Authorization Domain and Role Resource closes #321 #322

Merged

moritz merged 18 commits from feature/321_authorization_domain into main 2026-01-06 19:22:57 +01:00

Conversation 0 Commits 18 Files changed 9 +685 -1

moritz commented 2026-01-06 17:33:17 +01:00

Owner

Copy link

Description of the implemented changes

The changes were:

• Bugfixing
• New Feature
• Breaking Change
• Refactoring

Definition of Done

Code Quality

• No new technical depths
• Linting passed
• Documentation is added were needed

Accessibility

• New elements are properly defined with html-tags
• Colour contrast follows WCAG criteria
• Aria labels are added when needed
• Everything is accessible by keyboard
• Tab-Order is comprehensible
• All interactive elements have a visible focus

Testing

• Tests for new code are written
• All tests pass
• axe-core dev tools show no critical or major issues

Additional Notes

## Description of the implemented changes The changes were: - [ ] Bugfixing - [x] New Feature - [ ] Breaking Change - [ ] Refactoring ## Definition of Done ### Code Quality - [ ] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [x] Tests for new code are written - [x] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes <!--- Add any additional information for the reviewers here -->

moritz self-assigned this 2026-01-06 17:33:17 +01:00

moritz added 6 commits 2026-01-06 17:33:19 +01:00

feat: add PermissionSets stub module for role validation ... 37d1655227

Add minimal PermissionSets module with all_permission_sets/0 function
to support permission_set_name validation in Role resource.

feat: create Authorization domain ... 1b2927ce40

Add Mv.Authorization domain with AshAdmin and AshPhoenix extensions.
Register domain in config for role management.

feat: add Role resource with validations ... 4535551b8d

Create Role resource with name, description, permission_set_name,
and is_system_role fields. Add validations for permission_set_name
and system role deletion protection.

feat: add role relationship to User resource ... 90c32c2afd

Add belongs_to :role relationship to User resource and register
Authorization domain in config.

feat: add authorization domain migration ... 851d63f626

Create roles table and add role_id to users table with indexes
and foreign key constraints.

feat: add resource snapshots for roles and users ... b569612a63

Add Ash resource snapshots generated during migration creation.

moritz added 10 commits 2026-01-06 18:50:22 +01:00

refactor: use UUIDv7 and improve Role validations ... 82ec4e565a

- Change id from uuid_primary_key to uuid_v7_primary_key
- Replace custom validation with built-in one_of validation
- Add explicit on_delete: :restrict for users foreign key
- Update postgres references configuration

refactor: update migration for UUIDv7 and explicit FK constraint ... 402a78dd0a

- Add on_delete: :restrict to users.role_id foreign key
- Update roles.id to use uuid_generate_v7() default
- Regenerate resource snapshots

docs: clean up PermissionSets documentation ... 12c08cabee

Remove issue number references from moduledoc

test: add unit tests for Role validations ... 9bb0fe5e37

Add tests for permission_set_name validation, system role
deletion protection, and name uniqueness constraints.

refactor: simplify system role deletion validation ... 557eb4d27d

Remove redundant action_type check since validation already
runs only on destroy actions. Add field to error for better
error handling.

feat: add get_role action to Authorization domain ... f63405052f

Add get_role action for retrieving single role by ID through
code interface.

docs: document FK constraint behavior for role relationship ... deacc43030

Add comment explaining on_delete: :restrict behavior for
users.role_id foreign key constraint.

refactor: improve error_message test helper ... c6a766377a

Add pattern matching for nil field case to handle errors
without specific field (e.g., system role deletion).

refactor: squash migrations into single authorization domain migration ... ce1d5790a3

Combine initial authorization migration with UUIDv7 update into
one migration. Migration now creates roles table with UUIDv7
default and explicit on_delete: :restrict FK constraint.

refactor: improve error_message test helper robustness ... 73763b1f58

Use Enum.reject for nil field case to explicitly filter errors
without field. Update test to use :is_system_role field since
validation error includes field.

moritz added 2 commits 2026-01-06 19:09:59 +01:00

security: remove is_system_role from public API ... 5f13901ca5

Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.

test: update role tests for is_system_role API change ... 3265468bd6

Use Ash.Changeset.force_change_attribute to set is_system_role in tests
since it's no longer settable via public API. Remove unused nil clause
from error_message helper.

moritz merged commit 634d3bd446 into main 2026-01-06 19:22:57 +01:00

moritz referenced this pull request from a commit 2026-01-06 19:22:58 +01:00

Merge pull request 'Authorization Domain and Role Resource closes #321' (#322) from feature/321_authorization_domain into main

moritz deleted branch feature/321_authorization_domain 2026-01-06 19:22:58 +01:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

high priority

  

invalid

Something is wrong

  

L

5 h

  

low priority

  

M

3 h

  

medium priority

  

needs refinement

  

optional

  

question

More information is needed

  

S

1 h

  

UX research

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

high priority

invalid

L

low priority

M

medium priority

needs refinement

optional

question

S

UX research

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

moritz

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#322

No description provided.