Correctness, robustness & hot-path performance #532
Labels
No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
optional
question
S
technical improvement
UX Improvement
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: local-it/mitgliederverwaltung#532
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Motivation
A set of genuine correctness/robustness fixes plus two safe hot-path performance wins. Grouped because each
needs focused tests rather than riding along with mechanical cleanup.
Scope
each read admin-count == 2 and both commit, leaving zero admins (
lib/accounts/user.ex:477-529). This is NOT asimple declarative constraint — "admin" is indirect (
role_id → roles.permission_set_name == "admin", multipleadmin roles, the system user excluded). Pick a mechanism in
/solutions:pg_advisory_xact_lockin the admin-mutating action(s) — pragmatic minimum;SELECT … FOR UPDATE+RAISE EXCEPTION 'ash_error: …'— path-independent, fits theexisting trigger pattern, but needs a sibling trigger on
roles;Also map the OIDC email-collision constraint error to a friendly message. Note: worst-case zero-admins is
recoverable via the
seed_adminrelease task.to_sort_id/1(member_live/index.ex:783) that builds:"sort_#{field}"for an unknown field.determine_order/1is a verified false positive (bounded to"asc"/"desc") — no change there.
current_actor/1(live_helpers.ex:116) is @spec'd to return nil but raisesKeyErrorwhen the
current_userassign is absent. Fix the fallback.groups_from_user_info(oidc_role_sync.ex:58) rescuesString.to_existing_atomby re-reading only the string key, so an atom-keyed
user_infowith an unloaded atom silently yields no groups(possible silent missing admin assignment).
@impl has_change?/0toSyncMemberEmailToUserso the twobidirectional email-sync changes run consistently (Ash 3.12+); correct the overstated-atomicity comment in
email_sync/.../helpers.ex.auth_controller.ex:239-278with structured Ash-error-type matching (breaks on i18n/rewording).members_pdf.ex:146).vereinfacht/changes/sync_contact.ex:36) already runsin
after_transaction(does not block the tx or fail the save) but is synchronous in the request process, sothe member save waits on the third-party HTTP call. Dispatch via the existing
Mv.TaskSupervisor; surface theresult via the existing
SyncFlash.oidc_client_secret/0via the existingSettingsCachelike its siblingsettings reads (currently an uncached
Ash.read_oneper request through a plug). Safe: config, not authz state.Acceptance criteria
input does not create atoms; missing-
current_userpath returns nil; atom-keyeduser_inforesolves groups;PDF export locale does not leak; member save returns without waiting on the Vereinfacht API (result via SyncFlash).
Warning.UnsafeToAtominto the gate.credo.exs(R-006 clears it).