local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

User Resource Policies closes #363 #364

Merged
moritz merged 20 commits from feature/363_user_policies into main 2026-01-22 23:24:38 +01:00
Conversation 0 Commits 20 Files changed 28 +3 -3
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit d114554d52 - Show all commits

6
CODE_GUIDELINES.md
View file

@ -1672,7 +1672,7 @@ end
- Allows CRUD operations without an actor in **test environment only**
- Denies all operations without an actor in **production/dev** (fail-closed)
- Uses both compile-time and runtime guards to prevent accidental production use
- Uses compile-time config check to prevent accidental production use (release-safe)
**Security Guards:**
@ -1720,8 +1720,8 @@ Ash.create!(Member, attrs, actor: system_actor)
**Testing:**
- NoActor tests verify both compile-time and runtime guards
- Tests ensure NoActor returns `false` in non-test environments
- NoActor tests verify the compile-time config guard
- Production safety is guaranteed by config (only set in test.exs, defaults to false)
- See `test/mv/authorization/checks/no_actor_test.exs`
### 5.2 Password Security