local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Concept for Groups #354

Closed
simon wants to merge 118 commits from feature/concept-groups into main
pull from: feature/concept-groups
merge into: local-it:main
Conversation 2 Commits 118 Files changed 166 +16396 -10033

118 commits

Author SHA1 Message Date
Moritz
2d1ddfa654
Fix missing max_errors assign in GlobalSettingsLive
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Set max_errors as socket assign in mount/3 to make it
available in templates. Fixes KeyError in CSV import UI.
 2026-01-27 10:54:43 +01:00
Moritz
dc1acb815e
Improve CSV import error messages 
Include email address in duplicate email error messages.
Add German translation for email uniqueness errors.
Ensure locale is set for translations in async tasks.
 2026-01-27 10:54:32 +01:00
Moritz
8a5f519099
Fix CSV upload file reading 
Handle consume_uploaded_entries returning [content] directly
instead of [{:ok, content}]. Add locale support for translations
in background tasks.
 2026-01-27 10:30:06 +01:00
Moritz
64952d4ff4
Security: Require actor parameter in CSV import 
Remove fallback to system_actor in process_chunk to prevent
unauthorized access. Actor must now be explicitly provided.
 2026-01-27 10:30:05 +01:00
carla
33dc8307c8
fix tests and linting 2026-01-27 10:30:05 +01:00
carla
f2b363cca5
i18n: add translations 2026-01-27 10:30:05 +01:00
carla
08534539aa
formatting 2026-01-27 10:23:31 +01:00
carla
c914e25483
formatting and refactoring 2026-01-27 10:23:30 +01:00
carla
0acdc82bcc
refactor 2026-01-27 10:23:29 +01:00
carla
dd68d2efbc
refactor 2026-01-27 10:23:29 +01:00
carla
79d0fa0376
fat: adds csv import live view to settings 2026-01-27 10:23:28 +01:00
carla
dae9d039c1
test: adds live view csv import tests 2026-01-27 10:23:28 +01:00
Moritz
793a66639a
Fix: Don't cache nil in default_role_id to prevent bootstrap issues 
- Only cache non-nil role_id values to allow retry after role creation
- Prevents processes from being permanently stuck with nil if first call
  happens before the 'Mitglied' role exists
- Update documentation to explain bootstrap safety mechanism
 2026-01-27 10:23:27 +01:00
Moritz
8e519d643d
Add NOT NULL constraint to users.role_id and optimize default_role_id 
- Add database-level NOT NULL constraint for users.role_id
- Update SystemActor tests to verify NOT NULL constraint enforcement
- Add process dictionary caching for default_role_id/0 to reduce DB queries
 2026-01-27 10:23:27 +01:00
Moritz
047b818ec5
chore: increase test timeout and cleanup unused code 2026-01-27 10:23:26 +01:00
Moritz
93e966bc6b
test: adapt tests for attribute-level default solution 2026-01-27 10:23:26 +01:00
Moritz
f984819508
refactor: remove AssignDefaultRole change module 
The attribute-level default solution makes this change module obsolete.
All role assignment is now handled via the role_id attribute's default
function, which is more robust and works for all creation paths.
 2026-01-27 10:23:26 +01:00
Moritz
e906f22c4d
fix: bind role_name variable before using in Ash.Query.filter 
Avoid macro pinning issues by binding role_data.name to role_name
before using it in the filter query.
 2026-01-27 10:23:25 +01:00
Moritz
35fbfe54da
fix: improve migration to create 'Mitglied' role if missing 
Make migration more robust by creating the 'Mitglied' role if it doesn't
exist, ensuring it works regardless of seed execution order.
 2026-01-27 10:23:25 +01:00
Moritz
5164836d32
feat: implement attribute-level default for role_id assignment 
Replace action-level changes with attribute default function to ensure
all users get the 'Mitglied' role regardless of creation path.
 2026-01-27 10:23:25 +01:00
Moritz
885fe613cb
Add comprehensive tests for default role assignment 2026-01-27 10:23:24 +01:00
Moritz
d77eb4d55e
Add test support for default role assignment 2026-01-27 10:23:24 +01:00
Moritz
cea68638e6
Update seeds to create all 5 authorization roles 2026-01-27 10:23:23 +01:00
Moritz
aaced70b8e
Integrate AssignDefaultRole change into user creation actions 2026-01-27 10:23:23 +01:00
Moritz
4ec90770a4
Add AssignDefaultRole change for automatic role assignment 
- Assigns 'Mitglied' role to new users if no role is set
 2026-01-27 10:23:23 +01:00
Moritz
d320cdf14e
Fix HasPermission check to handle nil member_id gracefully 2026-01-27 10:23:22 +01:00
Moritz
e30be4c228
Add Role helper function and create_role_with_system_flag action 
- Add get_mitglied_role/0 helper to avoid code duplication
- Add create_role_with_system_flag action for seeds/migrations
- Allows setting is_system_role flag (required for 'Mitglied' role)
 2026-01-27 10:23:22 +01:00
Moritz
a7e6136648
Add migration to assign 'Mitglied' role to existing users 2026-01-27 10:23:22 +01:00
Moritz
f426e853de
Remove unused allow_no_actor_bypass config option 2026-01-27 10:23:21 +01:00
Moritz
ee50f312ee
Remove NoActor module, improve Member validation, update docs 2026-01-27 10:23:21 +01:00
Moritz
da0b045771
Fix missing actor parameters and restore AshAuthentication bypass tests 2026-01-27 10:23:20 +01:00
Moritz
31699b7c90
Fix rebase conflict: Add actor parameter to helper functions in index_test.exs 2026-01-27 10:23:20 +01:00
Moritz
2d7461e36f
Use admin_user instead of system_actor in LiveView tests 2026-01-27 10:23:19 +01:00
Moritz
d807577822
Fix test db connections: increase pool size and timeout 2026-01-27 10:23:19 +01:00
Moritz
aedd29c118
Fix tests: Remove redundant system_actor and update test descriptions 2026-01-27 10:23:18 +01:00
Moritz
0e6b464e0a
Fix tests: Add missing actor parameters to Ash operations 2026-01-27 10:23:18 +01:00
Moritz
f993c64c42
Fix test helpers: Use actor parameter correctly 2026-01-27 10:23:18 +01:00
Moritz
875abc693b
Fix tests: Remove duplicate actor keyword arguments 2026-01-27 10:23:17 +01:00
Moritz
ba5c982368
Use authorize?: false for integrity checks in validations 2026-01-27 10:23:17 +01:00
Moritz
b387897adb
Update documentation: Remove NoActor bypass references 2026-01-27 10:23:17 +01:00
Moritz
c715a45277
Add actor parameter to all tests requiring authorization 
This commit adds actor: system_actor to all Ash operations in tests that
require authorization.
 2026-01-27 10:23:16 +01:00
Moritz
0cedbe52f9
Add authorize?: false to SystemActor bootstrap operations 
- Role lookup and creation (find_admin_role, create_admin_role)
- System user creation and role assignment
- Role loading during initialization
 2026-01-27 10:23:16 +01:00
Moritz
73dc05c6d4
Remove NoActor bypass from User and Member policies 
This removes the NoActor bypass that was masking authorization bugs in tests.
All operations now require an explicit actor for authorization.
 2026-01-27 10:23:15 +01:00
Simon
36edee6fcc
Fix: Ensure members are loaded in handle_params when signature unchanged 2026-01-27 10:23:15 +01:00
Moritz
8f7f0de822
docs: add authorization bootstrap patterns section 
Document the three authorization bypass mechanisms and when to use each:
- NoActor (test-only bypass)
- system_actor (systemic operations)
- authorize?: false (bootstrap scenarios)
 2026-01-27 10:23:14 +01:00
Moritz
21d8d65492
Fix OIDC account linking by using SystemActor in LinkOidcAccountLive 
- Add SystemActor to all Ash operations in LinkOidcAccountLive
- Enables user lookup, reload, and oidc_id linking during OIDC flow
- User is not yet logged in during linking, so SystemActor provides authorization
 2026-01-27 10:23:14 +01:00
Moritz
fe07a4e955
Fix OIDC login by using SystemActor in OidcEmailCollision validation 
- Add SystemActor to Ash.read_one() calls in OidcEmailCollision validation
- Prevents authorization failures during OIDC registration when no actor is logged in
- Enables proper email collision detection and account linking flow
 2026-01-27 10:23:14 +01:00
Moritz
3051ac9e38
Fix authorization bypass in seeds and validations 
- Add authorize?: false to all bootstrap operations in seeds.exs
- Fix user-linking validation to respect authorize? context flag
- Prevents authorization errors during initial setup when no actor exists yet
 2026-01-27 10:23:13 +01:00
Moritz
ef4df57a6f
Restrict Actor.ensure_loaded to Mv.Accounts.User only 
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
 2026-01-27 10:23:13 +01:00
Moritz
726f164b28
Fix remaining runtime guard references in CODE_GUIDELINES 
Remove mentions of runtime guards - only compile-time config is used.
Clarify that production safety comes from config defaults.
 2026-01-27 10:23:12 +01:00
Moritz
921cc22c09
Update CODE_GUIDELINES for Application.compile_env pattern 
Replace Mix.env example with config-based approach.
Remove outdated runtime guard documentation.
 2026-01-27 10:23:12 +01:00
Moritz
e6b22cff16
Remove skipped get_by_subject test, add explanation 
Test removed - JWT flow tested via AshAuthentication integration.
Direct test would require JWT mocking without value.
 2026-01-27 10:23:11 +01:00
Moritz
3d753c5460
Add authorize?: false to Actor.ensure_loaded 
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
 2026-01-27 10:23:11 +01:00
Moritz
69836978be
Remove unused PolicyHelpers macro and PolicyConsistency test 
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
 2026-01-27 10:23:10 +01:00
Moritz
213521ecf6
Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-27 10:23:10 +01:00
Moritz
ab0407abb1
Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-27 10:23:09 +01:00
Moritz
370e5af568
Update documentation for User credentials strategy 
Clarify that User.update :own is handled by HasPermission.
Fix file path references from lib/mv/accounts to lib/accounts.
 2026-01-27 10:23:09 +01:00
Moritz
d0c1996d6e
Add policy consistency tests 
Enforce User.update :own across all permission sets.
Verify READ bypass + UPDATE HasPermission pattern.
 2026-01-27 10:23:09 +01:00
Moritz
0d2c8e0905
Add PolicyHelpers macro for standard user policies 
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
 2026-01-27 10:23:08 +01:00
Moritz
28526deb9c
Replace for comprehension with explicit describe blocks 
Fix Credo parsing error by removing for comprehension.
Duplicate tests for own_data, read_only, normal_user sets.
 2026-01-27 10:23:08 +01:00
Moritz
3852c93ac9
Centralize role preloading in global LiveView on_mount 
Add ensure_user_role_loaded to global live_view quote block.
Remove redundant on_mount calls from individual LiveViews.
 2026-01-27 10:23:08 +01:00
Moritz
fb5f4990b8
Shorten User policy comments to state what only 
Move why explanations to documentation files.
Keep policy comments concise and focused.
 2026-01-27 10:23:07 +01:00
Moritz
87e7310cea
Clarify User.update :own in permission sets 
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
 2026-01-27 10:23:07 +01:00
Moritz
7eb7149e18
Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-27 10:23:07 +01:00
Moritz
298a13c2e4
Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-27 10:23:06 +01:00
Moritz
cbc85f8bb8
docs(auth): document User policies and bypass pattern 
Add bypass vs HasPermission pattern documentation
Update architecture and implementation plan docs
 2026-01-27 10:23:06 +01:00
Moritz
3ad0db0b2f
test(auth): add User policies test suite 
31 tests covering all 4 permission sets and bypass scenarios
Update HasPermission tests to expect false for scope :own without record
 2026-01-27 10:23:06 +01:00
Moritz
de187190e4
feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-27 10:23:05 +01:00
Moritz
d9f5579350
Move require Logger to module level 
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
 2026-01-27 10:23:05 +01:00
Moritz
d893c0680a
Update gettext translations for new UI strings 2026-01-27 10:23:05 +01:00
Moritz
214b84b9b3
Add admin authorization check for regenerate cycles button 
Restrict UI access to cycle regeneration to administrators only
to prevent policy bypass via user interface
 2026-01-27 10:14:06 +01:00
Moritz
15bf76ab25
Make system actor email configurable via SYSTEM_ACTOR_EMAIL 
Allow system user email to be configured via environment variable
with fallback to default 'system@mila.local'
 2026-01-27 10:14:06 +01:00
Moritz
ce292b431c
Add logging for fail-open email uniqueness validations 
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
 2026-01-27 10:14:05 +01:00
Moritz
fa3c34450d
Use SystemActor opts for cycle deletion operations 
Pass actor_opts to delete_cycles/1 to ensure proper authorization
when MembershipFeeCycle policies are enforced
 2026-01-27 10:14:05 +01:00
Moritz
4537b86a09
Replace Mix.env() with Config.sql_sandbox?() in SystemActor 
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
 2026-01-27 10:14:05 +01:00
Moritz
38ae25e0e3
Refactor test setup into helper functions 
Extract setup code into reusable helper functions to reduce
duplication and improve maintainability.
 2026-01-27 10:14:05 +01:00
Moritz
c86aa4ea9c
Add @spec type annotations to SystemActor functions 
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
 2026-01-27 10:14:04 +01:00
Moritz
8eb05c8a6a
Document System Actor pattern in code guidelines 
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
 2026-01-27 10:14:04 +01:00
Moritz
481e82d541
Add tests for System Actor helper 
Test system actor retrieval, caching, fallback behavior,
and auto-creation in test environment.
 2026-01-27 10:14:04 +01:00
Moritz
cf9e6e91fd
Use system actor for cycle generation 
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
 2026-01-27 10:14:03 +01:00
Moritz
564e35f65e
Use system actor for email uniqueness validation 
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
 2026-01-27 10:14:03 +01:00
Moritz
8f06442de9
Use system actor for email synchronization 
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
 2026-01-27 10:14:03 +01:00
Moritz
ffe5faa999
Create system user in seeds 
Add system@mila.local user with admin role for systemic operations.
This user is used by SystemActor helper for mandatory side effects.
 2026-01-27 10:14:02 +01:00
Moritz
52a482c0e2
Add System Actor helper for systemic operations 
Introduce Mv.Helpers.SystemActor module with lazy loading
for operations that must always run regardless of user permissions.
System actor has admin role and auto-creates in test environment.
 2026-01-27 10:14:02 +01:00
Simon
41d680f994
fix: failing test 2026-01-27 10:14:02 +01:00
Simon
0016c43c34
feat: improve filter performance by reducing Ash.read! calls 2026-01-27 10:14:01 +01:00
Simon
0d244a4860
fix: resolve pr remarks 2026-01-27 10:14:01 +01:00
Simon
be29b46874
fix: credo warning 2026-01-27 10:14:00 +01:00
Simon
2dd5ef9926
test: add more filter component tests 2026-01-27 10:13:59 +01:00
Simon
ca1300f46a
feat: add new filter component to members view 2026-01-27 10:13:59 +01:00
Simon
7171e21a10
feat: load boolean custom fields 2026-01-27 10:13:59 +01:00
Simon
7f4c22d072
refactor: fix credo issues 2026-01-27 10:13:58 +01:00
Moritz
37c9da54d7
chore: rm todo list 2026-01-27 10:13:58 +01:00
Moritz
d296418c8e
test: Remove outdated TODO for auto-assignment feature 
Auto-assignment of default membership fee type is already implemented
via SetDefaultMembershipFeeType change. Test assertion is now active.
 2026-01-27 10:13:57 +01:00
Moritz
230fb695d1
i18n: Add missing German translations for member form errors 
- Add translations for validation error messages
- Add translations for save failure messages
 2026-01-27 10:13:57 +01:00
Moritz
bed2df2d21
chore: update gettext 2026-01-27 10:13:57 +01:00
Moritz
4e48ace2d4
refactor: Reduce function complexity and nesting depth 
- Extract helper functions from process_chunk to reduce nesting
- Extract format_error_message from extract_changeset_error
- Split extract_error_message into smaller functions to reduce complexity
- Fixes Credo refactoring opportunities
 2026-01-27 10:13:56 +01:00
Moritz
c137ee6221
refactor: Replace length/1 with empty list comparison 
Replace expensive length/1 calls with direct list comparison
to fix Credo warnings about performance
 2026-01-27 10:13:56 +01:00
Moritz
a72896095a
test: Add tests for UserLive.Show and RoleLive.Show 
- Add comprehensive tests for UserLive.Show
- Add comprehensive tests for RoleLive.Show
- Cover mount, display, navigation, and error handling
 2026-01-27 10:13:55 +01:00
Moritz
4154296b54
refactor: Remove deprecated LiveViews 
- Remove CustomFieldValueLive (Index, Form, Show)
- Remove ContributionTypeLive.Index
- Remove ContributionPeriodLive.Show
- Remove corresponding routes from router
- Remove references in CustomFieldValueLive.Index
 2026-01-27 10:13:55 +01:00
Moritz
d72bb8869f
docs: Update domain Public API documentation 2026-01-27 10:13:55 +01:00
Moritz
926974e2da
chore: update docs 2026-01-27 10:13:54 +01:00
Moritz
a56895cbba
chore: update docs 2026-01-27 10:13:54 +01:00
Simon
da9ec06e8e
feat: implement filter logic for boolean ustom fields 2026-01-27 10:13:53 +01:00
Simon
b701b84260
test: add tdd tests for custom boolean field filter logic 2026-01-27 10:13:53 +01:00
Simon
0519433644
feat: add custom boolean field state & URL-Parameter 2026-01-27 10:13:53 +01:00
Simon
f052b25213
test: add tdd tests for backend state management of boolean custom filters 2026-01-27 10:13:53 +01:00
Simon
d8ab9a1015
fix: linting + tests 2026-01-27 10:13:52 +01:00
Simon
a161393ea1
fix: change creation of admin user 2026-01-27 10:13:51 +01:00
Simon
3aa1aee11e
fix: add error message to form 2026-01-27 10:13:51 +01:00
carla
22593af621
refactor: change length for performance 2026-01-27 10:13:51 +01:00
carla
3b5225893d
docs: update implementation plan 2026-01-27 10:13:51 +01:00
carla
6c840e73d1
formatting 2026-01-27 10:13:51 +01:00
carla
257739d273
feat: adds error capping 2026-01-27 10:13:50 +01:00
simon
68baf71119 Merge branch 'main' into feature/concept-groups 2026-01-19 12:00:03 +01:00
Simon
1c7c56130d
docs: update group concept 2026-01-19 11:53:14 +01:00
Simon
1d1f3b16b1
docs: update group concept 2026-01-16 18:10:48 +01:00
Simon
af62dbac03
docs: add concept for groups 2026-01-16 14:55:30 +01:00