Fix System missing system actor in prod and prevent deletion #379

Merged

moritz merged 12 commits from fix/system_actor into main 2026-01-27 17:54:49 +01:00

Conversation 0 Commits 12 Files changed 15 +287 -37

moritz commented 2026-01-27 16:09:58 +01:00

Owner

Copy link

Description of the implemented changes

The changes were:

• Bugfixing
• New Feature
• Breaking Change
• Refactoring

What has been changed?

Definition of Done

Code Quality

• No new technical depths
• Linting passed
• Documentation is added were needed

Accessibility

• New elements are properly defined with html-tags
• Colour contrast follows WCAG criteria
• Aria labels are added when needed
• Everything is accessible by keyboard
• Tab-Order is comprehensible
• All interactive elements have a visible focus

Testing

• Tests for new code are written
• All tests pass
• axe-core dev tools show no critical or major issues

Additional Notes

## Description of the implemented changes The changes were: - [x] Bugfixing - [ ] New Feature - [ ] Breaking Change - [ ] Refactoring <!--- Describe the goal of the PR in a few words --> ## What has been changed? <!--- List the things you changed --> ## Definition of Done ### Code Quality - [x] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [x] Tests for new code are written - [x] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes <!--- Add any additional information for the reviewers here -->

moritz self-assigned this 2026-01-27 16:09:58 +01:00

moritz added 5 commits 2026-01-27 16:09:59 +01:00

Ensure system actor user exists via migration ... 63377717e4

Creates user system@mila.local with Admin role if missing. Idempotent;
guarantees system actor in production without relying on seeds.

Prevent deletion of system actor user ... 55f322a09b

Add destroy validation and explicit destroy action (primary, require_atomic? false).
Validation blocks destroy when email == SystemActor.system_user_email().

Hide system actor from user list and block show/edit ... 56bf411756

Index: filter out SystemActor.system_user_email() in query. Show/Form:
redirect to /users with flash when viewing or editing system actor user.
Index format_error: handle Ash errors without :message field.

Add tests for system actor protection and hiding ... 86c1ab8462

Index: system actor not in list, destroy returns Ash.Error.Invalid. Show/Form:
redirect to /users when viewing or editing system actor user.

Add gettext strings for system actor show/edit redirect messages ... b5b2317d69

German: Dieser Benutzer kann nicht angezeigt/bearbeitet werden.

moritz added this to the Sprint 11: 08.01-29.01 project 2026-01-27 16:10:00 +01:00

moritz added 6 commits 2026-01-27 17:38:15 +01:00

refactor(web): extract format_ash_error to MvWeb.ErrorHelpers ... 92b12af022

Use shared ErrorHelpers in UserLive.Index for consistent Ash error formatting.

feat(system_actor): add system_user?/1 and normalize email ... b5da5774f5

Case-insensitive email comparison for system-actor detection.

feat(accounts): block update/destroy on system-actor user ... 62b9a82045

Validation prevents modifying system actor user (required for internal ops).

chore(migration): ensure_system_actor_user_exists ... 0df90c369b

Use admin_role_id, consistent UUID and timestamps.

feat(user_live): handle system user in form and show ... c9d6e0c644

Early return / load_user_or_redirect, use system_user? to avoid editing system actor.

fix(seeds): use :update_internal for system user admin-role ... ebbb4144a5

:update is blocked for system-actor user; use :update_internal in bootstrap.

moritz force-pushed fix/system_actor from ebbb4144a5 to 92ee7fcc63 2026-01-27 17:39:09 +01:00 Compare

moritz added 1 commit 2026-01-27 17:47:14 +01:00

fix(migration): use INSERT..SELECT for system user role_id in CI ... 462bc21ec3

Avoid nil/empty-string UUID when repo().one lags after role insert.

moritz merged commit d78032d50f into main 2026-01-27 17:54:49 +01:00

moritz referenced this pull request from a commit 2026-01-27 17:54:50 +01:00

Merge pull request 'Fix System missing system actor in prod and prevent deletion' (#379) from fix/system_actor into main

moritz deleted branch fix/system_actor 2026-01-27 17:54:50 +01:00

moritz added this to the We have different roles and permissions milestone 2026-02-03 16:43:04 +01:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

high priority

  

invalid

Something is wrong

  

L

5 h

  

low priority

  

M

3 h

  

medium priority

  

needs refinement

  

optional

  

question

More information is needed

  

S

1 h

  

UX research

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

high priority

invalid

L

low priority

M

medium priority

needs refinement

optional

question

S

UX research

wontfix

Milestone

Clear milestone

No items

No milestone

We have different roles and permissions

Projects

Clear projects

No items

No project

Sprint 11: 08.01-29.01

Assignees

Clear assignees

No assignees

moritz

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#379

No description provided.