local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 72 Pull requests 3 Projects 4 Releases Packages 1 Activity Actions

Authorization Domain and Role Resource closes #321 #322

Merged
moritz merged 18 commits from feature/321_authorization_domain into main 2026-01-06 19:22:57 +01:00
Conversation 0 Commits 18 Files changed 9 +685 -1

18 commits

Author SHA1 Message Date
Moritz
3265468bd6 test: update role tests for is_system_role API change
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Use Ash.Changeset.force_change_attribute to set is_system_role in tests
since it's no longer settable via public API. Remove unused nil clause
from error_message helper.
 2026-01-06 19:04:05 +01:00
Moritz
5f13901ca5 security: remove is_system_role from public API 
Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.
 2026-01-06 19:04:03 +01:00
Moritz
73763b1f58 refactor: improve error_message test helper robustness
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Use Enum.reject for nil field case to explicitly filter errors
without field. Update test to use :is_system_role field since
validation error includes field.
 2026-01-06 18:44:04 +01:00
Moritz
ce1d5790a3 refactor: squash migrations into single authorization domain migration 
Combine initial authorization migration with UUIDv7 update into
one migration. Migration now creates roles table with UUIDv7
default and explicit on_delete: :restrict FK constraint.
 2026-01-06 18:37:39 +01:00
Moritz
c6a766377a refactor: improve error_message test helper 
Add pattern matching for nil field case to handle errors
without specific field (e.g., system role deletion).
 2026-01-06 18:37:38 +01:00
Moritz
deacc43030 docs: document FK constraint behavior for role relationship 
Add comment explaining on_delete: :restrict behavior for
users.role_id foreign key constraint.
 2026-01-06 18:37:37 +01:00
Moritz
f63405052f feat: add get_role action to Authorization domain 
Add get_role action for retrieving single role by ID through
code interface.
 2026-01-06 18:37:35 +01:00
Moritz
557eb4d27d refactor: simplify system role deletion validation 
Remove redundant action_type check since validation already
runs only on destroy actions. Add field to error for better
error handling.
 2026-01-06 18:37:34 +01:00
Moritz
9bb0fe5e37 test: add unit tests for Role validations 
Add tests for permission_set_name validation, system role
deletion protection, and name uniqueness constraints.
 2026-01-06 18:14:20 +01:00
Moritz
12c08cabee docs: clean up PermissionSets documentation 
Remove issue number references from moduledoc
 2026-01-06 18:14:19 +01:00
Moritz
402a78dd0a refactor: update migration for UUIDv7 and explicit FK constraint 
- Add on_delete: :restrict to users.role_id foreign key
- Update roles.id to use uuid_generate_v7() default
- Regenerate resource snapshots
 2026-01-06 18:14:18 +01:00
Moritz
82ec4e565a refactor: use UUIDv7 and improve Role validations 
- Change id from uuid_primary_key to uuid_v7_primary_key
- Replace custom validation with built-in one_of validation
- Add explicit on_delete: :restrict for users foreign key
- Update postgres references configuration
 2026-01-06 18:14:16 +01:00
Moritz
b569612a63 feat: add resource snapshots for roles and users
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Add Ash resource snapshots generated during migration creation.
 2026-01-06 17:18:45 +01:00
Moritz
851d63f626 feat: add authorization domain migration 
Create roles table and add role_id to users table with indexes
and foreign key constraints.
 2026-01-06 17:18:34 +01:00
Moritz
90c32c2afd feat: add role relationship to User resource 
Add belongs_to :role relationship to User resource and register
Authorization domain in config.
 2026-01-06 17:18:33 +01:00
Moritz
4535551b8d feat: add Role resource with validations 
Create Role resource with name, description, permission_set_name,
and is_system_role fields. Add validations for permission_set_name
and system role deletion protection.
 2026-01-06 17:18:32 +01:00
Moritz
1b2927ce40 feat: create Authorization domain 
Add Mv.Authorization domain with AshAdmin and AshPhoenix extensions.
Register domain in config for role management.
 2026-01-06 17:18:30 +01:00
Moritz
37d1655227 feat: add PermissionSets stub module for role validation 
Add minimal PermissionSets module with all_permission_sets/0 function
to support permission_set_name validation in Role resource.
 2026-01-06 17:18:29 +01:00