[Refactor] Remove NoActor bypass #367

Merged

moritz merged 15 commits from refactor/remove_noactor into main 2026-01-24 14:56:45 +01:00

Conversation 0 Commits 15 Files changed 87 +5037 -3305

moritz commented 2026-01-23 20:08:44 +01:00

Owner

Copy link

Description of the implemented changes

The changes were:

• Bugfixing
• New Feature
• Breaking Change
• Refactoring

What has been changed?

Definition of Done

Code Quality

• No new technical depths
• Linting passed
• Documentation is added were needed

Accessibility

• New elements are properly defined with html-tags
• Colour contrast follows WCAG criteria
• Aria labels are added when needed
• Everything is accessible by keyboard
• Tab-Order is comprehensible
• All interactive elements have a visible focus

Testing

• Tests for new code are written
• All tests pass
• axe-core dev tools show no critical or major issues

Additional Notes

## Description of the implemented changes The changes were: - [x] Bugfixing - [ ] New Feature - [x] Breaking Change - [x] Refactoring <!--- Describe the goal of the PR in a few words --> ## What has been changed? <!--- List the things you changed --> ## Definition of Done ### Code Quality - [ ] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [x] Tests for new code are written - [x] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes <!--- Add any additional information for the reviewers here -->

moritz added this to the Accounts & Logins milestone 2026-01-23 20:08:44 +01:00

moritz self-assigned this 2026-01-23 20:08:45 +01:00

moritz added 3 commits 2026-01-23 20:08:46 +01:00

Remove NoActor bypass from User and Member policies ... 15d1a75571

This removes the NoActor bypass that was masking authorization bugs in tests.
All operations now require an explicit actor for authorization.

Add authorize?: false to SystemActor bootstrap operations ... 4c846f8bba

- Role lookup and creation (find_admin_role, create_admin_role)
- System user creation and role assignment
- Role loading during initialization

Add actor parameter to all tests requiring authorization ... a6cdeaa18d

This commit adds actor: system_actor to all Ash operations in tests that
require authorization.

moritz added this to the Sprint 11: 08.01-29.01 project 2026-01-23 20:08:48 +01:00

moritz added 1 commit 2026-01-24 00:33:14 +01:00

Update documentation: Remove NoActor bypass references f5fe7b0fcd

moritz added 5 commits 2026-01-24 01:46:13 +01:00

Use authorize?: false for integrity checks in validations 9cf42ff918

Fix tests: Remove duplicate actor keyword arguments 94b6fe281d

Fix test helpers: Use actor parameter correctly f1626a3beb

Fix tests: Add missing actor parameters to Ash operations 5b22f5cdaa

Fix tests: Remove redundant system_actor and update test descriptions 7e85ed7d3e

moritz force-pushed refactor/remove_noactor from 7e85ed7d3e to 15a7c615d6 2026-01-24 02:40:45 +01:00 Compare

moritz added 1 commit 2026-01-24 08:53:16 +01:00

Fix missing actor parameters and restore AshAuthentication bypass tests 71c13d0ac0

moritz added 2 commits 2026-01-24 12:53:32 +01:00

Remove NoActor module, improve Member validation, update docs b545d2b9e1

Remove unused allow_no_actor_bypass config option ef6cf1b2d4

moritz merged commit 9fe872ee58 into main 2026-01-24 14:56:45 +01:00

moritz deleted branch refactor/remove_noactor 2026-01-24 14:56:45 +01:00

moritz referenced this pull request from a commit 2026-01-24 14:56:46 +01:00

Merge pull request '[Refactor] Remove NoActor bypass' (#367) from refactor/remove_noactor into main

moritz modified the milestone from Accounts & Logins to We have different roles and permissions 2026-02-03 16:39:00 +01:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

high priority

  

invalid

Something is wrong

  

L

5 h

  

low priority

  

M

3 h

  

medium priority

  

needs refinement

  

optional

  

question

More information is needed

  

S

1 h

  

UX research

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

high priority

invalid

L

low priority

M

medium priority

needs refinement

optional

question

S

UX research

wontfix

Milestone

Clear milestone

No items

No milestone

We have different roles and permissions

Projects

Clear projects

No items

No project

Sprint 11: 08.01-29.01

Assignees

Clear assignees

No assignees

moritz

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#367

No description provided.