local-it/mitgliederverwaltung

Fork 0

Member Resource Policies closes #345 #346

Merged

moritz merged 33 commits from feature/345_member_policies_2 into main

2026-01-13 16:36:24 +01:00

moritz commented

2026-01-08 21:27:59 +01:00

Owner

Description of the implemented changes

The changes were:

Bugfixing
New Feature
Breaking Change
Refactoring

What has been changed?

Definition of Done

Code Quality

No new technical depths
Linting passed
Documentation is added were needed

Accessibility

New elements are properly defined with html-tags
Colour contrast follows WCAG criteria
Aria labels are added when needed
Everything is accessible by keyboard
Tab-Order is comprehensible
All interactive elements have a visible focus

Testing

Tests for new code are written
All tests pass
axe-core dev tools show no critical or major issues

Additional Notes

## Description of the implemented changes The changes were: - [ ] Bugfixing - [x] New Feature - [ ] Breaking Change - [ ] Refactoring  ## What has been changed?  ## Definition of Done ### Code Quality - [ ] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [x] Tests for new code are written - [x] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes

moritz added this to the Accounts & Logins milestone 2026-01-08 21:27:59 +01:00

moritz self-assigned this 2026-01-08 21:27:59 +01:00

moritz added 2 commits 2026-01-08 21:28:00 +01:00

test: add Member resource policy tests f7cda66598

feat: implement authorization policies for Member resource

continuous-integration/drone/push Build is passing

Details

9d58c9d1ef

moritz added 4 commits 2026-01-08 22:57:01 +01:00

Fix: HasPermission auto_filter and strict_check implementation 6cd18545bd

Fixes security issue where auto_filter returned nil instead of proper
filter expressions, which could lead to incorrect authorization behavior.

Refactor: NoActor to SimpleCheck with compile-time environment check 236eb53a24

This prevents security issues where :create/:read without actor would
be allowed in production. Now all operations require an actor in production.

Fix: Seeds use admin actor instead of NoActor bypass e8293457a3

This ensures seeds work correctly with the new fail-closed NoActor
policy in production, using proper authorization instead of bypass.

Docs: Correct :linked scope documentation

continuous-integration/drone/push Build is passing

Details

e5eb3b7e89

moritz added 1 commit 2026-01-08 23:13:48 +01:00

Security: Fix critical deny-filter bug and improve authorization

continuous-integration/drone/push Build was killed

Details

fecf98dc0e

CRITICAL FIX: Deny-filter was allowing all records instead of denying
Fix: User validation in Member now uses actor from changeset.context

moritz force-pushed feature/345_member_policies_2 from fecf98dc0e to 05cbd833bc

2026-01-08 23:15:59 +01:00

Compare

moritz added 1 commit 2026-01-08 23:30:38 +01:00

Improve: Make deny_filter robust and add regression test

continuous-integration/drone/push Build is passing

Details

dd4b88f0b7

- Change deny_filter from [id: {:in, []}] to expr(false)
- Add regression test to ensure deny-filter matches 0 records

moritz added 3 commits 2026-01-09 02:26:50 +01:00

Fix: Update comment in auto_filter to reflect expr(false) usage a42fc8a6eb

Update comment from 'id IN [] = never matches' to 'expr(false) = match none'
to match the actual implementation of deny_filter().

Integrate Member policies in LiveViews c544cdc07c

- Add on_mount hook to ensure user role is loaded in all Member LiveViews
- Pass actor parameter to all Ash operations (read, get, create, update, destroy, load)

Refactor test setup: use global setup and fix MembershipFees domain alias

continuous-integration/drone/push Build is passing

Details

23f00d2cba

- Remove redundant setup blocks from member_live tests
- Add build_unauthenticated_conn helper for AuthController tests
- Add global setup in conn_case.ex

moritz added 8 commits 2026-01-09 05:27:17 +01:00

Add current_actor/1 helper for consistent actor access 57bcef17ca

Provides a single function to access current_user from socket assigns
across all LiveViews, ensuring consistent access pattern.

Pass actor parameter through cycle generation c65124c8f4

Extract actor from changeset context in Member hooks and pass it
through all cycle generation functions to ensure proper authorization.

Pass actor parameter through email sync operations e27bfcb851

Extract actor from changeset context and pass it to all email sync
loader functions to ensure proper authorization when loading linked
users and members.

Pass actor parameter to member email validation 3778c5259c

Extract actor from changeset context and pass it to Ash.read and
Ash.load calls in email uniqueness validation.

Use current_actor/1 helper in all LiveViews 5b9830a6cc

Replace inconsistent actor access patterns with current_actor/1 helper
and ensure actor is passed to all Ash operations for proper authorization.

Add missing Gettext translations for member deletion errors b409107350

Add German and English translations for member deletion success and
error messages.

Pass actor parameter in seeds and update test setup b0edd25da5

Ensure cycle generation in seeds uses admin actor and update test
to use global admin_user from ConnCase setup.

Fix error handling and actor access in MemberLive.Index

continuous-integration/drone/push Build is passing

Details

7c821193fc

Replace bang calls with proper error handling and use current_actor/1
helper for consistent actor access.

moritz added 8 commits 2026-01-13 14:35:39 +01:00

test: Add role tag support to ConnCase and fix test issues 295d711768

- Add role tag support (@tag role: :admin/:member/:unauthenticated) to ConnCase
- Fix Keyword.get -> Map.get for tags Map
- Remove duplicate test file index_display_name_test.exs
- Fix CustomField creation in tests (remove slug, use :string instead of :text)
- Fix CustomFieldValue value format to use _union_type/_union_value

feat: Add shared helper functions for actor handling fdbe673a65

- Add Mv.Helpers module with ash_actor_opts/1 helper
- Add current_actor/1 with @spec to LiveHelpers
- Add ash_actor_opts/1 delegate and submit_form/3 wrapper to LiveHelpers
- Standardize actor access pattern across LiveViews

refactor: Replace actor option patterns with ash_actor_opts helper 7b28b03cd4

- Replace if actor, do: [actor: actor], else: [] with Mv.Helpers.ash_actor_opts/1
- Update email_sync/loader.ex, member validations, member.ex, cycle_generator.ex
- Consistent actor handling across non-LiveView modules

refactor: Use submit_form wrapper in all LiveView forms 6c94146aca

- Replace AshPhoenix.Form.submit with submit_form/3 wrapper
- Import current_actor and submit_form from LiveHelpers
- Consistent actor handling in all form submissions

refactor: Replace bang calls with error handling in Index LiveViews 6d10b9799d

- Replace Ash.get!/Ash.destroy! with Ash.get/Ash.destroy
- Add case statements for Forbidden, NotFound, and generic errors
- Display user-friendly flash messages for all error cases
- Use Enum.map_join/3 for efficient error formatting

refactor: Simplify UserLive.Form handle_event and improve error handling 51e7c457ae

- Extract handle_member_linking, perform_member_link_action helpers
- Extract handle_save_success, get_action_name, handle_member_link_error
- Replace hardcoded strings with gettext translations
- Use submit_form wrapper for consistent actor handling
- Group all handle_event/3 clauses together
- Add early return in load_members_for_linking if actor is nil

i18n: Add German and English translations for UI strings 4c55ced536

- Fill in empty msgstr entries in German translations
- Add translations for user actions, error messages, and form labels
- Ensure all UI strings are consistently translated

ci: Add check for empty German translations in lint task

continuous-integration/drone/push Build is passing

Details

4aa429e3cb

- Check that all German msgstr entries are filled (excluding header)
- Use awk to filter out header msgstr "" entries
- Fail lint if any empty translations are found

moritz added 4 commits 2026-01-13 15:01:23 +01:00

fix: Correct Language headers in German .po files c1b0336f01

fix: Replace Ash.read! with error handling in CustomFieldValueLive.Index a6fd5e1c1e

- Replace Ash.read! with Ash.read and proper error handling in mount/3

refactor: Reduce nesting depth in UserLive.Form.load_members_for_linking f18980e800

i18n: Update POT and English translations

continuous-integration/drone/push Build is passing

Details

7cff550749

moritz force-pushed feature/345_member_policies_2 from 7cff550749 to 4244779521

2026-01-13 16:13:36 +01:00

Compare

moritz changed title from ~~WIP: Member Resource Policies closes #345~~ to Member Resource Policies closes #345

2026-01-13 16:14:05 +01:00

moritz added 1 commit 2026-01-13 16:30:41 +01:00

i18n: Update English translations

continuous-integration/drone/push Build is passing

Details

b103ae3a5f

moritz merged commit e9bcfe4fa6 into main

2026-01-13 16:36:24 +01:00

moritz referenced this pull request from a commit

2026-01-13 16:36:27 +01:00

Merge pull request 'Member Resource Policies closes #345' (#346) from feature/345_member_policies_2 into main

moritz deleted branch feature/345_member_policies_2

2026-01-13 16:36:28 +01:00

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#346

No description provided.

Rows
Columns