Complete Permissions for Groups, Membership Fees, and User Role Assignment closes #404 #405
2 changed files with 1 additions and 9 deletions
|
|
@ -340,7 +340,7 @@ lib/
|
|||
|
||||
- **MembershipFeeType:** All permission sets can read (:all); only admin has create/update/destroy (:all).
|
||||
- **MembershipFeeCycle:** All can read (:all); read_only has read only; normal_user and admin have read + create + update + destroy (:all).
|
||||
- **Manual "Regenerate Cycles" (UI):** The "Regenerate Cycles" button in the member detail view is shown to users who have MembershipFeeCycle create permission (normal_user and admin). Regeneration runs with system actor; UI access is gated by `can_create_cycle`.
|
||||
- **Manual "Regenerate Cycles" (UI + server):** The "Regenerate Cycles" button in the member detail view is shown to users who have MembershipFeeCycle create permission (normal_user and admin). UI access is gated by `can_create_cycle`. The LiveView handler also enforces `can?(:create, MembershipFeeCycle)` server-side before running regeneration (so e.g. a read_only user cannot trigger it via DevTools). Regeneration runs with system actor.
|
||||
|
||||
**Resource Policies:**
|
||||
|
||||
|
|
|
|||
|
|
@ -160,14 +160,6 @@ defmodule Mv.Membership.Setting do
|
|||
Ash.Changeset.get_attribute(changeset, :default_membership_fee_type_id)
|
||||
|
||||
if fee_type_id do
|
||||
# Actor may be in changeset.context (action context) or validation context
|
||||
ctx = changeset.context || %{}
|
||||
|
||||
actor =
|
||||
get_in(ctx, [:private, :actor]) ||
|
||||
Map.get(ctx, :actor) ||
|
||||
(context && Map.get(context, :actor))
|
||||
|
||||
# Check existence only; action is already restricted by policy (e.g. admin).
|
||||
opts = [domain: Mv.MembershipFees, authorize?: false]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue