local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

CustomFieldValue Resource Policies closes #369 #377

Merged
moritz merged 12 commits from feature/369_customfieldvalue_policies into main 2026-01-27 16:07:48 +01:00
Conversation 0 Commits 12 Files changed 9 +632 -27

12 commits

Author SHA1 Message Date
Moritz
bfe9fba2e0 Docs: document bypass read rule for CustomFieldValue pattern
Some checks reported errors
continuous-integration/drone/push Build was killed
Details 
- Bypass action_type(:read) is production-side rule: reading own CFVs
  always allowed, overrides Permission-Sets. Applies to get/list/load.
 2026-01-27 16:07:01 +01:00
Moritz
0219073d33 CFV policies test: system_actor for setup, verify destroy with actor 
- create_linked_member_for_user and create_unlinked_member use actor
  (system_actor) directly instead of creating admin user per call
- Remove create_admin_user helper
- After destroy, verify with Ash.get(..., actor: actor) to avoid
  false positive from Forbidden vs NotFound
 2026-01-27 16:07:01 +01:00
Moritz
4d3a249b0c HasPermission: remove unused _authorizer from strict_check helper 2026-01-27 16:07:01 +01:00
Moritz
3f95a2dd84 CustomFieldValue: remove unused require Ash.Query 2026-01-27 16:07:01 +01:00
Moritz
7153af23ee CustomFieldValueCreateScope: use get_argument_or_attribute for member_id 
- Read member_id via Ash.Changeset.get_argument_or_attribute/2 so it works
  when set as attribute or argument
- Remove unused require Logger
- Document member_id source in moduledoc
 2026-01-27 16:07:01 +01:00
Moritz
9e6c79bf40 chore: remove start-database from test action 2026-01-27 16:07:01 +01:00
Moritz
db95979bf5 Document CustomFieldValue policies and own_data create/destroy in architecture 
Update roles-and-permissions-architecture.md with policy layout and
permission matrix for CustomFieldValue (linked).
 2026-01-27 16:07:01 +01:00
Moritz
4e032ea778 Add CustomFieldValue policy tests (own_data, read_only, normal_user, admin) 
Covers read/update/create/destroy for linked vs unlinked members and CRUD
permissions per permission set.
 2026-01-27 16:07:01 +01:00
Moritz
17831a0948 Pass actor to CustomFieldValue destroy and load in existing tests 
Required after CustomFieldValue gained authorization policies.
 2026-01-27 16:07:01 +01:00
Moritz
bf2d0352c1 Add authorization policies to CustomFieldValue resource 
- Authorizer and policies: bypass for read (member_id == actor.member_id),
  CustomFieldValueCreateScope for create, HasPermission for read/update/destroy.
- HasPermission: pass authorizer into strict_check helper; document that create
  must use a dedicated check (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
c7c6b318ac Add CustomFieldValueCreateScope check for create actions 
Ash cannot apply filters to create; this check enforces :linked/:all scope
via strict_check only (no filter).
 2026-01-27 16:07:01 +01:00
Moritz
8f5f69744c Add CustomFieldValue create/destroy :linked to own_data permission set 
Allows members to create and delete custom field values for their linked member.
 2026-01-27 16:07:01 +01:00