CustomField Resource Policies closes #386 #387

Merged

moritz merged 6 commits from feature/386_customfield_policy into main 2026-01-29 16:17:12 +01:00

Conversation 0 Commits 6 Files changed 47 +1178 -883

6 commits

Author	SHA1	Message	Date
Moritz	4473cfd372	Tests: use code interface for Member create/update (actor propagation)	2026-01-29 16:10:12 +01:00
Moritz	5a2f035ecc	CustomField policies: actor required, no system-actor fallback, error handling ... - list_required_custom_fields: require actor (two clauses, no default) - Member validation: use context.actor only, differentiate Forbidden vs transient errors - stream_custom_fields: log + send flash on error instead of returning [] - GlobalSettingsLive: handle_info for custom_fields_load_error, put_flash - Seeds: use Membership.update_member with actor, format	2026-01-29 16:10:12 +01:00
Moritz	c9431caabe	Add gettext strings for custom field load error and not authorized	2026-01-29 16:10:12 +01:00
Moritz	9a7622ebed	fix: pass actor to CustomFieldLive.FormComponent for save ... IndexComponent now passes actor to FormComponent; FormComponent uses assigns[:actor] instead of current_actor(socket). Add test that submits new custom field form on settings page.	2026-01-29 16:10:12 +01:00
Moritz	1d17c4f2dd	fix: CustomField policies, no system-actor fallback, guidelines ... - Tests and UI pass actor for CustomField create/read/destroy; seeds use actor - Member required-custom-fields validation uses context.actor only (no fallback) - CODE_GUIDELINES: add rule forbidding system-actor fallbacks	2026-01-29 16:10:12 +01:00
Moritz	36b5d5880b	Add CustomField resource policies and tests ... - Add policies block with HasPermission for read/create/update/destroy - Add authorizers: [Ash.Policy.Authorizer] to CustomField resource - Add custom_field_policies_test.exs (read all roles, write admin only) - Fix CustomField path in roles-and-permissions doc (lib/membership)	2026-01-29 16:10:12 +01:00