group + ↓ ↓ + MemberGroups (N) MemberGroups (N) + Settings (1) → MembershipFeeType (0..1) ``` @@ -145,6 +166,12 @@ Settings (1) → MembershipFeeType (0..1) - Settings can reference a default fee type - `ON DELETE SET NULL` - if fee type is deleted, setting is cleared +9. **Member ↔ Group (N:N via MemberGroup)** + - Many-to-many relationship through `member_groups` join table + - `ON DELETE CASCADE` on both sides - removing member/group removes associations + - Unique constraint on (member_id, group_id) prevents duplicates + - Groups searchable via member search vector + ## Important Business Rules ### Email Synchronization @@ -509,7 +536,7 @@ mix run priv/repo/seeds.exs --- -**Last Updated:** 2026-01-13 -**Schema Version:** 1.4 +**Last Updated:** 2026-01-27 +**Schema Version:** 1.5 **Database:** PostgreSQL 17.6 (dev) / 16 (prod) diff --git a/docs/development-progress-log.md b/docs/development-progress-log.md index 928558e..1dcf994 100644 --- a/docs/development-progress-log.md +++ b/docs/development-progress-log.md @@ -1752,8 +1752,151 @@ This project demonstrates a modern Phoenix application built with: --- -**Document Version:** 1.4 -**Last Updated:** 2026-01-13 +--- + +## Recent Updates (2026-01-13 to 2026-01-27) + +### Groups Feature Implementation (2026-01-27) + +**PR #378:** *Add groups resource* (closes #371) +- Created `Mv.Membership.Group` resource with name, slug, description +- Created `Mv.Membership.MemberGroup` join table for many-to-many relationship +- Automatic slug generation from name (immutable after creation) +- Case-insensitive name uniqueness via LOWER(name) index +- Database migration: `20260127141620_add_groups_and_member_groups.exs` + +**PR #382:** *Groups Admin UI* (closes #372) +- Groups management LiveViews (`/groups`) +- Create, edit, delete groups with confirmation +- Member count display per group +- Add/remove members from groups +- Groups displayed in member overview and detail views +- Filter and sort by groups in member list + +**Key Features:** +- Many-to-many relationship: Members can belong to multiple groups +- Groups searchable via member search vector (full-text search) +- CASCADE delete: Removing member/group removes associations +- Unique constraint prevents duplicate member-group associations + +### CSV Import Feature Implementation (2026-01-27) + +**PR #359:** *Implements CSV Import UI* (closes #335) +- Import/Export LiveView (`/import_export`) +- CSV file upload with auto-upload +- Real-time import progress tracking +- Error and warning reporting +- Chunked processing (200 rows per chunk) + +**PR #394:** *Adds config for import limits* (closes #336) +- Configurable maximum file size (default: 10 MB) +- Configurable maximum rows (default: 1000) +- Configuration via `config :mv, csv_import: [max_file_size_mb: ..., max_rows: ...]` +- UI displays limits to users + +**PR #395:** *Implements custom field CSV import* (closes #338) +- Support for importing custom field values via CSV +- Custom field mapping by slug or name +- Validation of custom field value types +- Error reporting with line numbers and field names +- CSV templates (German and English) available for download + +**Key Features:** +- Member field import (email, first_name, last_name, etc.) +- Custom field value import (all types: string, integer, boolean, date, email) +- Error capping (max 50 errors per import to prevent memory issues) +- Async chunk processing with progress updates +- Admin-only access (requires `:create` permission on Member resource) + +### Page Permission Router Plug (2026-01-27) + +**PR #390:** *Page Permission Router Plug* (closes #388) +- `MvWeb.Plugs.CheckPagePermission` plug for page-level authorization +- Route-based permission checking +- Automatic redirects for unauthorized access +- Integration with permission sets (own_data, read_only, normal_user, admin) +- Documentation: `docs/page-permission-route-coverage.md` + +**Key Features:** +- Page-level access control before LiveView mount +- Permission set-based route matrix +- Redirect targets for different permission levels +- Public paths (login, OIDC callbacks) excluded from checks + +### Resource Policies Implementation (2026-01-27) + +**PR #387:** *CustomField Resource Policies* (closes #386) +- CustomField resource policies with actor-based authorization +- Admin-only create/update/destroy operations +- Read access for authenticated users +- No system-actor fallback (explicit actor required) + +**PR #377:** *CustomFieldValue Resource Policies* (closes #369) +- CustomFieldValue resource policies +- own_data permission set: can create/update own linked member's custom field values +- Admin and normal_user: full access +- Bypass read rule for CustomFieldValue pattern (documented) + +**PR #364:** *User Resource Policies* (closes #363) +- User resource policies with scope filtering +- own_data: can read/update own user record +- Admin: full access +- Email change validation for linked members + +### System Actor Improvements (2026-01-27) + +**PR #379:** *Fix System missing system actor in prod and prevent deletion* +- System actor user creation in migrations +- Block update/destroy on system-actor user +- System user handling in UserLive forms +- Normalize system actor email + +**PR #361:** *System Actor Mode for Systemic Flows* (closes #348) +- System actor pattern for systemic operations +- Email synchronization uses system actor +- Cycle generation uses system actor +- Documentation: `docs/roles-and-permissions-architecture.md` (Authorization Bootstrap Patterns) + +**PR #367:** *Remove NoActor bypass* +- Removed NoActor bypass to prevent masking authorization bugs +- All tests now require explicit actor +- Exception: AshAuthentication bypass tests (conscious exception) + +### Email Sync Fixes (2026-01-27) + +**PR #380:** *Fix email sync (user->member) when changing password and email* +- Email sync when admin sets password via `admin_set_password` +- Bidirectional email synchronization improvements +- Validation fixes for linked user-member pairs + +### UI/UX Improvements (2026-01-27) + +**PR #389:** *Change Logo* (closes #385) +- Updated application logo +- Logo display in sidebar and navigation + +**PR #362:** *Add boolean custom field filters to member overview* (closes #309) +- Boolean custom field filtering in member list +- Filter by true/false values +- Integration with existing filter system + +### Test Performance Optimization (2026-01-27) + +**PR #384:** *Minor test refactoring to improve on performance* (closes #383) +- Moved slow tests to nightly test suite +- Optimized policy tests +- Reduced test complexity in seeds tests +- Documentation: `docs/test-performance-optimization.md` + +**Key Changes:** +- Fast tests (standard CI): Business logic, validations, data persistence +- Slow tests (nightly): Performance tests, large datasets, query optimization +- UI tests: Basic HTML rendering, navigation, translations + +--- + +**Document Version:** 1.5 +**Last Updated:** 2026-01-27 **Maintainer:** Development Team **Status:** Living Document (update as project evolves) diff --git a/docs/feature-roadmap.md b/docs/feature-roadmap.md index 1df3eb6..7e28eea 100644 --- a/docs/feature-roadmap.md +++ b/docs/feature-roadmap.md @@ -1,7 +1,7 @@ # Feature Roadmap & Implementation Plan **Project:** Mila - Membership Management System -**Last Updated:** 2026-01-13 +**Last Updated:** 2026-01-27 **Status:** Active Development --- @@ -29,6 +29,10 @@ - ✅ **OIDC account linking with password verification** (PR #192, closes #171) - ✅ **Secure OIDC email collision handling** (PR #192) - ✅ **Automatic linking for passwordless users** (PR #192) +- ✅ **Page Permission Router Plug** - Page-level authorization (PR #390, closes #388, 2026-01-27) + - Route-based permission checking + - Automatic redirects for unauthorized access + - Integration with permission sets **Closed Issues:** - ✅ [#171](https://git.local-it.org/local-it/mitgliederverwaltung/issues/171) - OIDC handling and linking (closed 2025-11-13) @@ -55,6 +59,10 @@ - ✅ [#191](https://git.local-it.org/local-it/mitgliederverwaltung/issues/191) - Implement Roles in Ash (M) - Completed - ✅ [#190](https://git.local-it.org/local-it/mitgliederverwaltung/issues/190) - Implement Permissions in Ash (M) - Completed - ✅ [#151](https://git.local-it.org/local-it/mitgliederverwaltung/issues/151) - Define implementation plan for roles and permissions (M) - Completed +- ✅ [#388](https://git.local-it.org/local-it/mitgliederverwaltung/issues/388) - Page Permission Router Plug (closed 2026-01-27) +- ✅ [#386](https://git.local-it.org/local-it/mitgliederverwaltung/issues/386) - CustomField Resource Policies (closed 2026-01-27) +- ✅ [#369](https://git.local-it.org/local-it/mitgliederverwaltung/issues/369) - CustomFieldValue Resource Policies (closed 2026-01-27) +- ✅ [#363](https://git.local-it.org/local-it/mitgliederverwaltung/issues/363) - User Resource Policies (closed 2026-01-27) --- @@ -73,9 +81,24 @@ - ✅ User-Member linking (optional 1:1) - ✅ Email synchronization between User and Member - ✅ **Bulk email copy** - Copy selected members' email addresses to clipboard (Issue #230) +- ✅ **Groups** - Organize members into groups (PR #378, #382, closes #371, #372, 2026-01-27) + - Many-to-many relationship with groups + - Groups management UI (`/groups`) + - Filter and sort by groups in member list + - Groups displayed in member overview and detail views +- ✅ **CSV Import** - Import members from CSV files (PR #359, #394, #395, closes #335, #336, #338, 2026-01-27) + - Member field import + - Custom field value import + - Real-time progress tracking + - Error reporting **Closed Issues:** - ✅ [#162](https://git.local-it.org/local-it/mitgliederverwaltung/issues/162) - Fuzzy and substring search (closed 2025-11-12) +- ✅ [#371](https://git.local-it.org/local-it/mitgliederverwaltung/issues/371) - Add groups resource (closed 2026-01-27) +- ✅ [#372](https://git.local-it.org/local-it/mitgliederverwaltung/issues/372) - Groups Admin UI (closed 2026-01-27) +- ✅ [#335](https://git.local-it.org/local-it/mitgliederverwaltung/issues/335) - CSV Import UI (closed 2026-01-27) +- ✅ [#336](https://git.local-it.org/local-it/mitgliederverwaltung/issues/336) - Config for import limits (closed 2026-01-27) +- ✅ [#338](https://git.local-it.org/local-it/mitgliederverwaltung/issues/338) - Custom field CSV import (closed 2026-01-27) **Open Issues:** - [#169](https://git.local-it.org/local-it/mitgliederverwaltung/issues/169) - Allow combined creation of Users/Members (M, Low priority) @@ -88,7 +111,7 @@ - ❌ Advanced filters (date ranges, multiple criteria) - ❌ Pagination (currently all members loaded) - ❌ Bulk operations (bulk delete, bulk update) -- ❌ Member import/export (CSV, Excel) +- ❌ Excel import for members - ❌ Member profile photos/avatars - ❌ Member history/audit log - ❌ Duplicate detection @@ -288,12 +311,24 @@ - ✅ **CSV Import Templates** - German and English templates (#329, 2026-01-13) - Template files in `priv/static/templates/member_import_de.csv` and `member_import_en.csv` - CSV specification documented in `docs/csv-member-import-v1.md` +- ✅ **CSV Import Implementation** - Full CSV import feature (#335, #336, #338, 2026-01-27) + - Import/Export LiveView (`/import_export`) + - Member field import (email, first_name, last_name, etc.) + - Custom field value import (all types: string, integer, boolean, date, email) + - Real-time progress tracking + - Error and warning reporting with line numbers + - Configurable limits (max file size, max rows) + - Chunked processing (200 rows per chunk) + - Admin-only access + +**Closed Issues:** +- ✅ [#335](https://git.local-it.org/local-it/mitgliederverwaltung/issues/335) - CSV Import UI (closed 2026-01-27) +- ✅ [#336](https://git.local-it.org/local-it/mitgliederverwaltung/issues/336) - Config for import limits (closed 2026-01-27) +- ✅ [#338](https://git.local-it.org/local-it/mitgliederverwaltung/issues/338) - Custom field CSV import (closed 2026-01-27) **Missing Features:** -- ❌ CSV import implementation (templates ready, import logic pending) - ❌ Excel import for members -- ❌ Import validation and preview -- ❌ Import error handling +- ❌ Import validation preview (before import) - ❌ Bulk data export - ❌ Backup export - ❌ Data migration tools From 7041aa320a45a94150f6e7bc693c1b39b1546240 Mon Sep 17 00:00:00 2001 From: carla Date: Tue, 3 Feb 2026 15:23:35 +0100 Subject: [PATCH 10/84] refactor --- lib/mv_web/live/import_export_live.ex | 690 ++++++++++++------- test/mv_web/live/import_export_live_test.exs | 89 ++- 2 files changed, 492 insertions(+), 287 deletions(-) diff --git a/lib/mv_web/live/import_export_live.ex b/lib/mv_web/live/import_export_live.ex index cdbc332..f844305 100644 --- a/lib/mv_web/live/import_export_live.ex +++ b/lib/mv_web/live/import_export_live.ex @@ -40,7 +40,9 @@ defmodule MvWeb.ImportExportLive do on_mount {MvWeb.LiveHelpers, :ensure_user_role_loaded} - # CSV Import configuration constants + # Maximum number of errors to collect per import to prevent memory issues + # and keep error display manageable. Additional errors are silently dropped + # after this limit is reached. @max_errors 50 @impl true @@ -93,204 +95,11 @@ defmodule MvWeb.ImportExportLive do <%= if Authorization.can?(@current_user, :create, Mv.Membership.Member) do %> <%!-- CSV Import Section --%> <.form_section title={gettext("Import Members (CSV)")}> -
- <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> -
-

- {gettext( - "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of memberdate (like e-mail or first name). Unknown data field columns will be ignored with a warning." - )} -

-

- <.link - href={~p"/settings#custom_fields"} - class="link" - data-testid="custom-fields-link" - > - {gettext("Manage Memberdata")} - -

-
-
- -
-

- {gettext("Download CSV templates:")} -

-
    -
  • - <.link - href={~p"/templates/member_import_en.csv"} - download="member_import_en.csv" - class="link link-primary" - > - {gettext("English Template")} - -
    • -
  • - <.link - href={~p"/templates/member_import_de.csv"} - download="member_import_de.csv" - class="link link-primary" - > - {gettext("German Template")} - -
    • -
-
- - <.form - id="csv-upload-form" - for={%{}} - multipart={true} - phx-change="validate_csv_upload" - phx-submit="start_import" - data-testid="csv-upload-form" - > -
- - <.live_file_input - upload={@uploads.csv_file} - id="csv_file" - class="file-input file-input-bordered w-full" - aria-describedby="csv_file_help" - /> - -
- - <.button - type="submit" - phx-disable-with={gettext("Starting import...")} - variant="primary" - disabled={ - @import_status == :running or - Enum.empty?(@uploads.csv_file.entries) or - @uploads.csv_file.entries |> List.first() |> then(&(&1 && not &1.done?)) - } - data-testid="start-import-button" - > - {gettext("Start Import")} - - - + <%= import_info_box(assigns) %> + <%= template_links(assigns) %> + <%= import_form(assigns) %> <%= if @import_status == :running or @import_status == :done do %> - <%= if @import_progress do %> -
- <%= if @import_progress.status == :running do %> -

- {gettext("Processing chunk %{current} of %{total}...", - current: @import_progress.current_chunk, - total: @import_progress.total_chunks - )} -

- <% end %> - - <%= if @import_progress.status == :done do %> -
-

- {gettext("Import Results")} -

- -
-
-

- {gettext("Summary")} -

-
-

- <.icon - name="hero-check-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Successfully inserted: %{count} member(s)", - count: @import_progress.inserted - )} -

- <%= if @import_progress.failed > 0 do %> -

- <.icon - name="hero-exclamation-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Failed: %{count} row(s)", count: @import_progress.failed)} -

- <% end %> - <%= if @import_progress.errors_truncated? do %> -

- <.icon - name="hero-information-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Error list truncated to %{count} entries", - count: @max_errors - )} -

- <% end %> -
-
- - <%= if length(@import_progress.errors) > 0 do %> -
-

- <.icon - name="hero-exclamation-circle" - class="size-4 inline mr-1" - aria-hidden="true" - /> - {gettext("Errors")} -

-
    - <%= for error <- @import_progress.errors do %> -
  • - {gettext("Line %{line}: %{message}", - line: error.csv_line_number || "?", - message: error.message || gettext("Unknown error") - )} - <%= if error.field do %> - {gettext(" (Field: %{field})", field: error.field)} - <% end %> -
    • - <% end %> -
-
- <% end %> - - <%= if length(@import_progress.warnings) > 0 do %> -
- <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> -
-

- {gettext("Warnings")} -

-
    - <%= for warning <- @import_progress.warnings do %> -
  • {warning}
    • - <% end %> -
-
-
- <% end %> -
-
- <% end %> -
- <% end %> + <%= import_progress(assigns) %> <% end %> @@ -317,6 +126,223 @@ defmodule MvWeb.ImportExportLive do """ end + # Renders the info box explaining CSV import requirements + defp import_info_box(assigns) do + ~H""" +
+ <.icon name="hero-information-circle" class="size-5" aria-hidden="true" /> +
+

+ {gettext( + "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of member data (like e-mail or first name). Unknown data field columns will be ignored with a warning." + )} +

+

+ <.link + href={~p"/settings#custom_fields"} + class="link" + data-testid="custom-fields-link" + > + {gettext("Manage Member Data")} + +

+
+
+ """ + end + + # Renders template download links + defp template_links(assigns) do + ~H""" +
+

+ {gettext("Download CSV templates:")} +

+
    +
  • + <.link + href={~p"/templates/member_import_en.csv"} + download="member_import_en.csv" + class="link link-primary" + > + {gettext("English Template")} + +
    • +
  • + <.link + href={~p"/templates/member_import_de.csv"} + download="member_import_de.csv" + class="link link-primary" + > + {gettext("German Template")} + +
    • +
+
+ """ + end + + # Renders the CSV upload form + defp import_form(assigns) do + ~H""" + <.form + id="csv-upload-form" + for={%{}} + multipart={true} + phx-change="validate_csv_upload" + phx-submit="start_import" + data-testid="csv-upload-form" + > +
+ + <.live_file_input + upload={@uploads.csv_file} + id="csv_file" + class="file-input file-input-bordered w-full" + aria-describedby="csv_file_help" + /> +

+ {gettext("CSV files only, maximum %{size} MB", size: @csv_import_max_file_size_mb)} +

+
+ + <.button + type="submit" + phx-disable-with={gettext("Starting import...")} + variant="primary" + disabled={import_button_disabled?(@import_status, @uploads.csv_file.entries)} + data-testid="start-import-button" + > + {gettext("Start Import")} + + + """ + end + + # Renders import progress and results + defp import_progress(assigns) do + ~H""" + <%= if @import_progress do %> +
+ <%= if @import_progress.status == :running do %> +

+ {gettext("Processing chunk %{current} of %{total}...", + current: @import_progress.current_chunk, + total: @import_progress.total_chunks + )} +

+ <% end %> + + <%= if @import_progress.status == :done do %> + <%= import_results(assigns) %> + <% end %> +
+ <% end %> + """ + end + + # Renders import results summary, errors, and warnings + defp import_results(assigns) do + ~H""" +
+

+ {gettext("Import Results")} +

+ +
+
+

+ {gettext("Summary")} +

+
+

+ <.icon + name="hero-check-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Successfully inserted: %{count} member(s)", + count: @import_progress.inserted + )} +

+ <%= if @import_progress.failed > 0 do %> +

+ <.icon + name="hero-exclamation-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Failed: %{count} row(s)", count: @import_progress.failed)} +

+ <% end %> + <%= if @import_progress.errors_truncated? do %> +

+ <.icon + name="hero-information-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Error list truncated to %{count} entries", count: @max_errors)} +

+ <% end %> +
+
+ + <%= if length(@import_progress.errors) > 0 do %> +
+

+ <.icon + name="hero-exclamation-circle" + class="size-4 inline mr-1" + aria-hidden="true" + /> + {gettext("Errors")} +

+
    + <%= for error <- @import_progress.errors do %> +
  • + {gettext("Line %{line}: %{message}", + line: error.csv_line_number || "?", + message: error.message || gettext("Unknown error") + )} + <%= if error.field do %> + {gettext(" (Field: %{field})", field: error.field)} + <% end %> +
    • + <% end %> +
+
+ <% end %> + + <%= if length(@import_progress.warnings) > 0 do %> + + <% end %> +
+
+ """ + end + @impl true def handle_event("validate_csv_upload", _params, socket) do {:noreply, socket} @@ -333,11 +359,22 @@ defmodule MvWeb.ImportExportLive do end end - # Checks if import can be started (admin permission, status, upload ready) + # Checks if all prerequisites for starting an import are met. + # + # Validates: + # - User has admin permissions + # - No import is currently running + # - CSV file is uploaded and ready + # + # Returns `:ok` if all checks pass, `{:error, message}` otherwise. + # + # Note: on_mount :ensure_user_role_loaded already guarantees the role is loaded, + # so ensure_actor_loaded is primarily for clarity. + @spec check_import_prerequisites(Phoenix.LiveView.Socket.t()) :: + :ok | {:error, String.t()} defp check_import_prerequisites(socket) do - # Ensure user role is loaded before authorization check - user = socket.assigns[:current_user] - user_with_role = Actor.ensure_loaded(user) + # on_mount already ensures role is loaded, but we keep this for clarity + user_with_role = ensure_actor_loaded(socket) cond do not Authorization.can?(user_with_role, :create, Mv.Membership.Member) -> @@ -358,7 +395,12 @@ defmodule MvWeb.ImportExportLive do end end - # Processes CSV upload and starts import + # Processes CSV upload and starts import process. + # + # Reads the uploaded CSV file, prepares it for import, and initiates + # the chunked processing workflow. + @spec process_csv_upload(Phoenix.LiveView.Socket.t()) :: + {:noreply, Phoenix.LiveView.Socket.t()} defp process_csv_upload(socket) do actor = MvWeb.LiveHelpers.current_actor(socket) @@ -382,12 +424,14 @@ defmodule MvWeb.ImportExportLive do put_flash( socket, :error, - gettext("Failed to prepare CSV import: %{error}", error: error_message) + gettext("Failed to prepare CSV import: %{reason}", reason: error_message) )} end end - # Starts the import process + # Starts the import process by initializing progress tracking and scheduling the first chunk. + @spec start_import(Phoenix.LiveView.Socket.t(), map()) :: + {:noreply, Phoenix.LiveView.Socket.t()} defp start_import(socket, import_state) do progress = initialize_import_progress(import_state) @@ -402,7 +446,8 @@ defmodule MvWeb.ImportExportLive do {:noreply, socket} end - # Initializes import progress structure + # Initializes the import progress tracking structure with default values. + @spec initialize_import_progress(map()) :: map() defp initialize_import_progress(import_state) do %{ inserted: 0, @@ -416,13 +461,65 @@ defmodule MvWeb.ImportExportLive do } end - # Formats error messages for display + # Formats error messages for user-friendly display. + # + # Handles various error types including Ash errors, maps with message fields, + # lists of errors, and fallback formatting for unknown types. + @spec format_error_message(any()) :: String.t() defp format_error_message(error) do case error do - %{message: msg} when is_binary(msg) -> msg - %{errors: errors} when is_list(errors) -> inspect(errors) - reason when is_binary(reason) -> reason - other -> inspect(other) + %Ash.Error.Invalid{} = ash_error -> + format_ash_error(ash_error) + + %{message: msg} when is_binary(msg) -> + msg + + %{errors: errors} when is_list(errors) -> + format_error_list(errors) + + reason when is_binary(reason) -> + reason + + other -> + format_unknown_error(other) + end + end + + # Formats Ash validation errors for display + defp format_ash_error(%Ash.Error.Invalid{errors: errors}) when is_list(errors) do + errors + |> Enum.map(&format_single_error/1) + |> Enum.join(", ") + end + + defp format_ash_error(error) do + format_unknown_error(error) + end + + # Formats a list of errors into a readable string + defp format_error_list(errors) do + errors + |> Enum.map(&format_single_error/1) + |> Enum.join(", ") + end + + # Formats a single error item + defp format_single_error(error) when is_map(error) do + Map.get(error, :message) || Map.get(error, :field) || inspect(error, limit: :infinity) + end + + defp format_single_error(error) do + to_string(error) + end + + # Formats unknown error types with truncation for very long messages + defp format_unknown_error(other) do + error_str = inspect(other, limit: :infinity, pretty: true) + + if String.length(error_str) > 200 do + String.slice(error_str, 0, 197) <> "..." + else + error_str end end @@ -431,7 +528,7 @@ defmodule MvWeb.ImportExportLive do case socket.assigns do %{import_state: import_state, import_progress: progress} when is_map(import_state) and is_map(progress) -> - if idx >= 0 and idx < length(import_state.chunks) do + if idx < length(import_state.chunks) do start_chunk_processing_task(socket, import_state, progress, idx) else handle_chunk_error(socket, :invalid_index, idx) @@ -461,13 +558,18 @@ defmodule MvWeb.ImportExportLive do handle_chunk_error(socket, :processing_failed, idx, reason) end - # Starts async task to process a chunk - # In tests (SQL sandbox mode), runs synchronously to avoid Ecto Sandbox issues + # Starts async task to process a chunk of CSV rows. + # + # In tests (SQL sandbox mode), runs synchronously to avoid Ecto Sandbox issues. + @spec start_chunk_processing_task( + Phoenix.LiveView.Socket.t(), + map(), + map(), + non_neg_integer() + ) :: {:noreply, Phoenix.LiveView.Socket.t()} defp start_chunk_processing_task(socket, import_state, progress, idx) do chunk = Enum.at(import_state.chunks, idx) - # Ensure user role is loaded before using as actor - user = socket.assigns[:current_user] - actor = Actor.ensure_loaded(user) + actor = ensure_actor_loaded(socket) live_view_pid = self() # Process chunk with existing error count for capping @@ -484,17 +586,33 @@ defmodule MvWeb.ImportExportLive do if Config.sql_sandbox?() do # Run synchronously in tests to avoid Ecto Sandbox issues with async tasks - {:ok, chunk_result} = - MemberCSV.process_chunk( - chunk, - import_state.column_map, - import_state.custom_field_map, - opts - ) + result = + try do + MemberCSV.process_chunk( + chunk, + import_state.column_map, + import_state.custom_field_map, + opts + ) + rescue + e -> + {:error, Exception.message(e)} + catch + :exit, reason -> + {:error, inspect(reason)} + :throw, reason -> + {:error, inspect(reason)} + end - # In test mode, send the message - it will be processed when render() is called - # in the test. The test helper wait_for_import_completion() handles message processing - send(live_view_pid, {:chunk_done, idx, chunk_result}) + case result do + {:ok, chunk_result} -> + # In test mode, send the message - it will be processed when render() is called + # in the test. The test helper wait_for_import_completion() handles message processing + send(live_view_pid, {:chunk_done, idx, chunk_result}) + + {:error, reason} -> + send(live_view_pid, {:chunk_error, idx, reason}) + end else # Start async task to process chunk in production # Use start_child for fire-and-forget: no monitor, no Task messages @@ -503,22 +621,45 @@ defmodule MvWeb.ImportExportLive do # Set locale in task process for translations Gettext.put_locale(MvWeb.Gettext, locale) - {:ok, chunk_result} = - MemberCSV.process_chunk( - chunk, - import_state.column_map, - import_state.custom_field_map, - opts - ) + result = + try do + MemberCSV.process_chunk( + chunk, + import_state.column_map, + import_state.custom_field_map, + opts + ) + rescue + e -> + {:error, Exception.message(e)} + catch + :exit, reason -> + {:error, inspect(reason)} + :throw, reason -> + {:error, inspect(reason)} + end - send(live_view_pid, {:chunk_done, idx, chunk_result}) + case result do + {:ok, chunk_result} -> + send(live_view_pid, {:chunk_done, idx, chunk_result}) + + {:error, reason} -> + send(live_view_pid, {:chunk_error, idx, reason}) + end end) end {:noreply, socket} end - # Handles chunk processing result from async task + # Handles chunk processing result from async task and schedules the next chunk. + @spec handle_chunk_result( + Phoenix.LiveView.Socket.t(), + map(), + map(), + non_neg_integer(), + map() + ) :: {:noreply, Phoenix.LiveView.Socket.t()} defp handle_chunk_result(socket, import_state, progress, idx, chunk_result) do # Merge progress new_progress = merge_progress(progress, chunk_result, idx) @@ -534,7 +675,13 @@ defmodule MvWeb.ImportExportLive do {:noreply, socket} end - # Handles chunk processing errors + # Handles chunk processing errors and updates socket with error status. + @spec handle_chunk_error( + Phoenix.LiveView.Socket.t(), + :invalid_index | :missing_state | :processing_failed, + non_neg_integer(), + any() + ) :: {:noreply, Phoenix.LiveView.Socket.t()} defp handle_chunk_error(socket, error_type, idx, reason \\ nil) do error_message = case error_type do @@ -559,21 +706,14 @@ defmodule MvWeb.ImportExportLive do {:noreply, socket} end + # Consumes uploaded CSV file entries and reads the file content. + # + # Returns the file content as a binary string or an error tuple. + @spec consume_and_read_csv(Phoenix.LiveView.Socket.t()) :: + {:ok, String.t()} | {:error, String.t()} defp consume_and_read_csv(socket) do - result = - consume_uploaded_entries(socket, :csv_file, fn %{path: path}, _entry -> - case File.read(path) do - {:ok, content} -> {:ok, content} - {:error, reason} -> {:error, Exception.message(reason)} - end - end) - - result - |> case do - [content] when is_binary(content) -> - {:ok, content} - - [{:ok, content}] when is_binary(content) -> + case consume_uploaded_entries(socket, :csv_file, &read_file_entry/2) do + [{:ok, content}] -> {:ok, content} [{:error, reason}] -> @@ -583,10 +723,35 @@ defmodule MvWeb.ImportExportLive do {:error, gettext("No file was uploaded")} _other -> - {:error, gettext("Failed to read uploaded file")} + {:error, gettext("Failed to read uploaded file: unexpected format")} end end + # Reads a single file entry from the uploaded path + @spec read_file_entry(map(), map()) :: {:ok, String.t()} | {:error, String.t()} + defp read_file_entry(%{path: path}, _entry) do + case File.read(path) do + {:ok, content} -> + {:ok, content} + + {:error, reason} when is_atom(reason) -> + # POSIX error atoms (e.g., :enoent) need to be formatted + {:error, :file.format_error(reason)} + + {:error, %File.Error{reason: reason}} -> + # File.Error struct with reason atom + {:error, :file.format_error(reason)} + + {:error, reason} -> + # Fallback for other error types + {:error, Exception.message(reason)} + end + end + + # Merges chunk processing results into the overall import progress. + # + # Handles error capping, warning merging, and status updates. + @spec merge_progress(map(), map(), non_neg_integer()) :: map() defp merge_progress(progress, chunk_result, current_chunk_idx) do # Merge errors with cap of @max_errors overall all_errors = progress.errors ++ chunk_result.errors @@ -613,6 +778,9 @@ defmodule MvWeb.ImportExportLive do } end + # Schedules the next chunk for processing or marks import as complete. + @spec schedule_next_chunk(Phoenix.LiveView.Socket.t(), non_neg_integer(), non_neg_integer()) :: + Phoenix.LiveView.Socket.t() defp schedule_next_chunk(socket, current_idx, total_chunks) do next_idx = current_idx + 1 @@ -625,4 +793,22 @@ defmodule MvWeb.ImportExportLive do socket end end + + # Determines if the import button should be disabled based on import status and upload state + @spec import_button_disabled?(:idle | :running | :done | :error, [map()]) :: boolean() + defp import_button_disabled?(:running, _entries), do: true + defp import_button_disabled?(_status, []), do: true + defp import_button_disabled?(_status, [entry | _]) when not entry.done?, do: true + defp import_button_disabled?(_status, _entries), do: false + + # Ensures the actor (user with role) is loaded from socket assigns. + # + # Note: on_mount :ensure_user_role_loaded already guarantees the role is loaded, + # so this is primarily for clarity and defensive programming. + @spec ensure_actor_loaded(Phoenix.LiveView.Socket.t()) :: Mv.Accounts.User.t() | nil + defp ensure_actor_loaded(socket) do + user = socket.assigns[:current_user] + # on_mount already ensures role is loaded, but we keep this for clarity + Actor.ensure_loaded(user) + end end diff --git a/test/mv_web/live/import_export_live_test.exs b/test/mv_web/live/import_export_live_test.exs index 1ec25f2..4558ba8 100644 --- a/test/mv_web/live/import_export_live_test.exs +++ b/test/mv_web/live/import_export_live_test.exs @@ -150,18 +150,19 @@ defmodule MvWeb.ImportExportLiveTest do |> form("#csv-upload-form", %{}) |> render_submit() - # Check that import has started or shows appropriate message + # Check that import has started using data-testid + # Either import-progress-container exists (import started) OR we see a CSV error html = render(view) - # Either import started successfully OR we see a specific error (not admin error) - import_started = html =~ "Import in progress" or html =~ "running" or html =~ "progress" + import_started = has_element?(view, "[data-testid='import-progress-container']") no_admin_error = not (html =~ "Only administrators can import") + # If import failed, it should be a CSV parsing error, not an admin error if html =~ "Failed to prepare CSV import" do # This is acceptable - CSV might have issues, but admin check passed assert no_admin_error else - # Import should have started - assert import_started or html =~ "CSV File" + # Import should have started - check for progress container + assert import_started end end @@ -175,18 +176,18 @@ defmodule MvWeb.ImportExportLiveTest do |> form("#csv-upload-form", %{}) |> render_submit() - # Check that import has started or shows appropriate message + # Check that import has started using data-testid html = render(view) - # Either import started successfully OR we see a specific error (not admin error) - import_started = html =~ "Import in progress" or html =~ "running" or html =~ "progress" + import_started = has_element?(view, "[data-testid='import-progress-container']") no_admin_error = not (html =~ "Only administrators can import") + # If import failed, it should be a CSV parsing error, not an admin error if html =~ "Failed to prepare CSV import" do # This is acceptable - CSV might have issues, but admin check passed assert no_admin_error else - # Import should have started - assert import_started or html =~ "CSV File" + # Import should have started - check for progress container + assert import_started end end @@ -295,15 +296,14 @@ defmodule MvWeb.ImportExportLiveTest do # In test mode, chunks are processed synchronously and messages are sent via send/2 # render(view) processes handle_info messages, so we call it multiple times # to ensure all messages are processed - # Use the same approach as "success rendering" test which works Process.sleep(1000) + # Check that import-results-panel exists (import completed) + assert has_element?(view, "[data-testid='import-results-panel']") + + # Verify success count is shown html = render(view) - # Should show success count (inserted count) - assert html =~ "Inserted" or html =~ "inserted" or html =~ "2" - # Should show completed status - assert html =~ "completed" or html =~ "done" or html =~ "Import completed" or - has_element?(view, "[data-testid='import-results-panel']") + assert html =~ "Successfully inserted" or html =~ "inserted" end test "error handling: invalid CSV shows errors with line numbers", %{ @@ -320,7 +320,13 @@ defmodule MvWeb.ImportExportLiveTest do |> render_submit() # Wait for chunk processing - Process.sleep(500) + Process.sleep(1000) + + # Check that import-results-panel exists (import completed with errors) + assert has_element?(view, "[data-testid='import-results-panel']") + + # Check that error list exists + assert has_element?(view, "[data-testid='import-error-list']") html = render(view) # Should show failure count > 0 @@ -349,13 +355,16 @@ defmodule MvWeb.ImportExportLiveTest do # Wait for chunk processing Process.sleep(1000) + # Check that import-results-panel exists (import completed) + assert has_element?(view, "[data-testid='import-results-panel']") + html = render(view) # Should show failed count == 100 assert html =~ "100" or html =~ "failed" # Errors should be capped at 50 (but we can't easily check exact count in HTML) # The important thing is that processing completes without crashing - assert html =~ "done" or html =~ "complete" or html =~ "finished" + # Import is done when import-results-panel exists end test "chunk scheduling: progress updates show chunk processing", %{ @@ -374,16 +383,17 @@ defmodule MvWeb.ImportExportLiveTest do # Wait a bit for processing to start Process.sleep(200) - # Check that status area exists (with aria-live for accessibility) + # Check that import-progress-container exists (with aria-live for accessibility) + assert has_element?(view, "[data-testid='import-progress-container']") + + # Check that progress text is shown when running html = render(view) + assert has_element?(view, "[data-testid='import-progress-text']") or + html =~ "Processing chunk" - assert html =~ "aria-live" or html =~ "status" or html =~ "progress" or - html =~ "Processing" or html =~ "chunk" - - # Final state should be :done + # Final state should show import-results-panel Process.sleep(500) - final_html = render(view) - assert final_html =~ "done" or final_html =~ "complete" or final_html =~ "finished" + assert has_element?(view, "[data-testid='import-results-panel']") end end @@ -432,11 +442,12 @@ defmodule MvWeb.ImportExportLiveTest do # Wait for processing to complete Process.sleep(1000) + # Check that import-results-panel exists (import completed) + assert has_element?(view, "[data-testid='import-results-panel']") + + # Verify success count is shown html = render(view) - # Should show success count (inserted count) - assert html =~ "Inserted" or html =~ "inserted" or html =~ "2" - # Should show completed status - assert html =~ "completed" or html =~ "done" or html =~ "Import completed" + assert html =~ "Successfully inserted" or html =~ "inserted" end test "error rendering: invalid CSV shows failure count and error list with line numbers", %{ @@ -455,14 +466,18 @@ defmodule MvWeb.ImportExportLiveTest do # Wait for processing Process.sleep(1000) + # Check that import-results-panel exists (import completed with errors) + assert has_element?(view, "[data-testid='import-results-panel']") + + # Check that error list exists + assert has_element?(view, "[data-testid='import-error-list']") + html = render(view) # Should show failure count assert html =~ "Failed" or html =~ "failed" # Should show error list with line numbers (from service, not recalculated) assert html =~ "Line" or html =~ "line" or html =~ "2" or html =~ "3" - # Should show error messages - assert html =~ "error" or html =~ "Error" or html =~ "Errors" end test "warning rendering: CSV with unknown custom field shows warnings block", %{ @@ -495,12 +510,13 @@ defmodule MvWeb.ImportExportLiveTest do # Wait for processing Process.sleep(1000) + # Check that import-results-panel exists (import completed) + assert has_element?(view, "[data-testid='import-results-panel']") + html = render(view) # Should show warnings block (if warnings were generated) # Warnings are generated when unknown custom field columns are detected - # Check if warnings section exists OR if import completed successfully has_warnings = html =~ "Warning" or html =~ "warning" or html =~ "Warnings" - import_completed = html =~ "completed" or html =~ "done" or html =~ "Import Results" # If warnings exist, they should contain the column name if has_warnings do @@ -509,7 +525,7 @@ defmodule MvWeb.ImportExportLiveTest do end # Import should complete (either with or without warnings) - assert import_completed + # Verified by import-results-panel existence above end test "A11y: file input has label", %{conn: conn} do @@ -569,9 +585,12 @@ defmodule MvWeb.ImportExportLiveTest do # Wait for processing Process.sleep(1000) + # Check that import-results-panel exists (import completed successfully) + assert has_element?(view, "[data-testid='import-results-panel']") + html = render(view) # Should succeed (BOM is stripped automatically) - assert html =~ "completed" or html =~ "done" or html =~ "Inserted" + assert html =~ "Successfully inserted" or html =~ "inserted" # Should not show error about BOM refute html =~ "BOM" or html =~ "encoding" end From e0f0ca369c77f54e2c253c0de1a7437ea0803f27 Mon Sep 17 00:00:00 2001 From: carla Date: Tue, 3 Feb 2026 15:29:31 +0100 Subject: [PATCH 11/84] i18n: updates translations --- priv/gettext/de/LC_MESSAGES/auth.po | 18 +-- priv/gettext/de/LC_MESSAGES/default.po | 204 ++++++++++++++----------- priv/gettext/de/LC_MESSAGES/errors.po | 2 +- priv/gettext/default.pot | 119 +++++++++------ priv/gettext/en/LC_MESSAGES/default.po | 124 +++++++++------ 5 files changed, 270 insertions(+), 197 deletions(-) diff --git a/priv/gettext/de/LC_MESSAGES/auth.po b/priv/gettext/de/LC_MESSAGES/auth.po index cdcc9ff..377c992 100644 --- a/priv/gettext/de/LC_MESSAGES/auth.po +++ b/priv/gettext/de/LC_MESSAGES/auth.po @@ -67,7 +67,7 @@ msgstr "Das Passwort wurde erfolgreich zurückgesetzt" #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "An account with email %{email} already exists. Please enter your password to link your OIDC account." -msgstr "Ein Konto mit der E-Mail %{email} existiert bereits. Bitte geben Sie Ihr Passwort ein, um Ihr OIDC-Konto zu verknüpfen." +msgstr "Ein Konto mit der E-Mail %{email} existiert bereits. Bitte gib dein Passwort ein, um dein OIDC-Konto zu verknüpfen." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format @@ -77,12 +77,12 @@ msgstr "Abbrechen" #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "Incorrect password. Please try again." -msgstr "Falsches Passwort. Bitte versuchen Sie es erneut." +msgstr "Falsches Passwort. Bitte versuche es erneut." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "Invalid session. Please try again." -msgstr "Ungültige Sitzung. Bitte versuchen Sie es erneut." +msgstr "Ungültige Sitzung. Bitte versuche es erneut." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format @@ -102,32 +102,32 @@ msgstr "Verknüpfen..." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "Session expired. Please try again." -msgstr "Sitzung abgelaufen. Bitte versuchen Sie es erneut." +msgstr "Sitzung abgelaufen. Bitte versuche es erneut." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "Your OIDC account has been successfully linked! Redirecting to complete sign-in..." -msgstr "Ihr OIDC-Konto wurde erfolgreich verknüpft! Sie werden zur Anmeldung weitergeleitet..." +msgstr "Dein OIDC-Konto wurde erfolgreich verknüpft! Du wirst zur Anmeldung weitergeleitet..." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "Account activated! Redirecting to complete sign-in..." -msgstr "Konto aktiviert! Sie werden zur Anmeldung weitergeleitet..." +msgstr "Konto aktiviert! Du wirst zur Anmeldung weitergeleitet..." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "Failed to link account. Please try again or contact support." -msgstr "Verknüpfung des Kontos fehlgeschlagen. Bitte versuchen Sie es erneut oder kontaktieren Sie den Support." +msgstr "Verknüpfung des Kontos fehlgeschlagen. Bitte versuche es erneut oder kontaktiere den Support." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "The email address from your OIDC provider is already registered to another account. Please change your email in the identity provider or contact support." -msgstr "Die E-Mail-Adresse aus Ihrem OIDC-Provider ist bereits für ein anderes Konto registriert. Bitte ändern Sie Ihre E-Mail-Adresse im Identity-Provider oder kontaktieren Sie den Support." +msgstr "Die E-Mail-Adresse aus deinem OIDC-Provider ist bereits für ein anderes Konto registriert. Bitte ändere deine E-Mail-Adresse im Identity-Provider oder kontaktiere den Support." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format msgid "This OIDC account is already linked to another user. Please contact support." -msgstr "Dieses OIDC-Konto ist bereits mit einem anderen Benutzer verknüpft. Bitte kontaktieren Sie den Support." +msgstr "Dieses OIDC-Konto ist bereits mit einem anderen Benutzer verknüpft. Bitte kontaktiere den Support." #: lib/mv_web/live/auth/link_oidc_account_live.ex #, elixir-autogen, elixir-format diff --git a/priv/gettext/de/LC_MESSAGES/default.po b/priv/gettext/de/LC_MESSAGES/default.po index 041507b..4cc92f4 100644 --- a/priv/gettext/de/LC_MESSAGES/default.po +++ b/priv/gettext/de/LC_MESSAGES/default.po @@ -239,27 +239,27 @@ msgstr "Mitglied wurde erfolgreich %{action}" #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "You are now signed in" -msgstr "Sie sind jetzt angemeldet" +msgstr "Du bist jetzt angemeldet" #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "You are now signed out" -msgstr "Sie sind jetzt abgemeldet" +msgstr "Du bist jetzt abgemeldet" #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "You have already signed in another way, but have not confirmed your account.\nYou can confirm your account using the link we sent to you, or by resetting your password.\n" -msgstr "Sie haben sich bereits auf andere Weise angemeldet, aber Ihr Konto noch nicht bestätigt.\nSie können Ihr Konto über den Link bestätigen, den wir Ihnen gesendet haben, oder durch Zurücksetzen Ihres Passworts.\n" +msgstr "Du hast dich bereits auf andere Weise angemeldet, aber dein Konto noch nicht bestätigt.\nDu kannst dein Konto über den Link bestätigen, den wir dir gesendet haben, oder durch Zurücksetzen deines Passworts.\n" #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "Your email address has now been confirmed" -msgstr "Ihre E-Mail-Adresse wurde bestätigt" +msgstr "Deine E-Mail-Adresse wurde bestätigt" #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "Your password has successfully been reset" -msgstr "Ihr Passwort wurde erfolgreich zurückgesetzt" +msgstr "Dein Passwort wurde erfolgreich zurückgesetzt" #: lib/mv_web/live/custom_field_live/form_component.ex #: lib/mv_web/live/custom_field_live/index_component.ex @@ -398,7 +398,7 @@ msgstr "Dies ist ein Benutzer*innen-Datensatz aus Ihrer Datenbank." #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Use this form to manage user records in your database." -msgstr "Verwenden Sie dieses Formular, um Benutzer*innen-Datensätze zu verwalten." +msgstr "Verwende dieses Formular, um Benutzer*innen-Datensätze zu verwalten." #: lib/mv_web/live/user_live/form.ex #: lib/mv_web/live/user_live/show.ex @@ -438,7 +438,7 @@ msgstr "Administrator*innen-Hinweis" #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format, fuzzy msgid "As an administrator, you can directly set a new password for this user using the same secure Ash Authentication system." -msgstr "Als Administrator*in können Sie direkt ein neues Passwort für diese*n Benutzer*in setzen." +msgstr "Als Administrator*in kannst du direkt ein neues Passwort für diese*n Benutzer*in setzen." #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format @@ -453,7 +453,7 @@ msgstr "Passwort ändern" #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Check 'Change Password' above to set a new password for this user." -msgstr "Aktivieren Sie 'Passwort ändern' oben, um ein neues Passwort für diese*n Benutzer*in zu setzen." +msgstr "Aktiviere 'Passwort ändern' oben, um ein neues Passwort für diese*n Benutzer*in zu setzen." #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format @@ -498,7 +498,7 @@ msgstr "Passwort setzen" #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "User will be created without a password. Check 'Set Password' to add one." -msgstr "Benutzer*in wird ohne Passwort erstellt. Aktivieren Sie 'Passwort setzen', um eines hinzuzufügen." +msgstr "Benutzer*in wird ohne Passwort erstellt. Aktiviere 'Passwort setzen', um eines hinzuzufügen." #: lib/mv_web/live/user_live/form.ex #: lib/mv_web/live/user_live/index.html.heex @@ -568,27 +568,27 @@ msgstr "Vorname" #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "An account with this email already exists. Please verify your password to link your OIDC account." -msgstr "Ein Konto mit dieser E-Mail existiert bereits. Bitte verifizieren Sie Ihr Passwort, um Ihr OIDC-Konto zu verknüpfen." +msgstr "Ein Konto mit dieser E-Mail existiert bereits. Bitte verifiziere dein Passwort, um dein OIDC-Konto zu verknüpfen." #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "Unable to authenticate with OIDC. Please try again." -msgstr "OIDC-Authentifizierung fehlgeschlagen. Bitte versuchen Sie es erneut." +msgstr "OIDC-Authentifizierung fehlgeschlagen. Bitte versuche es erneut." #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "Unable to sign in. Please try again." -msgstr "Anmeldung fehlgeschlagen. Bitte versuchen Sie es erneut." +msgstr "Anmeldung fehlgeschlagen. Bitte versuche es erneut." #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "Authentication failed. Please try again." -msgstr "Authentifizierung fehlgeschlagen. Bitte versuchen Sie es erneut." +msgstr "Authentifizierung fehlgeschlagen. Bitte versuche es erneut." #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format msgid "Cannot update email: This email is already registered to another account. Please change your email in the identity provider." -msgstr "E-Mail kann nicht aktualisiert werden: Diese E-Mail-Adresse ist bereits für ein anderes Konto registriert. Bitte ändern Sie Ihre E-Mail-Adresse im Identity-Provider." +msgstr "E-Mail kann nicht aktualisiert werden: Diese E-Mail-Adresse ist bereits für ein anderes Konto registriert. Bitte ändere deine E-Mail-Adresse im Identity-Provider." #: lib/mv_web/controllers/auth_controller.ex #, elixir-autogen, elixir-format @@ -666,7 +666,7 @@ msgstr "Einstellungen erfolgreich gespeichert" #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "A member with this email already exists. To link with a different member, please change one of the email addresses first." -msgstr "Ein Mitglied mit dieser E-Mail-Adresse existiert bereits. Um mit einem anderen Mitglied zu verknüpfen, ändern Sie bitte zuerst eine der E-Mail-Adressen." +msgstr "Ein Mitglied mit dieser E-Mail-Adresse existiert bereits. Um mit einem anderen Mitglied zu verknüpfen, ändere bitte zuerst eine der E-Mail-Adressen." #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format @@ -1071,7 +1071,7 @@ msgstr "Ein Fehler ist aufgetreten" #: lib/mv_web/live/member_live/show/membership_fees_component.ex #, elixir-autogen, elixir-format msgid "Are you sure you want to delete this cycle?" -msgstr "Möchten Sie diesen Zyklus wirklich löschen?" +msgstr "Möchtest du diesen Zyklus wirklich löschen?" #: lib/mv_web/live/membership_fee_type_live/index.ex #, elixir-autogen, elixir-format @@ -1091,7 +1091,7 @@ msgstr "Die Änderung des Betrags betrifft %{count} Mitglied(er)." #: lib/mv_web/live/member_live/show/membership_fees_component.ex #, elixir-autogen, elixir-format msgid "Click to edit amount" -msgstr "Klicken Sie, um den Betrag zu bearbeiten" +msgstr "Klicke, um den Betrag zu bearbeiten" #: lib/mv_web/live/membership_fee_settings_live.ex #, elixir-autogen, elixir-format, fuzzy @@ -1411,7 +1411,7 @@ msgstr "Zahlungsintervall" #: lib/mv_web/live/membership_fee_type_live/form.ex #, elixir-autogen, elixir-format msgid "Please confirm the amount change first" -msgstr "Bitte bestätigen Sie zuerst die Betragsänderung" +msgstr "Bitte bestätige zuerst die Betragsänderung" #: lib/mv_web/live/membership_fee_settings_live.ex #, elixir-autogen, elixir-format, fuzzy @@ -1441,7 +1441,7 @@ msgstr "Mitgliedsbeitragsart speichern" #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format msgid "Select a membership fee type for this member. Members can only switch between types with the same interval." -msgstr "Wählen Sie eine Mitgliedsbeitragsart für dieses Mitglied. Mitglieder können nur zwischen Arten mit demselben Intervall wechseln." +msgstr "Wähle eine Mitgliedsbeitragsart für dieses Mitglied. Mitglieder können nur zwischen Arten mit demselben Intervall wechseln." #: lib/mv_web/live/membership_fee_type_live/form.ex #, elixir-autogen, elixir-format @@ -1482,12 +1482,12 @@ msgstr "Art" #: lib/mv_web/live/member_live/show/membership_fees_component.ex #, elixir-autogen, elixir-format msgid "Type '%{confirmation}' to confirm" -msgstr "Geben Sie '%{confirmation}' ein, um zu bestätigen" +msgstr "Gib '%{confirmation}' ein, um zu bestätigen" #: lib/mv_web/live/membership_fee_type_live/form.ex #, elixir-autogen, elixir-format msgid "Use this form to manage membership fee types in your database." -msgstr "Verwenden Sie dieses Formular, um Mitgliedsbeitragsarten in Ihrer Datenbank zu verwalten." +msgstr "Verwende dieses Formular, um Mitgliedsbeitragsarten in deiner Datenbank zu verwalten." #: lib/mv_web/live/member_live/show/membership_fees_component.ex #, elixir-autogen, elixir-format @@ -1498,7 +1498,7 @@ msgstr "Warnung" #: lib/mv_web/live/member_live/show/membership_fees_component.ex #, elixir-autogen, elixir-format msgid "Warning: Changing from %{old_interval} to %{new_interval} is not allowed. Please select a membership fee type with the same interval." -msgstr "Warnung: Wechsel von %{old_interval} zu %{new_interval} ist nicht erlaubt. Bitte wählen Sie eine Mitgliedsbeitragsart mit demselben Intervall." +msgstr "Warnung: Wechsel von %{old_interval} zu %{new_interval} ist nicht erlaubt. Bitte wähle eine Mitgliedsbeitragsart mit demselben Intervall." #: lib/mv_web/live/membership_fee_settings_live.ex #, elixir-autogen, elixir-format, fuzzy @@ -1622,7 +1622,7 @@ msgstr "Verwalte Benutzer*innen-Rollen und ihre Berechtigungssätze." #: lib/mv_web/live/role_live/show.ex #, elixir-autogen, elixir-format msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first." -msgstr "Rolle kann nicht gelöscht werden. %{count} Benutzer*in(nen) sind dieser Rolle noch zugeordnet. Bitte weisen Sie sie zunächst einer anderen Rolle zu." +msgstr "Rolle kann nicht gelöscht werden. %{count} Benutzer*in(nen) sind dieser Rolle noch zugeordnet. Bitte weise sie zunächst einer anderen Rolle zu." #: lib/mv_web/components/layouts/sidebar.ex #, elixir-autogen, elixir-format @@ -1742,7 +1742,7 @@ msgstr "Sidebar umschalten" #: lib/mv_web/live/role_live/form.ex #, elixir-autogen, elixir-format msgid "Use this form to manage roles in your database." -msgstr "Verwenden Sie dieses Formular, um Rollen in Ihrer Datenbank zu verwalten." +msgstr "Verwende dieses Formular, um Rollen in deiner Datenbank zu verwalten." #: lib/mv_web/components/layouts/sidebar.ex #, elixir-autogen, elixir-format @@ -1772,7 +1772,7 @@ msgstr "read_only - Lesezugriff auf alle Daten" #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format msgid "You do not have permission to %{action} members." -msgstr "Sie haben keine Berechtigung, Mitglieder zu %{action}." +msgstr "Du hast keine Berechtigung, Mitglieder zu %{action}." #: lib/mv_web/live/member_live/show/membership_fees_component.ex #, elixir-autogen, elixir-format @@ -1817,22 +1817,22 @@ msgstr "Benutzer*in nicht gefunden" #: lib/mv_web/live/membership_fee_type_live/index.ex #, elixir-autogen, elixir-format msgid "You do not have permission to access this membership fee type" -msgstr "Sie haben keine Berechtigung, auf diese Mitgliedsbeitragsart zuzugreifen" +msgstr "Du hast keine Berechtigung, auf diese Mitgliedsbeitragsart zuzugreifen" #: lib/mv_web/live/user_live/index.ex #, elixir-autogen, elixir-format msgid "You do not have permission to access this user" -msgstr "Sie haben keine Berechtigung, auf diese*n Benutzer*in zuzugreifen" +msgstr "Du hast keine Berechtigung, auf diese*n Benutzer*in zuzugreifen" #: lib/mv_web/live/membership_fee_type_live/index.ex #, elixir-autogen, elixir-format msgid "You do not have permission to delete this membership fee type" -msgstr "Sie haben keine Berechtigung, diese Mitgliedsbeitragsart zu löschen" +msgstr "Du hast keine Berechtigung, diese Mitgliedsbeitragsart zu löschen" #: lib/mv_web/live/user_live/index.ex #, elixir-autogen, elixir-format msgid "You do not have permission to delete this user" -msgstr "Sie haben keine Berechtigung, diese*n Benutzer*in zu löschen" +msgstr "Du hast keine Berechtigung, diese*n Benutzer*in zu löschen" #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format, fuzzy @@ -1844,7 +1844,7 @@ msgstr "erstellt" msgid "updated" msgstr "aktualisiert" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Unknown error" @@ -1863,12 +1863,12 @@ msgstr "Mitglied nicht gefunden" #: lib/mv_web/live/member_live/index.ex #, elixir-autogen, elixir-format msgid "You do not have permission to access this member" -msgstr "Sie haben keine Berechtigung, auf dieses Mitglied zuzugreifen" +msgstr "Du hast keine Berechtigung, auf dieses Mitglied zuzugreifen" #: lib/mv_web/live/member_live/index.ex #, elixir-autogen, elixir-format msgid "You do not have permission to delete this member" -msgstr "Sie haben keine Berechtigung, dieses Mitglied zu löschen" +msgstr "Du hast keine Berechtigung, dieses Mitglied zu löschen" #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format @@ -1918,17 +1918,17 @@ msgstr "Fehler beim %{action} des Mitglieds." #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format msgid "Failed to save member. Please try again." -msgstr "Fehler beim Speichern des Mitglieds. Bitte versuchen Sie es erneut." +msgstr "Fehler beim Speichern des Mitglieds. Bitte versuche es erneut." #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format msgid "Please correct the errors in the form and try again." -msgstr "Bitte korrigieren Sie die Fehler im Formular und versuchen Sie es erneut." +msgstr "Bitte korrigiere die Fehler im Formular und versuche es erneut." #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format msgid "Validation failed. Please check your input." -msgstr "Validierung fehlgeschlagen. Bitte überprüfen Sie Ihre Eingabe." +msgstr "Validierung fehlgeschlagen. Bitte überprüfe deine Eingabe." #: lib/mv_web/live/member_live/form.ex #, elixir-autogen, elixir-format @@ -1970,147 +1970,137 @@ msgstr "Zurücksetzen" msgid "Only administrators can regenerate cycles" msgstr "Nur Administrator*innen können Zyklen regenerieren" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid " (Field: %{field})" msgstr " (Datenfeld: %{field})" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "CSV File" msgstr "CSV Datei" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Download CSV templates:" msgstr "CSV Vorlagen herunterladen:" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "English Template" msgstr "Englische Vorlage" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Error list truncated to %{count} entries" msgstr "Liste der Fehler auf %{count} Einträge reduziert" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Errors" msgstr "Fehler" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Failed to prepare CSV import: %{error}" -msgstr "Das Vorbereiten des CSV Imports ist gescheitert: %{error}" - -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to prepare CSV import: %{reason}" msgstr "Das Vorbereiten des CSV Imports ist gescheitert: %{reason}" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to process chunk %{idx}: %{reason}" msgstr "Das Importieren von %{idx} ist gescheitert: %{reason}" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "Failed to read file: %{reason}" msgstr "Fehler beim Lesen der Datei: %{reason}" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Failed to read uploaded file" -msgstr "Fehler beim Lesen der hochgeladenen Datei" - -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed: %{count} row(s)" msgstr "Fehlgeschlagen: %{count} Zeile(n)" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "German Template" msgstr "Deutsche Vorlage" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import Members (CSV)" msgstr "Mitglieder importieren (CSV)" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import Results" msgstr "Import-Ergebnisse" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import is already running. Please wait for it to complete." -msgstr "Import läuft bereits. Bitte warten Sie, bis er abgeschlossen ist." +msgstr "Import läuft bereits. Bitte warte, bis er abgeschlossen ist." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import state is missing. Cannot process chunk %{idx}." msgstr "Import-Status fehlt. Chunk %{idx} kann nicht verarbeitet werden." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Invalid chunk index: %{idx}" msgstr "Ungültiger Chunk-Index: %{idx}" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Line %{line}: %{message}" msgstr "Zeile %{line}: %{message}" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "No file was uploaded" msgstr "Es wurde keine Datei hochgeladen" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Only administrators can import members from CSV files." msgstr "Nur Administrator*innen können Mitglieder aus CSV-Dateien importieren." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Please select a CSV file to import." -msgstr "Bitte wählen Sie eine CSV-Datei zum Importieren." +msgstr "Bitte wähle eine CSV-Datei zum Importieren." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Please wait for the file upload to complete before starting the import." -msgstr "Bitte warten Sie, bis der Datei-Upload abgeschlossen ist, bevor Sie den Import starten." +msgstr "Bitte warte, bis der Datei-Upload abgeschlossen ist, bevor du den Import startest." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Processing chunk %{current} of %{total}..." msgstr "Verarbeite Chunk %{current} von %{total}..." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Start Import" msgstr "Import starten" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Starting import..." msgstr "Import wird gestartet..." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Successfully inserted: %{count} member(s)" msgstr "Erfolgreich eingefügt: %{count} Mitglied(er)" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Summary" msgstr "Zusammenfassung" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "Warnings" msgstr "Warnungen" @@ -2256,9 +2246,9 @@ msgstr "Nicht berechtigt." #: lib/mv_web/live/global_settings_live.ex #, elixir-autogen, elixir-format msgid "Could not load data fields. Please check your permissions." -msgstr "Datenfelder konnten nicht geladen werden. Bitte überprüfen Sie Ihre Berechtigungen." +msgstr "Datenfelder konnten nicht geladen werden. Bitte überprüfe deine Berechtigungen." -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "CSV files only, maximum %{size} MB" msgstr "Nur CSV Dateien, maximal %{size} MB" @@ -2283,30 +2273,66 @@ msgstr "Datenfeld: %{name} – erwartet %{type} %{details}, erhalten: %{value}" msgid "custom_field: %{name} – expected %{type}, got: %{value}" msgstr "Datenfeld: %{name} – erwartet %{type}, erhalten: %{value}" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Manage Memberdata" -msgstr "Mitgliederdaten verwalten" - -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format, fuzzy -msgid "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of memberdate (like e-mail or first name). Unknown data field columns will be ignored with a warning." -msgstr "Verwende die Namen der Datenfelder als Spaltennamen in der CSV Datei. Datenfelder müssen in Mila bereits angelegt sein, damit sie importiert werden können. Sie müssen in der Liste der Mitgliederdaten als Datenfeld enthalten sein (z.B. E-Mail). Spalten mit unbekannten Spaltenüberschriften werden mit einer Warnung ignoriert." - #: lib/mv/membership/import/member_csv.ex #, elixir-autogen, elixir-format msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." -msgstr "Unbekannte Spalte '%{header}' wird ignoriert. Falls dies ein Datenfeld ist, erstellen Sie es in Mila vor dem Import." +msgstr "Unbekannte Spalte '%{header}' wird ignoriert. Falls dies ein Datenfeld ist, erstelle es in Mila vor dem Import." + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Export Members (CSV)" +msgstr "Mitglieder importieren (CSV)" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Export functionality will be available in a future release." +msgstr "Export-Funktionalität ist im nächsten release verfügbar." + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Failed to read uploaded file: unexpected format" +msgstr "Fehler beim Lesen der hochgeladenen Datei" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Import members from CSV files or export member data." +msgstr "Importiere Mitglieder aus CSV-Dateien oder exportiere Mitgliederdaten." + +#: lib/mv_web/components/layouts/sidebar.ex +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Import/Export" +msgstr "Import/Export" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "You do not have permission to access this page." +msgstr "Du hast keine Berechtigung, auf diese*n Benutzer*in zuzugreifen" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Manage Member Data" +msgstr "Mitgliederdaten verwalten" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of member data (like e-mail or first name). Unknown data field columns will be ignored with a warning." +msgstr "Verwende die Namen der Datenfelder als Spaltennamen in der CSV Datei. Datenfelder müssen in Mila bereits angelegt sein, damit sie importiert werden können. sie müssen in der Liste der Mitgliederdaten als Datenfeld enthalten sein (z.B. E-Mail). Spalten mit unbekannten Spaltenüberschriften werden mit einer Warnung ignoriert." #~ #: lib/mv_web/live/global_settings_live.ex #~ #, elixir-autogen, elixir-format, fuzzy #~ msgid "Custom Fields in CSV Import" #~ msgstr "Benutzerdefinierte Felder" +#~ #: lib/mv_web/live/global_settings_live.ex +#~ #, elixir-autogen, elixir-format +#~ msgid "Failed to prepare CSV import: %{error}" +#~ msgstr "Das Vorbereiten des CSV Imports ist gescheitert: %{error}" + #~ #: lib/mv_web/live/global_settings_live.ex #~ #, elixir-autogen, elixir-format, fuzzy #~ msgid "Individual data fields must be created in Mila before importing. Use the field name as the CSV column header. Unknown custom field columns will be ignored with a warning." -#~ msgstr "Individuelle Datenfelder müssen in Mila erstellt werden, bevor sie importiert werden können. Verwenden Sie den Namen des Datenfeldes als CSV-Spaltenüberschrift. Unbekannte Spaltenüberschriften werden mit einer Warnung ignoriert." +#~ msgstr "Individuelle Datenfelder müssen in Mila erstellt werden, bevor sie importiert werden können. Verwende den Namen des Datenfeldes als CSV-Spaltenüberschrift. Unbekannte Spaltenüberschriften werden mit einer Warnung ignoriert." #~ #: lib/mv_web/live/global_settings_live.ex #~ #, elixir-autogen, elixir-format diff --git a/priv/gettext/de/LC_MESSAGES/errors.po b/priv/gettext/de/LC_MESSAGES/errors.po index b1d359a..b1bdeea 100644 --- a/priv/gettext/de/LC_MESSAGES/errors.po +++ b/priv/gettext/de/LC_MESSAGES/errors.po @@ -123,7 +123,7 @@ msgstr "muss vorhanden sein" ## Custom validation messages from Mv.Accounts.User msgid "User already has a member. Remove existing member first." -msgstr "Benutzer*in hat bereits ein Mitglied. Entfernen Sie zuerst das vorhandene Mitglied." +msgstr "Benutzer*in hat bereits ein Mitglied. Entferne zuerst das vorhandene Mitglied." msgid "OIDC user_info must contain a non-empty 'sub' or 'id' field" msgstr "OIDC user_info darf kein leeres 'sub' oder 'id' Feld enthalten" diff --git a/priv/gettext/default.pot b/priv/gettext/default.pot index 2861f2d..d3da51f 100644 --- a/priv/gettext/default.pot +++ b/priv/gettext/default.pot @@ -1845,7 +1845,7 @@ msgstr "" msgid "updated" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Unknown error" @@ -1971,147 +1971,137 @@ msgstr "" msgid "Only administrators can regenerate cycles" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid " (Field: %{field})" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "CSV File" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Download CSV templates:" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "English Template" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Error list truncated to %{count} entries" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Errors" msgstr "" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Failed to prepare CSV import: %{error}" -msgstr "" - -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to prepare CSV import: %{reason}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to process chunk %{idx}: %{reason}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to read file: %{reason}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Failed to read uploaded file" -msgstr "" - -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed: %{count} row(s)" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "German Template" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import Members (CSV)" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import Results" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import is already running. Please wait for it to complete." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import state is missing. Cannot process chunk %{idx}." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Invalid chunk index: %{idx}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Line %{line}: %{message}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "No file was uploaded" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Only administrators can import members from CSV files." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Please select a CSV file to import." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Please wait for the file upload to complete before starting the import." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Processing chunk %{current} of %{total}..." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Start Import" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Starting import..." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Successfully inserted: %{count} member(s)" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Summary" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Warnings" msgstr "" @@ -2259,7 +2249,7 @@ msgstr "" msgid "Could not load data fields. Please check your permissions." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "CSV files only, maximum %{size} MB" msgstr "" @@ -2284,17 +2274,48 @@ msgstr "" msgid "custom_field: %{name} – expected %{type}, got: %{value}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Manage Memberdata" -msgstr "" - -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of memberdate (like e-mail or first name). Unknown data field columns will be ignored with a warning." -msgstr "" - #: lib/mv/membership/import/member_csv.ex #, elixir-autogen, elixir-format msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Export Members (CSV)" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Export functionality will be available in a future release." +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Failed to read uploaded file: unexpected format" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Import members from CSV files or export member data." +msgstr "" + +#: lib/mv_web/components/layouts/sidebar.ex +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Import/Export" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "You do not have permission to access this page." +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Manage Member Data" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of member data (like e-mail or first name). Unknown data field columns will be ignored with a warning." +msgstr "" diff --git a/priv/gettext/en/LC_MESSAGES/default.po b/priv/gettext/en/LC_MESSAGES/default.po index 3fe9ce3..be17f98 100644 --- a/priv/gettext/en/LC_MESSAGES/default.po +++ b/priv/gettext/en/LC_MESSAGES/default.po @@ -1845,7 +1845,7 @@ msgstr "" msgid "updated" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #: lib/mv_web/live/user_live/form.ex #, elixir-autogen, elixir-format msgid "Unknown error" @@ -1971,147 +1971,137 @@ msgstr "" msgid "Only administrators can regenerate cycles" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid " (Field: %{field})" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "CSV File" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Download CSV templates:" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "English Template" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Error list truncated to %{count} entries" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Errors" msgstr "" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Failed to prepare CSV import: %{error}" -msgstr "" - -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to prepare CSV import: %{reason}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed to process chunk %{idx}: %{reason}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "Failed to read file: %{reason}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Failed to read uploaded file" -msgstr "" - -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Failed: %{count} row(s)" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "German Template" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import Members (CSV)" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import Results" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import is already running. Please wait for it to complete." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Import state is missing. Cannot process chunk %{idx}." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Invalid chunk index: %{idx}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Line %{line}: %{message}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "No file was uploaded" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Only administrators can import members from CSV files." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "Please select a CSV file to import." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Please wait for the file upload to complete before starting the import." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Processing chunk %{current} of %{total}..." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Start Import" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Starting import..." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Successfully inserted: %{count} member(s)" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format msgid "Summary" msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "Warnings" msgstr "" @@ -2259,7 +2249,7 @@ msgstr "" msgid "Could not load data fields. Please check your permissions." msgstr "" -#: lib/mv_web/live/global_settings_live.ex +#: lib/mv_web/live/import_export_live.ex #, elixir-autogen, elixir-format, fuzzy msgid "CSV files only, maximum %{size} MB" msgstr "" @@ -2284,26 +2274,62 @@ msgstr "" msgid "custom_field: %{name} – expected %{type}, got: %{value}" msgstr "" -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format -msgid "Manage Memberdata" -msgstr "" - -#: lib/mv_web/live/global_settings_live.ex -#, elixir-autogen, elixir-format, fuzzy -msgid "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of memberdate (like e-mail or first name). Unknown data field columns will be ignored with a warning." -msgstr "" - #: lib/mv/membership/import/member_csv.ex #, elixir-autogen, elixir-format msgid "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." msgstr "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Export Members (CSV)" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Export functionality will be available in a future release." +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Failed to read uploaded file: unexpected format" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Import members from CSV files or export member data." +msgstr "" + +#: lib/mv_web/components/layouts/sidebar.ex +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format +msgid "Import/Export" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "You do not have permission to access this page." +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Manage Member Data" +msgstr "" + +#: lib/mv_web/live/import_export_live.ex +#, elixir-autogen, elixir-format, fuzzy +msgid "Use the data field name as the CSV column header in your file. Data fields must exist in Mila before importing, so they must be listed in the list of member data (like e-mail or first name). Unknown data field columns will be ignored with a warning." +msgstr "" + #~ #: lib/mv_web/live/global_settings_live.ex #~ #, elixir-autogen, elixir-format, fuzzy #~ msgid "Custom Fields in CSV Import" #~ msgstr "" +#~ #: lib/mv_web/live/global_settings_live.ex +#~ #, elixir-autogen, elixir-format +#~ msgid "Failed to prepare CSV import: %{error}" +#~ msgstr "" + #~ #: lib/mv_web/live/global_settings_live.ex #~ #, elixir-autogen, elixir-format, fuzzy #~ msgid "Individual data fields must be created in Mila before importing. Use the field name as the CSV column header. Unknown custom field columns will be ignored with a warning." From 4e6b7305b6a92520681793e8d8938e4a300d691a Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 15:00:14 +0100 Subject: [PATCH 12/84] Doc: Loader auth-independent for link checks; email-sync rule rationale --- docs/email-sync.md | 2 +- lib/mv/email_sync/loader.ex | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/email-sync.md b/docs/email-sync.md index 5675145..2f765f0 100644 --- a/docs/email-sync.md +++ b/docs/email-sync.md @@ -4,7 +4,7 @@ 2. **DB constraints** - Prevent duplicates within same table (users.email, members.email) 3. **Custom validations** - Prevent cross-table conflicts only for linked entities 4. **Sync is bidirectional**: User ↔ Member (but User always wins on link) -5. **Linked member email change** - When a member is linked, only administrators or the linked user may change that member's email (Member resource validation `EmailChangePermission`). This keeps email sync under control and prevents non-admins from changing another user's linked member email. +5. **Linked member email change** - When a member is linked, only administrators or the linked user may change that member's email (Member resource validation `EmailChangePermission`). Because User.email wins on link and changes sync Member → User, allowing anyone to change a linked member's email would overwrite that user's account email; this rule keeps sync under control. --- diff --git a/lib/mv/email_sync/loader.ex b/lib/mv/email_sync/loader.ex index 98f85df..31e0468 100644 --- a/lib/mv/email_sync/loader.ex +++ b/lib/mv/email_sync/loader.ex @@ -3,13 +3,15 @@ defmodule Mv.EmailSync.Loader do Helper functions for loading linked records in email synchronization. Centralizes the logic for retrieving related User/Member entities. - ## Authorization + ## Authorization-independent link checks - This module runs systemically and uses the system actor for all operations. - This ensures that email synchronization always works, regardless of user permissions. - - All functions use `Mv.Helpers.SystemActor.get_system_actor/0` to bypass - user permission checks, as email sync is a mandatory side effect. + All functions use the **system actor** for the load. Link existence + (linked vs not linked) is therefore determined **independently of the + current request actor**. This is required so that validations (e.g. + `EmailChangePermission`, `EmailNotUsedByOtherUser`) can correctly decide + "member is linked" even when the current user would not have read permission + on the related User. Using the request actor would otherwise allow + treating a linked member as unlinked and bypass the permission rule. """ alias Mv.Helpers alias Mv.Helpers.SystemActor From 60a418125518d8bbac15c783e746650c958c1a71 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 15:00:20 +0100 Subject: [PATCH 13/84] Validation: error message admin or linked user; resolve_actor fallback --- .../member/validations/email_change_permission.ex | 14 ++++++++++---- priv/gettext/de/LC_MESSAGES/default.po | 6 +++--- priv/gettext/default.pot | 2 +- priv/gettext/en/LC_MESSAGES/default.po | 6 +++--- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/lib/mv/membership/member/validations/email_change_permission.ex b/lib/mv/membership/member/validations/email_change_permission.ex index 0a53de1..2b1c041 100644 --- a/lib/mv/membership/member/validations/email_change_permission.ex +++ b/lib/mv/membership/member/validations/email_change_permission.ex @@ -11,7 +11,7 @@ defmodule Mv.Membership.Member.Validations.EmailChangePermission do This prevents non-admins from changing another user's linked member email, which would sync to that user's account and break email synchronization. - No system-actor fallback: missing actor is treated as not allowed. + Missing actor is not allowed; the system actor counts as admin (via `Actor.admin?/1`). """ use Ash.Resource.Validation use Gettext, backend: MvWeb.Gettext, otp_app: :mv @@ -47,16 +47,22 @@ defmodule Mv.Membership.Member.Validations.EmailChangePermission do :ok else msg = - dgettext("default", "Only administrators can change email for members linked to users") + dgettext( + "default", + "Only administrators or the linked user can change the email for members linked to users" + ) {:error, field: :email, message: msg} end end end - # Ash stores actor in changeset.context.private.actor; validation context also has .actor + # Ash stores actor in changeset.context.private.actor; validation context has .actor; some callsites use context.actor defp resolve_actor(changeset, context) do - get_in(changeset.context || %{}, [:private, :actor]) || + ctx = changeset.context || %{} + + get_in(ctx, [:private, :actor]) || + Map.get(ctx, :actor) || (context && Map.get(context, :actor)) end diff --git a/priv/gettext/de/LC_MESSAGES/default.po b/priv/gettext/de/LC_MESSAGES/default.po index 3f71644..c4fd57d 100644 --- a/priv/gettext/de/LC_MESSAGES/default.po +++ b/priv/gettext/de/LC_MESSAGES/default.po @@ -2299,6 +2299,6 @@ msgid "Unknown column '%{header}' will be ignored. If this is a custom field, cr msgstr "Unbekannte Spalte '%{header}' wird ignoriert. Falls dies ein Datenfeld ist, erstellen Sie es in Mila vor dem Import." #: lib/mv/membership/member/validations/email_change_permission.ex -#, elixir-autogen, elixir-format -msgid "Only administrators can change email for members linked to users" -msgstr "Nur Administrator*innen können die E-Mail von Mitgliedern ändern, die mit Benutzer*innen verknüpft sind." +#, elixir-autogen, elixir-format, fuzzy +msgid "Only administrators or the linked user can change the email for members linked to users" +msgstr "Nur Administrator*innen oder die verknüpfte Benutzer*in können die E-Mail von Mitgliedern ändern, die mit Benutzer*innen verknüpft sind." diff --git a/priv/gettext/default.pot b/priv/gettext/default.pot index 7418c9b..0908fd8 100644 --- a/priv/gettext/default.pot +++ b/priv/gettext/default.pot @@ -2301,5 +2301,5 @@ msgstr "" #: lib/mv/membership/member/validations/email_change_permission.ex #, elixir-autogen, elixir-format -msgid "Only administrators can change email for members linked to users" +msgid "Only administrators or the linked user can change the email for members linked to users" msgstr "" diff --git a/priv/gettext/en/LC_MESSAGES/default.po b/priv/gettext/en/LC_MESSAGES/default.po index db00450..6faa102 100644 --- a/priv/gettext/en/LC_MESSAGES/default.po +++ b/priv/gettext/en/LC_MESSAGES/default.po @@ -2300,6 +2300,6 @@ msgid "Unknown column '%{header}' will be ignored. If this is a custom field, cr msgstr "Unknown column '%{header}' will be ignored. If this is a custom field, create it in Mila before importing." #: lib/mv/membership/member/validations/email_change_permission.ex -#, elixir-autogen, elixir-format -msgid "Only administrators can change email for members linked to users" -msgstr "Only administrators can change email for members linked to users" +#, elixir-autogen, elixir-format, fuzzy +msgid "Only administrators or the linked user can change the email for members linked to users" +msgstr "Only administrators or the linked user can change the email for members linked to users" From 47b6a16177c50e593a71c619a8204f1fb11311a0 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 15:00:24 +0100 Subject: [PATCH 14/84] Doc: Actor maybe_load_role comment; ActorIsAdmin system user = admin --- lib/mv/authorization/actor.ex | 2 ++ lib/mv/authorization/checks/actor_is_admin.ex | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/mv/authorization/actor.ex b/lib/mv/authorization/actor.ex index bfc99ed..edc6b8b 100644 --- a/lib/mv/authorization/actor.ex +++ b/lib/mv/authorization/actor.ex @@ -133,6 +133,8 @@ defmodule Mv.Authorization.Actor do SystemActor.system_user?(actor) or permission_set_name(actor) in ["admin", :admin] end + # Load role only when it is nil (e.g. actor from session without role). ensure_loaded/1 + # already handles %Ash.NotLoaded{}, so we do not double-load in the normal Ash path. defp maybe_load_role(%Mv.Accounts.User{role: nil} = user) do case Ash.load(user, :role, domain: Mv.Accounts, authorize?: false) do {:ok, loaded} -> loaded diff --git a/lib/mv/authorization/checks/actor_is_admin.ex b/lib/mv/authorization/checks/actor_is_admin.ex index 8ab038a..413c6c7 100644 --- a/lib/mv/authorization/checks/actor_is_admin.ex +++ b/lib/mv/authorization/checks/actor_is_admin.ex @@ -1,9 +1,10 @@ defmodule Mv.Authorization.Checks.ActorIsAdmin do @moduledoc """ - Policy check: true when the actor's role has permission_set_name "admin". + Policy check: true when the actor is the system user or has permission_set_name "admin". Used to restrict actions (e.g. User.update_user for member link/unlink) to admins only. - Delegates to `Mv.Authorization.Actor.admin?/1` for consistency. + Delegates to `Mv.Authorization.Actor.admin?/1`, which returns true for the system actor + or for a user whose role has permission_set_name "admin". """ use Ash.Policy.SimpleCheck From 131904f1720a2f82e9bd824bf5ea4ddd2d03e486 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 15:00:27 +0100 Subject: [PATCH 15/84] Test: assert on error field :email instead of message string --- test/mv/membership/member_email_validation_test.exs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/mv/membership/member_email_validation_test.exs b/test/mv/membership/member_email_validation_test.exs index 3d2ef68..d1b5a10 100644 --- a/test/mv/membership/member_email_validation_test.exs +++ b/test/mv/membership/member_email_validation_test.exs @@ -130,9 +130,8 @@ defmodule Mv.Membership.MemberEmailValidationTest do assert {:error, %Ash.Error.Invalid{} = error} = Membership.update_member(linked_member, %{email: new_email}, actor: normal_user_b) - error_str = Exception.message(error) - assert error_str =~ "administrators" - assert error_str =~ "linked to users" + assert Enum.any?(error.errors, &(&1.field == :email)), + "expected an error for field :email, got: #{inspect(error.errors)}" end test "admin can update email of linked member", %{actor: actor} do From e4671e816b61f28ad62883c29f786ce0394aa75d Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 3 Feb 2026 16:30:59 +0100 Subject: [PATCH 16/84] fix: failing test due to merge --- .../show_add_remove_members_test.exs | 11 +++++-- .../group_live/show_authorization_test.exs | 32 ++++++++++++++++--- test/support/conn_case.ex | 1 + 3 files changed, 37 insertions(+), 7 deletions(-) diff --git a/test/mv_web/live/group_live/show_add_remove_members_test.exs b/test/mv_web/live/group_live/show_add_remove_members_test.exs index 1c8c15a..6c140c3 100644 --- a/test/mv_web/live/group_live/show_add_remove_members_test.exs +++ b/test/mv_web/live/group_live/show_add_remove_members_test.exs @@ -12,6 +12,13 @@ defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do alias Mv.Fixtures describe "Add Member button visibility" do + @tag role: :read_only + test "read_only user can access group show page (page permission)", %{conn: conn} do + group = Fixtures.group_fixture() + conn = get(conn, "/groups/#{group.slug}") + assert conn.status == 200 + end + test "Add Member button is visible for users with :update permission", %{conn: conn} do group = Fixtures.group_fixture() @@ -20,7 +27,7 @@ defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do assert html =~ gettext("Add Member") or html =~ "Add Member" end - @tag role: :member + @tag role: :read_only test "Add Member button is NOT visible for users without :update permission", %{conn: conn} do group = Fixtures.group_fixture() @@ -61,7 +68,7 @@ defmodule MvWeb.GroupLive.ShowAddRemoveMembersTest do html =~ ~r/hero-trash|hero-x-mark/ end - @tag role: :member + @tag role: :read_only test "Remove button is NOT visible for users without :update permission", %{conn: conn} do group = Fixtures.group_fixture() member = Fixtures.member_fixture(%{first_name: "Bob", last_name: "Jones"}) diff --git a/test/mv_web/live/group_live/show_authorization_test.exs b/test/mv_web/live/group_live/show_authorization_test.exs index 9a38b71..744b9ad 100644 --- a/test/mv_web/live/group_live/show_authorization_test.exs +++ b/test/mv_web/live/group_live/show_authorization_test.exs @@ -56,7 +56,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do assert html =~ "Alice" end - @tag role: :member + @tag role: :read_only test "unauthorized user cannot add member (server-side check)", %{conn: conn} do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -113,7 +113,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do refute html =~ "Charlie" end - @tag role: :member + @tag role: :read_only test "unauthorized user cannot remove member (server-side check)", %{conn: conn} do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -180,7 +180,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do assert html =~ "Add Member" || html =~ "Remove" end - @tag role: :member + @tag role: :read_only test "Add Member button is hidden for read-only users", %{conn: conn} do _system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -191,7 +191,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do refute html =~ "Add Member" end - @tag role: :member + @tag role: :read_only test "Remove button is hidden for read-only users", %{conn: conn} do system_actor = Mv.Helpers.SystemActor.get_system_actor() group = Fixtures.group_fixture() @@ -216,7 +216,7 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do refute html =~ "hero-trash" or html =~ ~r/]*remove_member/ end - @tag role: :member + @tag role: :read_only test "modal cannot be opened for unauthorized users", %{conn: conn} do group = Fixtures.group_fixture() @@ -228,6 +228,28 @@ defmodule MvWeb.GroupLive.ShowAuthorizationTest do end end + describe "member (own_data) page access" do + # Members have no page permission for /groups or /groups/:slug; they are redirected. + # This tests that limited access for the member role is enforced. + @tag role: :member + test "member is redirected when accessing group show page", %{conn: conn} do + group = Fixtures.group_fixture() + + result = live(conn, "/groups/#{group.slug}") + + assert {:error, {:redirect, %{to: path, flash: %{"error" => _}}}} = result + assert path =~ ~r|^/users/[^/]+$| + end + + @tag role: :member + test "member is redirected when accessing groups index", %{conn: conn} do + result = live(conn, "/groups") + + assert {:error, {:redirect, %{to: path, flash: %{"error" => _}}}} = result + assert path =~ ~r|^/users/[^/]+$| + end + end + describe "security edge cases" do test "slug injection attempts are prevented", %{conn: conn} do # Try to inject malicious content in slug diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex index 745be5a..89b6ab0 100644 --- a/test/support/conn_case.ex +++ b/test/support/conn_case.ex @@ -178,6 +178,7 @@ defmodule MvWeb.ConnCase do :read_only -> # Vorstand/Buchhaltung: can read members, groups; cannot edit or access admin/settings read_only_user = Mv.Fixtures.user_with_role_fixture("read_only") + read_only_user = Mv.Authorization.Actor.ensure_loaded(read_only_user) authenticated_conn = conn_with_password_user(conn, read_only_user) {authenticated_conn, read_only_user} From 505e31653a64a8bfb17fcec090ab00ec8582afdf Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:29 +0100 Subject: [PATCH 17/84] Apply UI authorization to Member LiveViews (Index and Show) Gate New Member button, Edit and Delete links with can?/3. Edit button on Member Show visible only when user can update the member. --- lib/mv_web/live/member_live/index.html.heex | 26 +++++++++++++-------- lib/mv_web/live/member_live/show.ex | 8 ++++--- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/lib/mv_web/live/member_live/index.html.heex b/lib/mv_web/live/member_live/index.html.heex index 394db2c..c44f3a3 100644 --- a/lib/mv_web/live/member_live/index.html.heex +++ b/lib/mv_web/live/member_live/index.html.heex @@ -23,9 +23,11 @@ <.icon name="hero-envelope" /> {gettext("Open in email program")} - <.button variant="primary" navigate={~p"/members/new"}> - <.icon name="hero-plus" /> {gettext("New Member")} - + <%= if can?(@current_user, :create, Mv.Membership.Member) do %> + <.button variant="primary" navigate={~p"/members/new"}> + <.icon name="hero-plus" /> {gettext("New Member")} + + <% end %> @@ -297,16 +299,20 @@ <.link navigate={~p"/members/#{member}"}>{gettext("Show")} - <.link navigate={~p"/members/#{member}/edit"}>{gettext("Edit")} + <%= if can?(@current_user, :update, member) do %> + <.link navigate={~p"/members/#{member}/edit"}>{gettext("Edit")} + <% end %> <:action :let={member}> - <.link - phx-click={JS.push("delete", value: %{id: member.id}) |> hide("#row-#{member.id}")} - data-confirm={gettext("Are you sure?")} - > - {gettext("Delete")} - + <%= if can?(@current_user, :destroy, member) do %> + <.link + phx-click={JS.push("delete", value: %{id: member.id}) |> hide("#row-#{member.id}")} + data-confirm={gettext("Are you sure?")} + > + {gettext("Delete")} + + <% end %> diff --git a/lib/mv_web/live/member_live/show.ex b/lib/mv_web/live/member_live/show.ex index d484672..9ac1fc8 100644 --- a/lib/mv_web/live/member_live/show.ex +++ b/lib/mv_web/live/member_live/show.ex @@ -39,9 +39,11 @@ defmodule MvWeb.MemberLive.Show do {MvWeb.Helpers.MemberHelpers.display_name(@member)} - <.button variant="primary" navigate={~p"/members/#{@member}/edit?return_to=show"}> - {gettext("Edit Member")} - + <%= if can?(@current_user, :update, @member) do %> + <.button variant="primary" navigate={~p"/members/#{@member}/edit?return_to=show"}> + {gettext("Edit Member")} + + <% end %> <%!-- Tab Navigation --%> From 5e361ba4006f2d9cf776eb9ab7992a68b211fdc6 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:30 +0100 Subject: [PATCH 18/84] Add Member LiveView authorization tests Covers read_only, normal_user, admin, own_data for Index and Show. Asserts New Member / Edit / Delete visibility and redirect for Mitglied. --- .../live/member_live_authorization_test.exs | 106 ++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 test/mv_web/live/member_live_authorization_test.exs diff --git a/test/mv_web/live/member_live_authorization_test.exs b/test/mv_web/live/member_live_authorization_test.exs new file mode 100644 index 0000000..c8d02b8 --- /dev/null +++ b/test/mv_web/live/member_live_authorization_test.exs @@ -0,0 +1,106 @@ +defmodule MvWeb.MemberLiveAuthorizationTest do + @moduledoc """ + Tests for UI authorization on Member LiveViews (Index and Show). + """ + use MvWeb.ConnCase, async: false + + import Phoenix.LiveViewTest + + alias Mv.Fixtures + + # Use literal strings for button/link text (matches default Gettext locale) + @new_member_text "New Member" + @edit_member_text "Edit Member" + + describe "Member Index - Vorstand (read_only)" do + @tag role: :read_only + test "sees member list but not New Member button", %{conn: conn} do + _member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members") + + refute html =~ @new_member_text + end + + @tag role: :read_only + test "does not see Edit or Delete buttons in table", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, view, _html} = live(conn, "/members") + + refute has_element?(view, "a[href=\"/members/#{member.id}/edit\"]") + refute has_element?(view, "a[phx-click*='delete']") + end + end + + describe "Member Index - Kassenwart (normal_user)" do + @tag role: :normal_user + test "sees New Member and Edit buttons", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, view, html} = live(conn, "/members") + + assert html =~ @new_member_text + assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]") + end + + @tag role: :normal_user + test "does not see Delete button", %{conn: conn} do + _member = Fixtures.member_fixture() + + {:ok, view, _html} = live(conn, "/members") + + refute has_element?(view, "a[phx-click*='delete']") + end + end + + describe "Member Index - Admin" do + @tag role: :admin + test "sees New Member, Edit and Delete buttons", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, view, html} = live(conn, "/members") + + assert html =~ @new_member_text + assert has_element?(view, "a[href=\"/members/#{member.id}/edit\"]") + assert has_element?(view, "a[phx-click*='delete']") + end + end + + describe "Member Index - Mitglied (own_data)" do + @tag role: :member + test "is redirected when accessing /members", %{conn: conn, current_user: user} do + assert {:error, {:redirect, %{to: to}}} = live(conn, "/members") + assert to == "/users/#{user.id}" + end + end + + describe "Member Show - Edit button visibility" do + @tag role: :admin + test "admin sees Edit button", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members/#{member.id}") + + assert html =~ @edit_member_text + end + + @tag role: :read_only + test "read_only does not see Edit button", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members/#{member.id}") + + refute html =~ @edit_member_text + end + + @tag role: :normal_user + test "normal_user sees Edit button", %{conn: conn} do + member = Fixtures.member_fixture() + + {:ok, _view, html} = live(conn, "/members/#{member.id}") + + assert html =~ @edit_member_text + end + end +end From 2f67c7099d0b6dfb5a9d5443ddf76644683a7b4d Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:32 +0100 Subject: [PATCH 19/84] Apply UI authorization to User LiveViews (Index and Show) Gate New User button, Edit and Delete links with can?/3. Edit button on User Show visible only when user can update the user. --- lib/mv_web/live/user_live/index.html.heex | 26 ++++++++++++++--------- lib/mv_web/live/user_live/show.ex | 8 ++++--- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/lib/mv_web/live/user_live/index.html.heex b/lib/mv_web/live/user_live/index.html.heex index 9314f1e..dcb2e83 100644 --- a/lib/mv_web/live/user_live/index.html.heex +++ b/lib/mv_web/live/user_live/index.html.heex @@ -2,9 +2,11 @@ <.header> {gettext("Listing Users")} <:actions> - <.button variant="primary" navigate={~p"/users/new"}> - <.icon name="hero-plus" /> {gettext("New User")} - + <%= if can?(@current_user, :create, Mv.Accounts.User) do %> + <.button variant="primary" navigate={~p"/users/new"}> + <.icon name="hero-plus" /> {gettext("New User")} + + <% end %> @@ -62,16 +64,20 @@ <.link navigate={~p"/users/#{user}"}>{gettext("Show")} - <.link navigate={~p"/users/#{user}/edit"}>{gettext("Edit")} + <%= if can?(@current_user, :update, user) do %> + <.link navigate={~p"/users/#{user}/edit"}>{gettext("Edit")} + <% end %> <:action :let={user}> - <.link - phx-click={JS.push("delete", value: %{id: user.id}) |> hide("#row-#{user.id}")} - data-confirm={gettext("Are you sure?")} - > - {gettext("Delete")} - + <%= if can?(@current_user, :destroy, user) do %> + <.link + phx-click={JS.push("delete", value: %{id: user.id}) |> hide("#row-#{user.id}")} + data-confirm={gettext("Are you sure?")} + > + {gettext("Delete")} + + <% end %> diff --git a/lib/mv_web/live/user_live/show.ex b/lib/mv_web/live/user_live/show.ex index e961d84..fa4f186 100644 --- a/lib/mv_web/live/user_live/show.ex +++ b/lib/mv_web/live/user_live/show.ex @@ -41,9 +41,11 @@ defmodule MvWeb.UserLive.Show do <.icon name="hero-arrow-left" /> {gettext("Back to users list")} - <.button variant="primary" navigate={~p"/users/#{@user}/edit?return_to=show"}> - <.icon name="hero-pencil-square" /> {gettext("Edit User")} - + <%= if can?(@current_user, :update, @user) do %> + <.button variant="primary" navigate={~p"/users/#{@user}/edit?return_to=show"}> + <.icon name="hero-pencil-square" /> {gettext("Edit User")} + + <% end %> From cc9e530d8049505b26724704db5350e44ea1cb01 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:33 +0100 Subject: [PATCH 20/84] Add User LiveView authorization tests Covers admin, read_only, member, normal_user for Index and Show. Asserts New User / Edit / Delete visibility and redirect for non-admin. --- .../live/user_live_authorization_test.exs | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 test/mv_web/live/user_live_authorization_test.exs diff --git a/test/mv_web/live/user_live_authorization_test.exs b/test/mv_web/live/user_live_authorization_test.exs new file mode 100644 index 0000000..9c35d87 --- /dev/null +++ b/test/mv_web/live/user_live_authorization_test.exs @@ -0,0 +1,84 @@ +defmodule MvWeb.UserLiveAuthorizationTest do + @moduledoc """ + Tests for UI authorization on User LiveViews (Index and Show). + """ + use MvWeb.ConnCase, async: false + + import Phoenix.LiveViewTest + + alias Mv.Fixtures + + @new_user_text "New User" + @edit_user_text "Edit User" + + describe "User Index - Admin" do + @tag role: :admin + test "sees New User, Edit and Delete buttons", %{conn: conn} do + user = Fixtures.user_with_role_fixture("admin") + + {:ok, view, html} = live(conn, "/users") + + assert html =~ @new_user_text + assert has_element?(view, "a[href=\"/users/#{user.id}/edit\"]") + assert has_element?(view, "a[phx-click*='delete']") + end + end + + describe "User Index - Non-Admin is redirected" do + @tag role: :read_only + test "read_only is redirected when accessing /users", %{conn: conn, current_user: user} do + assert {:error, {:redirect, %{to: to}}} = live(conn, "/users") + assert to == "/users/#{user.id}" + end + + @tag role: :member + test "member is redirected when accessing /users", %{conn: conn, current_user: user} do + assert {:error, {:redirect, %{to: to}}} = live(conn, "/users") + assert to == "/users/#{user.id}" + end + + @tag role: :normal_user + test "normal_user is redirected when accessing /users", %{conn: conn, current_user: user} do + assert {:error, {:redirect, %{to: to}}} = live(conn, "/users") + assert to == "/users/#{user.id}" + end + end + + describe "User Show - own profile" do + @tag role: :member + test "member sees Edit button on own profile", %{conn: conn, current_user: user} do + {:ok, _view, html} = live(conn, "/users/#{user.id}") + + assert html =~ @edit_user_text + end + + @tag role: :read_only + test "read_only sees Edit button on own profile", %{conn: conn, current_user: user} do + {:ok, _view, html} = live(conn, "/users/#{user.id}") + + assert html =~ @edit_user_text + end + + @tag role: :admin + test "admin sees Edit button on user show", %{conn: conn} do + user = Fixtures.user_with_role_fixture("read_only") + + {:ok, _view, html} = live(conn, "/users/#{user.id}") + + assert html =~ @edit_user_text + end + end + + describe "User Show - other user (non-admin redirected)" do + @tag role: :member + test "member is redirected when accessing other user's profile", %{ + conn: conn, + current_user: current_user + } do + other_user = Fixtures.user_with_role_fixture("admin") + + assert {:error, {:redirect, %{to: to}}} = live(conn, "/users/#{other_user.id}") + assert to == "/users/#{current_user.id}" + end + end +end From f779fd61e054f2862453e87049e373377ead1979 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:35 +0100 Subject: [PATCH 21/84] Gate sidebar menu items by can_access_page? Members, Fee Types and Administration subitems only shown when user has page permission. Add admin_menu_visible? helper. Sidebar test uses admin user so menu items render. --- lib/mv_web/components/layouts/sidebar.ex | 67 +++++++++++++------ .../components/layouts/sidebar_test.exs | 7 +- 2 files changed, 51 insertions(+), 23 deletions(-) diff --git a/lib/mv_web/components/layouts/sidebar.ex b/lib/mv_web/components/layouts/sidebar.ex index 1d564c1..19f5547 100644 --- a/lib/mv_web/components/layouts/sidebar.ex +++ b/lib/mv_web/components/layouts/sidebar.ex @@ -70,33 +70,56 @@ defmodule MvWeb.Layouts.Sidebar do defp sidebar_menu(assigns) do ~H""" """ end + defp admin_menu_visible?(user) do + Enum.any?(admin_page_paths(), &can_access_page?(user, &1)) + end + + defp admin_page_paths do + ["/users", "/groups", "/admin/roles", "/membership_fee_settings", "/settings"] + end + attr :href, :string, required: true, doc: "Navigation path" attr :icon, :string, required: true, doc: "Heroicon name" attr :label, :string, required: true, doc: "Menu item label" diff --git a/test/mv_web/components/layouts/sidebar_test.exs b/test/mv_web/components/layouts/sidebar_test.exs index 75727e3..0975b8f 100644 --- a/test/mv_web/components/layouts/sidebar_test.exs +++ b/test/mv_web/components/layouts/sidebar_test.exs @@ -22,9 +22,14 @@ defmodule MvWeb.Layouts.SidebarTest do # ============================================================================= # Returns assigns for an authenticated user with all required attributes. + # User has admin role so can_access_page? returns true for all sidebar links. defp authenticated_assigns(mobile \\ false) do %{ - current_user: %{id: "user-123", email: "test@example.com"}, + current_user: %{ + id: "user-123", + email: "test@example.com", + role: %{permission_set_name: "admin"} + }, club_name: "Test Club", mobile: mobile } From 1426ef1d38575b385454e210fc182c8d58f4b05f Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 16:35:36 +0100 Subject: [PATCH 22/84] Add sidebar authorization tests Assert menu visibility per role: admin, read_only, normal_user, own_data, nil user, user without role. --- .../components/sidebar_authorization_test.exs | 120 ++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 test/mv_web/components/sidebar_authorization_test.exs diff --git a/test/mv_web/components/sidebar_authorization_test.exs b/test/mv_web/components/sidebar_authorization_test.exs new file mode 100644 index 0000000..234f7cb --- /dev/null +++ b/test/mv_web/components/sidebar_authorization_test.exs @@ -0,0 +1,120 @@ +defmodule MvWeb.SidebarAuthorizationTest do + @moduledoc """ + Tests for sidebar menu visibility based on user permissions (can_access_page?). + """ + use MvWeb.ConnCase, async: false + + import Phoenix.LiveViewTest + import MvWeb.Layouts.Sidebar + + alias Mv.Fixtures + + defp render_sidebar(assigns) do + render_component(&sidebar/1, assigns) + end + + defp sidebar_assigns(current_user, opts \\ []) do + mobile = Keyword.get(opts, :mobile, false) + club_name = Keyword.get(opts, :club_name, "Test Club") + + %{ + current_user: current_user, + club_name: club_name, + mobile: mobile + } + end + + describe "sidebar menu with admin user" do + test "shows Members, Fee Types and Administration with all subitems" do + user = Fixtures.user_with_role_fixture("admin") + html = render_sidebar(sidebar_assigns(user)) + + assert html =~ ~s(href="/members") + assert html =~ ~s(href="/membership_fee_types") + assert html =~ ~s(aria-label="Administration") + assert html =~ ~s(href="/users") + assert html =~ ~s(href="/groups") + assert html =~ ~s(href="/admin/roles") + assert html =~ ~s(href="/membership_fee_settings") + assert html =~ ~s(href="/settings") + end + end + + describe "sidebar menu with read_only user (Vorstand/Buchhaltung)" do + test "shows Members and Groups (from Administration)" do + user = Fixtures.user_with_role_fixture("read_only") + html = render_sidebar(sidebar_assigns(user)) + + assert html =~ ~s(href="/members") + assert html =~ ~s(href="/groups") + end + + test "does not show Fee Types, Users, Roles or Settings" do + user = Fixtures.user_with_role_fixture("read_only") + html = render_sidebar(sidebar_assigns(user)) + + refute html =~ ~s(href="/membership_fee_types") + refute html =~ ~s(href="/users") + refute html =~ ~s(href="/admin/roles") + refute html =~ ~s(href="/settings") + end + end + + describe "sidebar menu with normal_user (Kassenwart)" do + test "shows Members and Groups" do + user = Fixtures.user_with_role_fixture("normal_user") + html = render_sidebar(sidebar_assigns(user)) + + assert html =~ ~s(href="/members") + assert html =~ ~s(href="/groups") + end + + test "does not show Fee Types, Users, Roles or Settings" do + user = Fixtures.user_with_role_fixture("normal_user") + html = render_sidebar(sidebar_assigns(user)) + + refute html =~ ~s(href="/membership_fee_types") + refute html =~ ~s(href="/users") + refute html =~ ~s(href="/admin/roles") + refute html =~ ~s(href="/settings") + end + end + + describe "sidebar menu with own_data user (Mitglied)" do + test "does not show Members link (no /members page access)" do + user = Fixtures.user_with_role_fixture("own_data") + html = render_sidebar(sidebar_assigns(user)) + + refute html =~ ~s(href="/members") + end + + test "does not show Fee Types or Administration" do + user = Fixtures.user_with_role_fixture("own_data") + html = render_sidebar(sidebar_assigns(user)) + + refute html =~ ~s(href="/membership_fee_types") + refute html =~ ~s(href="/users") + refute html =~ ~s(aria-label="Administration") + end + end + + describe "sidebar with nil current_user" do + test "does not render menu items (only header and footer when present)" do + html = render_sidebar(sidebar_assigns(nil)) + + refute html =~ ~s(role="menubar") + refute html =~ ~s(href="/members") + end + end + + describe "sidebar with user without role" do + test "does not show any navigation links" do + user = %{id: "user-no-role", email: "noreply@test.com", role: nil} + html = render_sidebar(sidebar_assigns(user)) + + refute html =~ ~s(href="/members") + refute html =~ ~s(href="/membership_fee_types") + refute html =~ ~s(href="/users") + end + end +end From 9e8910344e0389fb2fa090ba792d77d0853e1fe9 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 17:16:07 +0100 Subject: [PATCH 23/84] Add MvWeb.PagePaths for central sidebar/page paths Single source for path strings used by Sidebar and can_access_page?. Keep in sync with router when routes change. --- lib/mv_web/page_paths.ex | 42 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 lib/mv_web/page_paths.ex diff --git a/lib/mv_web/page_paths.ex b/lib/mv_web/page_paths.ex new file mode 100644 index 0000000..5606c76 --- /dev/null +++ b/lib/mv_web/page_paths.ex @@ -0,0 +1,42 @@ +defmodule MvWeb.PagePaths do + @moduledoc """ + Central path strings for UI authorization and sidebar menu. + + Keep in sync with `MvWeb.Router`. Used by Sidebar and `can_access_page?/2` + so route changes (prefix, rename) are updated in one place. + """ + + # Sidebar top-level menu paths + @members "/members" + @membership_fee_types "/membership_fee_types" + + # Administration submenu paths (all must match router) + @users "/users" + @groups "/groups" + @admin_roles "/admin/roles" + @membership_fee_settings "/membership_fee_settings" + @settings "/settings" + + @admin_page_paths [ + @users, + @groups, + @admin_roles, + @membership_fee_settings, + @settings + ] + + @doc "Path for Members index (sidebar and page permission check)." + def members, do: @members + + @doc "Path for Membership Fee Types index (sidebar and page permission check)." + def membership_fee_types, do: @membership_fee_types + + @doc "Paths for Administration menu; show group if user can access any of these." + def admin_menu_paths, do: @admin_page_paths + + def users, do: @users + def groups, do: @groups + def admin_roles, do: @admin_roles + def membership_fee_settings, do: @membership_fee_settings + def settings, do: @settings +end From 2ddd22078dbcc93aabe3e7212d1958b8c0dbb841 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 3 Feb 2026 17:16:08 +0100 Subject: [PATCH 24/84] Sidebar: use PagePaths, add testid for Administration Gate menu items via PagePaths; add data-testid=sidebar-administration for stable tests. menu_group accepts optional testid attr. --- lib/mv_web/components/layouts/sidebar.ex | 33 +++++++++++++----------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/lib/mv_web/components/layouts/sidebar.ex b/lib/mv_web/components/layouts/sidebar.ex index 19f5547..26c0d7a 100644 --- a/lib/mv_web/components/layouts/sidebar.ex +++ b/lib/mv_web/components/layouts/sidebar.ex @@ -4,6 +4,8 @@ defmodule MvWeb.Layouts.Sidebar do """ use MvWeb, :html + alias MvWeb.PagePaths + attr :current_user, :map, default: nil, doc: "The current user" attr :club_name, :string, required: true, doc: "The name of the club" attr :mobile, :boolean, default: false, doc: "Whether this is mobile view" @@ -70,7 +72,7 @@ defmodule MvWeb.Layouts.Sidebar do defp sidebar_menu(assigns) do ~H"""