local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 72 Pull requests 3 Projects 4 Releases Packages 1 Activity Actions

Create Authorization Domain and Role Resource #321

New issue
Closed
opened 2026-01-06 16:13:01 +01:00 by moritz · 0 comments
moritz commented 2026-01-06 16:13:01 +01:00
Owner
Copy link

Create the authorization domain in Ash with the Role resource. This establishes the foundation for all authorization logic.

Tasks:

  1. Create lib/mv/authorization/ directory
  2. Create lib/mv/authorization/role.ex Ash resource with:
    • id (UUIDv7, primary key)
    • name (String, unique, required) - e.g., "Vorstand", "Admin"
    • description (String, optional)
    • permission_set_name (String, required) - must be one of: "own_data", "read_only", "normal_user", "admin"
    • is_system_role (Boolean, default false) - prevents deletion
    • timestamps
  3. Add validation: permission_set_name must exist in PermissionSets.all_permission_sets/0
  4. Add role_id (UUID, nullable, foreign key) to users table
  5. Add belongs_to :role relationship in User resource
  6. Run mix ash.codegen to generate migrations
  7. Review and apply migrations

Acceptance Criteria:

  • Role resource created with all fields
  • Migration applied successfully
  • User.role relationship works
  • Validation prevents invalid permission_set_name
  • is_system_role flag present
Create the authorization domain in Ash with the `Role` resource. This establishes the foundation for all authorization logic. **Tasks:** 1. Create `lib/mv/authorization/` directory 2. Create `lib/mv/authorization/role.ex` Ash resource with: - `id` (UUIDv7, primary key) - `name` (String, unique, required) - e.g., "Vorstand", "Admin" - `description` (String, optional) - `permission_set_name` (String, required) - must be one of: "own_data", "read_only", "normal_user", "admin" - `is_system_role` (Boolean, default false) - prevents deletion - timestamps 3. Add validation: `permission_set_name` must exist in `PermissionSets.all_permission_sets/0` 4. Add `role_id` (UUID, nullable, foreign key) to `users` table 5. Add `belongs_to :role` relationship in User resource 6. Run `mix ash.codegen` to generate migrations 7. Review and apply migrations **Acceptance Criteria:** - [ ] Role resource created with all fields - [ ] Migration applied successfully - [ ] User.role relationship works - [ ] Validation prevents invalid `permission_set_name` - [ ] `is_system_role` flag present
moritz added this to the Sprint 10: 11.12-08.01 project 2026-01-06 16:13:01 +01:00
moritz self-assigned this 2026-01-06 16:13:04 +01:00
moritz added this to the Accounts & Logins milestone 2026-01-08 17:14:57 +01:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
docs/update
speed-up-drone
feature/220_ui_issues_2
persist-sort-order
feature/151_roles_permissions_docs
manual_renovate_update
feature/#158-polish-README
feature/128_playwright_a11y_test
feature/119_member_user_relation_refactor
feature/119_user_as_member
feature/backpex-migration
feature/backpex_translation
feature/39_account_ressource
feature/74_memberfields
validation
feature/36_add_primerlive
No results found.
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
high priority

   
invalid

Something is wrong

  
L

5 h

  
low priority

   
M

3 h

  
medium priority

   
needs refinement

   
optional

   
question

More information is needed

  
S

1 h

  
UX research

   
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
optional
question
S
UX research
wontfix
Milestone
Clear milestone
No items
No milestone
Accounts & Logins
Projects
Clear projects
No items
No project
Sprint 10: 11.12-08.01
Assignees
Clear assignees
No assignees
moritz
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#321
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?