# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ## [1.1.0] - 2026-03-13 ### Added - **Browser timezone for datetime display** – Date/time values (e.g. join request submitted at, approved at, rejected at) are shown in the user’s local timezone. - **Registration toggle** – New global setting to disable direct registration (`/register`). When disabled, visitors are redirected to sign-in and the register link is hidden; join form remains available. - **Configurable SMTP in global settings** – SMTP host, port, user, password, and TLS options configurable via Admin → Global Settings. Test-email action to verify delivery. Join confirmation and other transactional emails use this configuration. - **Theme and language selector on unauthenticated pages** – Sign-in and join pages now offer theme (light/dark) and locale (e.g. German/English) controls in the header. - **Duplicate-email handling for join form** – If an applicant’s email is already a member or already has a pending join request, the system sends a clarifying email (already-member or already-pending) and shows the same success message (anti-enumeration). - **Reviewed-by display for join requests** – Approval UI shows who reviewed a request via a dedicated display field, without loading the User record. - **Improved field order and seeds for join request approval** – Approval screen field order improved; seed data updated for join-form and approval flows. - **Tests for SMTP mailer configuration** – Tests for SMTP config and for join confirmation email delivery failure (domain and LiveView). ### Changed - **SMTP settings layout** – SMTP options reordered and grouped in global settings for clearer configuration. - **Join confirmation mail** – Uses configurable SMTP from settings; on delivery failure the join form shows an error and no success message. - **i18n** – Gettext catalogs updated for new and changed strings. ### Fixed - **Login page translation** – Corrected translation/locale handling on the sign-in page. --- ## [1.0.0] and earlier ### Added - **Roles and Permissions System (RBAC)** - Complete implementation (#345, 2026-01-08) - Four hardcoded permission sets: `own_data`, `read_only`, `normal_user`, `admin` - Database-backed roles with permission set references - Member resource policies with scope filtering (`:own`, `:linked`, `:all`) - Authorization checks via `Mv.Authorization.Checks.HasPermission` - System role protection (critical roles cannot be deleted) - Role management UI at `/admin/roles` - **Membership Fees System** - Full implementation - Membership fee types with intervals (monthly, quarterly, half_yearly, yearly) - Individual billing cycles per member with payment status tracking - Cycle generation and regeneration - Global membership fee settings - UI components for fee management - **Global Settings Management** - Singleton settings resource - Club name configuration (with environment variable support) - Member field visibility settings - Membership fee default settings - **Sidebar Navigation** - Replaced navbar with standard-compliant sidebar (#260, 2026-01-12) - **CSV Import Templates** - German and English templates (#329, 2026-01-13) - Template files in `priv/static/templates/` - CSV specification documented - User-Member linking with fuzzy search autocomplete (#168) - PostgreSQL trigram-based member search with typo tolerance - WCAG 2.1 AA compliant autocomplete dropdown with ARIA support - Bilingual UI (German/English) for member linking workflow - **Bulk email copy feature** - Copy email addresses of selected members to clipboard (#230) - Email format: "First Last " with semicolon separator (compatible with email clients) - CopyToClipboard JavaScript hook with fallback for older browsers - Button shows count of visible selected members (respects search/filter) - German/English translations - Docker secrets support via `_FILE` environment variables for all sensitive configuration (SECRET_KEY_BASE, TOKEN_SIGNING_SECRET, OIDC_CLIENT_SECRET, DATABASE_URL, DATABASE_PASSWORD) ### Changed - **Actor Handling Refactoring** (2026-01-09) - Standardized actor access with `current_actor/1` helper function - `ash_actor_opts/1` helper for consistent authorization options - `submit_form/3` wrapper for form submissions with actor - All Ash operations now properly pass `actor` parameter - **Error Handling Improvements** (2026-01-13) - Replaced `Ash.read!` with proper error handling in LiveViews - Consistent flash message handling for authorization errors - Early return patterns for unauthenticated users ### Fixed - Email validation false positive when linking user and member with identical emails (#168 Problem #4) - Relationship data extraction from Ash manage_relationship during validation - Copy button count now shows only visible selected members when filtering - Language headers in German `.po` files (corrected from "en" to "de") - Critical deny-filter bug in authorization system (2026-01-08) - HasPermission auto_filter and strict_check implementation (2026-01-08)