# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Added
- **Roles and Permissions System (RBAC)** - Complete implementation (#345, 2026-01-08)
  - Four hardcoded permission sets: `own_data`, `read_only`, `normal_user`, `admin`
  - Database-backed roles with permission set references
  - Member resource policies with scope filtering (`:own`, `:linked`, `:all`)
  - Authorization checks via `Mv.Authorization.Checks.HasPermission`
  - System role protection (critical roles cannot be deleted)
  - Role management UI at `/admin/roles`
- **Membership Fees System** - Full implementation
  - Membership fee types with intervals (monthly, quarterly, half_yearly, yearly)
  - Individual billing cycles per member with payment status tracking
  - Cycle generation and regeneration
  - Global membership fee settings
  - UI components for fee management
- **Global Settings Management** - Singleton settings resource
  - Club name configuration (with environment variable support)
  - Member field visibility settings
  - Membership fee default settings
- **Sidebar Navigation** - Replaced navbar with standard-compliant sidebar (#260, 2026-01-12)
- **CSV Import Templates** - German and English templates (#329, 2026-01-13)
  - Template files in `priv/static/templates/`
  - CSV specification documented
- User-Member linking with fuzzy search autocomplete (#168)
- PostgreSQL trigram-based member search with typo tolerance
- WCAG 2.1 AA compliant autocomplete dropdown with ARIA support
- Bilingual UI (German/English) for member linking workflow
- **Bulk email copy feature** - Copy email addresses of selected members to clipboard (#230)
  - Email format: "First Last <email>" with semicolon separator (compatible with email clients)
  - CopyToClipboard JavaScript hook with fallback for older browsers
  - Button shows count of visible selected members (respects search/filter)
  - German/English translations
- Docker secrets support via `_FILE` environment variables for all sensitive configuration (SECRET_KEY_BASE, TOKEN_SIGNING_SECRET, OIDC_CLIENT_SECRET, DATABASE_URL, DATABASE_PASSWORD)

### Changed
- **Actor Handling Refactoring** (2026-01-09)
  - Standardized actor access with `current_actor/1` helper function
  - `ash_actor_opts/1` helper for consistent authorization options
  - `submit_form/3` wrapper for form submissions with actor
  - All Ash operations now properly pass `actor` parameter
- **Error Handling Improvements** (2026-01-13)
  - Replaced `Ash.read!` with proper error handling in LiveViews
  - Consistent flash message handling for authorization errors
  - Early return patterns for unauthenticated users

### Fixed
- Email validation false positive when linking user and member with identical emails (#168 Problem #4)
- Relationship data extraction from Ash manage_relationship during validation
- Copy button count now shows only visible selected members when filtering
- Language headers in German `.po` files (corrected from "en" to "de")
- Critical deny-filter bug in authorization system (2026-01-08)
- HasPermission auto_filter and strict_check implementation (2026-01-08)