local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 66 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Apply UI Authorization to Existing LiveViews closes #400 #403

Merged
moritz merged 13 commits from feature/400_ui_authorization into main 2026-02-03 17:30:16 +01:00
Conversation 0 Commits 13 Files changed 12 +488 -59
moritz commented 2026-02-03 16:37:02 +01:00
Owner
Copy link

Description of the implemented changes

The changes were:

  • Bugfixing
  • New Feature
  • Breaking Change
  • Refactoring

What has been changed?

Definition of Done

Code Quality

  • No new technical depths
  • Linting passed
  • Documentation is added were needed

Accessibility

  • New elements are properly defined with html-tags
  • Colour contrast follows WCAG criteria
  • Aria labels are added when needed
  • Everything is accessible by keyboard
  • Tab-Order is comprehensible
  • All interactive elements have a visible focus

Testing

  • Tests for new code are written
  • All tests pass
  • axe-core dev tools show no critical or major issues

Additional Notes

## Description of the implemented changes The changes were: - [ ] Bugfixing - [ ] New Feature - [ ] Breaking Change - [ ] Refactoring <!--- Describe the goal of the PR in a few words --> ## What has been changed? <!--- List the things you changed --> ## Definition of Done ### Code Quality - [ ] No new technical depths - [ ] Linting passed - [ ] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [ ] Tests for new code are written - [ ] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes <!--- Add any additional information for the reviewers here -->
moritz added this to the Accounts & Logins milestone 2026-02-03 16:37:02 +01:00
moritz self-assigned this 2026-02-03 16:37:02 +01:00
moritz added 6 commits 2026-02-03 16:37:03 +01:00 
Gate New Member button, Edit and Delete links with can?/3.
Edit button on Member Show visible only when user can update the member.
Covers read_only, normal_user, admin, own_data for Index and Show.
Asserts New Member / Edit / Delete visibility and redirect for Mitglied.
Gate New User button, Edit and Delete links with can?/3.
Edit button on User Show visible only when user can update the user.
Covers admin, read_only, member, normal_user for Index and Show.
Asserts New User / Edit / Delete visibility and redirect for non-admin.
Members, Fee Types and Administration subitems only shown when user
has page permission. Add admin_menu_visible? helper. Sidebar test
uses admin user so menu items render.
Add sidebar authorization tests
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
ae1605c447 
Assert menu visibility per role: admin, read_only, normal_user,
own_data, nil user, user without role.
moritz modified the milestone from Accounts & Logins to We have different roles and permissions 2026-02-03 16:38:15 +01:00
moritz force-pushed feature/400_ui_authorization from ae1605c447 to 1426ef1d38 2026-02-03 16:58:46 +01:00 Compare
moritz added 7 commits 2026-02-03 17:18:07 +01:00 
Single source for path strings used by Sidebar and can_access_page?.
Keep in sync with router when routes change.
Gate menu items via PagePaths; add data-testid=sidebar-administration
for stable tests. menu_group accepts optional testid attr.
Doc and example for nil user returning false.
Include data-testid in button rest for test selectors.
Table row_id for scoped selectors; data-testid on New/Edit/Delete.
Table row_id for scoped selectors; data-testid on New/Edit/Delete.
Tests: data-testid selectors, scoped delete, sidebar testid
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
cbc9376b7b 
Member/User auth tests use data-testid and #row-id selectors.
Sidebar auth tests assert on data-testid=sidebar-administration.
Sidebar test expects data-testid in expanded-menu-group markup.
moritz changed title from WIP: Apply UI Authorization to Existing LiveViews closes #400 to Apply UI Authorization to Existing LiveViews closes #400 2026-02-03 17:25:35 +01:00
moritz merged commit c2bafe4acf into main 2026-02-03 17:30:16 +01:00
moritz deleted branch feature/400_ui_authorization 2026-02-03 17:30:17 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
high priority

   
invalid

Something is wrong

  
L

5 h

  
low priority

   
M

3 h

  
medium priority

   
needs refinement

   
optional

   
question

More information is needed

  
S

1 h

  
UX research

   
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
optional
question
S
UX research
wontfix
Milestone
Clear milestone
No items
No milestone
We have different roles and permissions
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
moritz
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#403
No description provided.
Delete branch "feature/400_ui_authorization"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?