CustomField Resource Policies closes #386

## Description of the implemented changes The changes were: - [ ] Bugfixing - [x] New Feature - [ ] Breaking Change - [ ] Refactoring  ## What has been changed?  ## Definition of Done ### Code Quality - [x] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [x] Tests for new code are written - [x] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes

moritz added this to the Accounts & Logins milestone 2026-01-29 14:00:21 +01:00

moritz self-assigned this 2026-01-29 14:00:21 +01:00

moritz added 3 commits 2026-01-29 14:00:22 +01:00

Add CustomField resource policies and tests 250369d142

- Add policies block with HasPermission for read/create/update/destroy
- Add authorizers: [Ash.Policy.Authorizer] to CustomField resource
- Add custom_field_policies_test.exs (read all roles, write admin only)
- Fix CustomField path in roles-and-permissions doc (lib/membership)

fix: CustomField policies, no system-actor fallback, guidelines 21dbdbe366

- Tests and UI pass actor for CustomField create/read/destroy; seeds use actor
- Member required-custom-fields validation uses context.actor only (no fallback)
- CODE_GUIDELINES: add rule forbidding system-actor fallbacks

fix: pass actor to CustomFieldLive.FormComponent for save

continuous-integration/drone/push Build is passing

Details

2931632aa8

IndexComponent now passes actor to FormComponent; FormComponent uses
assigns[:actor] instead of current_actor(socket). Add test that submits
new custom field form on settings page.

moritz added 3 commits 2026-01-29 15:55:25 +01:00

Add gettext strings for custom field load error and not authorized 9728ff6e2f

CustomField policies: actor required, no system-actor fallback, error handling 66f1965af4

- list_required_custom_fields: require actor (two clauses, no default)
- Member validation: use context.actor only, differentiate Forbidden vs transient errors
- stream_custom_fields: log + send flash on error instead of returning []
- GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash
- Seeds: use Membership.update_member with actor, format

Tests: use code interface for Member create/update (actor propagation)

d77096c800

moritz changed title from ~~WIP: CustomField Resource Policies closes #386~~ to CustomField Resource Policies closes #386

2026-01-29 16:09:56 +01:00

moritz force-pushed feature/386_customfield_policy from d77096c800 to 4473cfd372

2026-01-29 16:10:20 +01:00

Compare

moritz merged commit 34019d07a4 into main

2026-01-29 16:17:12 +01:00

moritz referenced this pull request from a commit

2026-01-29 16:17:15 +01:00

Merge pull request 'CustomField Resource Policies closes #386' (#387) from feature/386_customfield_policy into main

moritz deleted branch feature/386_customfield_policy

moritz modified the milestone from Accounts & Logins to We have different roles and permissions

2026-02-03 16:38:41 +01:00

Rows
Columns

CustomField Resource Policies closes #386 #387

Description of the implemented changes

What has been changed?

Definition of Done

Code Quality

Accessibility

Testing

Additional Notes