# Feature Roadmap & Implementation Plan **Project:** Mila - Membership Management System **Last Updated:** 2026-03-03 **Status:** Active Development --- This is the living per-area roadmap: shipped state (coarse β€” see `development-progress-log.md` for detail), open issues, and the missing-features backlog. For the actual, current endpoints see `lib/mv_web/router.ex` and `docs/page-permission-route-coverage.md`. --- ## Feature Area Breakdown ### Feature Areas #### 1. **Authentication & Authorization** πŸ” **Current State:** - βœ… OIDC authentication (Rauthy) - βœ… Password-based authentication - βœ… User sessions and tokens - βœ… Basic authentication flows - βœ… **OIDC account linking with password verification** (PR #192, closes #171) - βœ… **Secure OIDC email collision handling** (PR #192) - βœ… **Automatic linking for passwordless users** (PR #192) - βœ… **Page Permission Router Plug** - Page-level authorization (PR #390, closes #388, 2026-01-27) - Route-based permission checking - Automatic redirects for unauthorized access - Integration with permission sets **Closed Issues:** - βœ… [#171](https://git.local-it.org/local-it/mitgliederverwaltung/issues/171) - OIDC handling and linking (closed 2025-11-13) - βœ… [#146](https://git.local-it.org/local-it/mitgliederverwaltung/issues/146) - Translate "or" in the login screen β€” fixed via `MvWeb.AuthOverridesDE` locale-specific module (2026-03-13) - βœ… [#144](https://git.local-it.org/local-it/mitgliederverwaltung/issues/144) - Add language switch dropdown to login screen β€” fixed locale selector bug with `Gettext.get_locale(MvWeb.Gettext)` (2026-03-13) **Open Issues:** (none remaining for Authentication UI) **Current State:** - βœ… **Role-based access control (RBAC)** - Implemented (2026-01-08, PR #346, closes #345) - βœ… **Permission system** - Four hardcoded permission sets (`own_data`, `read_only`, `normal_user`, `admin`) - βœ… **Database-backed roles** - Roles table with permission set references - βœ… **Resource policies** - Member resource policies with scope filtering - βœ… **Page-level authorization** - LiveView page access control - βœ… **System role protection** - Critical roles cannot be deleted **Implemented: OIDC-only mode:** - βœ… Admin Settings: when OIDC-only is enabled, the "Allow direct registration" toggle is disabled with a hint. - βœ… Backend rejects password sign-in and `register_with_password` when OIDC-only is active. - βœ… GET `/sign-in` redirects to OIDC when OIDC-only and OIDC are configured (`MvWeb.Plugs.OidcOnlySignInRedirect`). The `oidc_only` setting and ENV are read via `Mv.Config.oidc_only?/0`. **Missing Features:** - ❌ Password reset flow - ❌ Email verification - ❌ Two-factor authentication (future) **Related Issues:** - βœ… [#345](https://git.local-it.org/local-it/mitgliederverwaltung/issues/345) - Member Resource Policies (closed 2026-01-13) - βœ… [#191](https://git.local-it.org/local-it/mitgliederverwaltung/issues/191) - Implement Roles in Ash (M) - Completed - βœ… [#190](https://git.local-it.org/local-it/mitgliederverwaltung/issues/190) - Implement Permissions in Ash (M) - Completed - βœ… [#151](https://git.local-it.org/local-it/mitgliederverwaltung/issues/151) - Define implementation plan for roles and permissions (M) - Completed - βœ… [#388](https://git.local-it.org/local-it/mitgliederverwaltung/issues/388) - Page Permission Router Plug (closed 2026-01-27) - βœ… [#386](https://git.local-it.org/local-it/mitgliederverwaltung/issues/386) - CustomField Resource Policies (closed 2026-01-27) - βœ… [#369](https://git.local-it.org/local-it/mitgliederverwaltung/issues/369) - CustomFieldValue Resource Policies (closed 2026-01-27) - βœ… [#363](https://git.local-it.org/local-it/mitgliederverwaltung/issues/363) - User Resource Policies (closed 2026-01-27) --- #### 2. **Member Management** πŸ‘₯ **Current State:** - βœ… Member CRUD operations - βœ… Member profile with personal data - βœ… Address management - βœ… Membership status tracking - βœ… Full-text search (PostgreSQL tsvector) - βœ… **Fuzzy search with trigram matching** (PR #187, closes #162) - βœ… **Combined FTS + trigram search** (PR #187) - βœ… **6 GIN trigram indexes** for fuzzy matching (PR #187) - βœ… Sorting by basic fields - βœ… User-Member linking (optional 1:1) - βœ… Email synchronization between User and Member - βœ… **Bulk email copy** - Copy selected members' email addresses to clipboard (Issue #230) - βœ… **Groups** - Organize members into groups (PR #378, #382, #423, closes #371, #372, #374, #375, 2026-01/02) - Many-to-many relationship with groups - Groups management UI (`/groups`) - Filter and sort by groups in member list - Per-group filter in member list: one row per group with All / Yes / No (All/Alle); URL params `group_=in|not_in` - Groups displayed in member overview and detail views - Member search includes group names (search by group name finds members in that group; search_vector + trigger on member_groups) - βœ… **CSV Import** - Import members from CSV files (PR #359, #394, #395, closes #335, #336, #338, 2026-01-27) - Member field import - Custom field value import - Real-time progress tracking - Error reporting **Closed Issues:** - βœ… [#162](https://git.local-it.org/local-it/mitgliederverwaltung/issues/162) - Fuzzy and substring search (closed 2025-11-12) - βœ… [#371](https://git.local-it.org/local-it/mitgliederverwaltung/issues/371) - Add groups resource (closed 2026-01-27) - βœ… [#372](https://git.local-it.org/local-it/mitgliederverwaltung/issues/372) - Groups Admin UI (closed 2026-01-27) - βœ… [#375](https://git.local-it.org/local-it/mitgliederverwaltung/issues/375) - Search Integration (group names in member search) (implemented 2026-02-17) - βœ… [#335](https://git.local-it.org/local-it/mitgliederverwaltung/issues/335) - CSV Import UI (closed 2026-01-27) - βœ… [#336](https://git.local-it.org/local-it/mitgliederverwaltung/issues/336) - Config for import limits (closed 2026-01-27) - βœ… [#338](https://git.local-it.org/local-it/mitgliederverwaltung/issues/338) - Custom field CSV import (closed 2026-01-27) **Open Issues:** - [#169](https://git.local-it.org/local-it/mitgliederverwaltung/issues/169) - Allow combined creation of Users/Members (M, Low priority) - [#168](https://git.local-it.org/local-it/mitgliederverwaltung/issues/168) - Allow user-member association in edit/create views (M, High priority) - [#165](https://git.local-it.org/local-it/mitgliederverwaltung/issues/165) - Pagination for list of members (S, Low priority) - [#160](https://git.local-it.org/local-it/mitgliederverwaltung/issues/160) - Implement clear icon in searchbar (S, Low priority) - [#154](https://git.local-it.org/local-it/mitgliederverwaltung/issues/154) - Concept advanced search (Low priority, needs refinement) **Missing Features:** - ❌ Advanced filters (date ranges, multiple criteria) - ❌ Pagination (currently all members loaded) - ❌ Bulk operations (bulk delete, bulk update) - ❌ Excel import for members - ❌ Member profile photos/avatars - ❌ Member history/audit log - ❌ Duplicate detection --- #### 3. **Custom Fields (CustomFieldValue System)** πŸ”§ **Current State:** - βœ… CustomFieldValue types (string, integer, boolean, date, email) - βœ… CustomFieldValue type management - βœ… Dynamic custom field value assignment to members - βœ… Union type storage (JSONB) - βœ… Default field visibility configuration **Closed Issues:** - [#194](https://git.local-it.org/local-it/mitgliederverwaltung/issues/194) - Custom Fields: Harden implementation (S) - [#197](https://git.local-it.org/local-it/mitgliederverwaltung/issues/197) - Custom Fields: Add option to show custom fields in member overview (M) - [#161](https://git.local-it.org/local-it/mitgliederverwaltung/issues/161) - Remove birthday field from default configuration (S) - Closed 2025-12-02 **Open Issues:** - [#157](https://git.local-it.org/local-it/mitgliederverwaltung/issues/157) - Concept how custom fields are handled (M, High priority) [0/4 tasks] - [#153](https://git.local-it.org/local-it/mitgliederverwaltung/issues/153) - Sorting functionalities for custom fields (M, Low priority) **Missing Features:** - ❌ Field groups/categories - ❌ Conditional fields (show field X if field Y = value) - ❌ Field validation rules (min/max, regex patterns) - ❌ Required custom fields - ❌ Multi-select fields - ❌ File upload fields - ❌ Sorting by custom fields - ❌ Searching by custom fields --- #### 4. **User Management** πŸ‘€ **Current State:** - βœ… User CRUD operations - βœ… User list view - βœ… User profile view - βœ… Admin password setting - βœ… User-Member relationship **Missing Features:** - ❌ User roles assignment UI - ❌ User permissions management - ❌ User activity log - ❌ User invitation system - ❌ User onboarding flow - ❌ Self-service profile editing - ❌ Password change flow --- #### 5. **Navigation & UX** 🧭 **Current State:** - βœ… Basic navigation structure - βœ… Navbar with profile button - βœ… Member list as landing page - βœ… Breadcrumbs (basic) - βœ… **Flash: auto-dismiss and consistency** (Design Guidelines Β§9) - Auto-dismiss implemented via the `FlashAutoDismiss` JS hook (`assets/js/app.js`) driven by the `data-auto-clear-ms` and `data-clear-flash-key` attributes on the flash component (`MvWeb.CoreComponents.flash/1`); the per-flash delay is set through the component's `auto_clear_ms` attribute, and the dismiss button is kept for accessibility. - On timeout the hook pushes LiveView's built-in `lv:clear-flash` event (no custom `handle_event`) and hides the element. - All flashes (including β€œEmail copied”) use the same variants (info, success, warning, error); no special tone. See `DESIGN_GUIDELINES.md` Β§9. - ❌ Per-kind default durations (info/success 4–6s, warning 6–8s, error 8–12s) are not built in β€” the delay is a single explicit `auto_clear_ms` value per flash, not a kind-based default. **Open Issues:** - [#188](https://git.local-it.org/local-it/mitgliederverwaltung/issues/188) - Check if searching just on typing is accessible (S, Low priority) - [#174](https://git.local-it.org/local-it/mitgliederverwaltung/issues/174) - Accessibility - aria-sort in tables (S, Low priority) **Missing Features:** - ❌ Dashboard/Home page - ❌ Quick actions menu - ❌ Recent activity widget - ❌ Keyboard shortcuts - ❌ Mobile navigation - ❌ Context-sensitive help - ❌ Onboarding tooltips --- #### 6. **Internationalization (i18n)** 🌍 **Current State:** - βœ… Gettext integration - βœ… German translations - βœ… English translations - βœ… Translation files for auth, errors, default **Open Issues:** - [#146](https://git.local-it.org/local-it/mitgliederverwaltung/issues/146) - Translate "or" in the login screen (Low) - [#144](https://git.local-it.org/local-it/mitgliederverwaltung/issues/144) - Add language switch dropdown to login screen (Low) **Missing Features:** - ❌ Language switcher UI - ❌ User-specific language preferences - ❌ Date/time localization - ❌ Number formatting (currency, decimals) - ❌ Complete translation coverage - ❌ RTL support (future) --- #### 7. **Payment & Fees Management** πŸ’° **Current State:** - βœ… Basic "paid" boolean field on members - βœ… **Membership Fee Types Management** - Full CRUD implementation - βœ… **Membership Fee Cycles** - Individual billing cycles per member - βœ… **Membership Fee Settings** - Global settings (include_joining_cycle, default_fee_type) - βœ… **Cycle Generation** - Automatic cycle generation for members - βœ… **Payment Status Tracking** - Status per cycle (unpaid, paid, suspended) - βœ… **Member Fee Assignment** - Members can be assigned to fee types - βœ… **Cycle Regeneration** - Regenerate cycles when fee type changes - βœ… **UI Components** - Membership fee status in member list and detail views **Open Issues:** - [#156](https://git.local-it.org/local-it/mitgliederverwaltung/issues/156) - Set up & document testing environment for vereinfacht.digital (L, Low priority) - βœ… [#226](https://git.local-it.org/local-it/mitgliederverwaltung/issues/226) - Payment/Membership Fee Mockup Pages (Preview) - Implemented **Implemented Pages:** - `/membership_fee_types` - Membership Fee Types Management (fully functional) - `/membership_fee_settings` - Global Membership Fee Settings (fully functional) - `/members/:id` - Member detail view with membership fee cycles **Missing Features:** - ❌ Payment records/transactions (external payment tracking) - ❌ Payment reminders - ❌ Invoice generation - βœ… Member–finance-contact sync with vereinfacht.digital API (see `docs/vereinfacht-api.md`); ❌ transaction import / full API integration - ❌ SEPA direct debit support - ❌ Payment reports **Related Milestones:** - Import transactions via vereinfacht API --- #### 8. **Admin Panel & Configuration** βš™οΈ **Current State:** - βœ… AshAdmin integration (basic) - βœ… **Global Settings Management** - `/settings` page (singleton resource) - βœ… **Club/Organization profile** - Club name configuration - βœ… **Member Field Visibility Settings** - Configure which fields show in overview - βœ… **CustomFieldValue type management UI** - Full CRUD for custom fields - βœ… **Role Management UI** - Full CRUD for roles (`/admin/roles`) - βœ… **Membership Fee Settings** - Global fee settings management **Open Issues:** - [#186](https://git.local-it.org/local-it/mitgliederverwaltung/issues/186) - Create Architecture docs in Repo (S, Low priority) **Implemented Features:** - βœ… **SMTP configuration** – Configure mail server via ENV (`SMTP_HOST`, `SMTP_PORT`, `SMTP_USERNAME`, `SMTP_PASSWORD`, `SMTP_PASSWORD_FILE`, `SMTP_SSL`) and Admin Settings (UI), with ENV taking priority. Test email from Settings SMTP section. Production warning when SMTP is not configured. See [`docs/smtp-configuration-concept.md`](smtp-configuration-concept.md). **Missing Features:** - ❌ Email templates configuration - ❌ System health dashboard - ❌ Audit log viewer - ❌ Backup/restore functionality **Related Milestones:** - As Admin I can configure settings globally --- #### 9. **Communication & Notifications** πŸ“§ **Current State:** - βœ… Swoosh mailer integration - βœ… Email confirmation (via AshAuthentication) - βœ… Password reset emails (via AshAuthentication) - βœ… **SMTP configuration** via ENV and Admin Settings (see Admin Panel section) - ⚠️ No member communication features **Missing Features:** - ❌ Email broadcast to members - ❌ Email templates (customizable) - ❌ Email to member groups/filters --- #### 10. **Reporting & Analytics** πŸ“Š **Current State:** - βœ… **Statistics page (MVP)** – `/statistics` with active/inactive member counts, joins/exits by year, cycle totals, open amount (2026-02-10). Backed by `Mv.Statistics` (read-only Ash reads on `Member` + `MembershipFeeCycle`, no new resources); displayed in `MvWeb.StatisticsLive`. Permission: read_only, normal_user, admin (own_data denied). **MVP design decisions:** - Charts are HTML/CSS + SVG only β€” no Contex, no Chart.js (deliberate). - Open amount = total unpaid only; no overdue vs. not-yet-due split in the MVP. - Out of scope (deferred follow-ups): export (CSV/PDF), caching, month/quarter filters, "members per fee type" / "members per group" stats, overdue split, new tables/resources. **Missing Features:** - ❌ Extended member statistics dashboard - ❌ Membership growth charts - ❌ Payment reports - ❌ Custom report builder - ❌ Export to PDF/CSV/Excel - ❌ Scheduled reports - ❌ Data visualization --- #### 11. **Data Import/Export** πŸ“₯πŸ“€ **Current State:** - βœ… Seed data script - βœ… **CSV Import Templates** - German and English templates (#329, 2026-01-13) - Template files in `priv/static/templates/member_import_de.csv` and `member_import_en.csv` - CSV specification documented in `docs/csv-member-import-v1.md` - βœ… **CSV Import Implementation** - Full CSV import feature (#335, #336, #338, 2026-01-27) - Import/Export LiveView (`/import_export`) - Member field import (email, first_name, last_name, etc.) - Custom field value import (all types: string, integer, boolean, date, email) - Real-time progress tracking - Error and warning reporting with line numbers - Configurable limits (max file size, max rows) - Chunked processing (200 rows per chunk) - Admin-only access **Closed Issues:** - βœ… [#335](https://git.local-it.org/local-it/mitgliederverwaltung/issues/335) - CSV Import UI (closed 2026-01-27) - βœ… [#336](https://git.local-it.org/local-it/mitgliederverwaltung/issues/336) - Config for import limits (closed 2026-01-27) - βœ… [#338](https://git.local-it.org/local-it/mitgliederverwaltung/issues/338) - Custom field CSV import (closed 2026-01-27) **Missing Features:** - ❌ Excel import for members - ❌ Import validation preview (before import) - ❌ Bulk data export - ❌ Backup export - ❌ Data migration tools --- #### 12. **Testing & Quality Assurance** πŸ§ͺ **Current State:** - βœ… ExUnit test suite - βœ… Unit tests for resources - βœ… Integration tests for email sync - βœ… LiveView tests - βœ… Component tests - βœ… CI/CD pipeline (Drone) **Missing Features:** - ❌ E2E tests (browser automation) - ❌ Performance testing - ❌ Load testing - ❌ Security penetration testing - ❌ Accessibility testing automation - ❌ Visual regression testing - ❌ Test coverage reporting --- #### 13. **Infrastructure & DevOps** πŸš€ **Current State:** - βœ… Docker Compose for development - βœ… Production Dockerfile - βœ… Drone CI/CD pipeline - βœ… Renovate for dependency updates - βœ… Database seeds split into bootstrap (all envs) and dev-only seeds (20 members, groups; 2026-03-03) - ⚠️ No staging environment **Open Issues:** - [#186](https://git.local-it.org/local-it/mitgliederverwaltung/issues/186) - Create Architecture docs in Repo (S, Low priority) **Missing Features:** - ❌ Staging environment - ❌ Automated deployment - ❌ Database backup automation - ❌ Monitoring and alerting - ❌ Error tracking (Sentry, etc.) - ❌ Log aggregation - ❌ Health checks and uptime monitoring **Related Milestones:** - We have a staging environment - We implement security measures --- #### 14. **Security & Compliance** πŸ”’ **Current State:** - βœ… OIDC authentication - βœ… Password hashing (bcrypt) - βœ… CSRF protection - βœ… SQL injection prevention (Ecto) - βœ… Sobelow security scans - βœ… Dependency auditing **Missing Features:** - ❌ Role-based access control (see #1) - ❌ Audit logging - ❌ GDPR compliance features (data export, deletion) - ❌ Session management (timeout, concurrent sessions) - ❌ Rate limiting - ❌ IP whitelisting/blacklisting - ❌ Security headers configuration - ❌ Data retention policies **Related Milestones:** - We implement security measures --- #### 15. **Accessibility & Usability** β™Ώ **Current State:** - βœ… Semantic HTML - βœ… Basic ARIA labels - ⚠️ Needs comprehensive audit **Open Issues:** - [#188](https://git.local-it.org/local-it/mitgliederverwaltung/issues/188) - Check if searching just on typing is accessible (S, Low priority) - [#174](https://git.local-it.org/local-it/mitgliederverwaltung/issues/174) - Accessibility - aria-sort in tables (S, Low priority) **Missing Features:** - ❌ Comprehensive accessibility audit (WCAG 2.1 Level AA) - ❌ Keyboard navigation improvements - ❌ Screen reader optimization - ❌ High contrast mode - ❌ Font size adjustments - ❌ Focus management - ❌ Skip links - ❌ Error announcements --- ### Feature Area Summary | Feature Area | Current Status | Priority | Complexity | |--------------|----------------|----------|------------| | **Authentication & Authorization** | 60% complete | **High** | Medium | | **Member Management** | 85% complete | **High** | Low-Medium | | **Custom Fields** | 50% complete | **High** | Medium | | **User Management** | 60% complete | Medium | Low | | **Navigation & UX** | 50% complete | Medium | Low | | **Internationalization** | 70% complete | Low | Low | | **Payment & Fees** | 5% complete | **High** | High | | **Admin Panel** | 20% complete | Medium | Medium | | **Communication** | 30% complete | Medium | Medium | | **Reporting** | 0% complete | Medium | Medium-High | | **Import/Export** | 10% complete | Low | Medium | | **Testing & QA** | 60% complete | Medium | Low-Medium | | **Infrastructure** | 70% complete | Medium | Medium | | **Security** | 50% complete | **High** | Medium-High | | **Accessibility** | 40% complete | Medium | Medium | --- ### Open Milestones (From Issues) 1. βœ… **Ich kann einen neuen Kontakt anlegen** (Closed) 2. βœ… **I can search through the list of members - fulltext** (Closed) - #162 implemented (Fuzzy Search), #154 needs refinement 3. πŸ”„ **I can sort the list of members for specific fields** (Open) - Related: #153 4. πŸ”„ **We have a intuitive navigation structure** (Open) 5. πŸ”„ **We have different roles and permissions** (Open) - Related: #191, #190, #151 6. πŸ”„ **As Admin I can configure settings globally** (Open) 7. βœ… **Accounts & Logins** (Partially closed) - #171 implemented (OIDC linking), #169/#168 still open 8. πŸ”„ **I can add custom fields** (Open) - Related: #194, #157, #161 9. πŸ”„ **Import transactions via vereinfacht API** (Open) - Related: #156 10. πŸ”„ **We have a staging environment** (Open) 11. πŸ”„ **We implement security measures** (Open) --- ## Endpoints For the real, current routes and their authorization, see `lib/mv_web/router.ex` and `docs/page-permission-route-coverage.md` (the per-permission-set route matrix). The Ash resource actions are defined on each resource module under `lib/`. An earlier speculative API catalog for not-yet-existing resources (Payment, Invoice, Report, Notification, AuditLog, Organization) was removed β€” those are tracked above as missing features per area, not as endpoint specs. --- **References:** - Open Issues: https://git.local-it.org/local-it/mitgliederverwaltung/issues - Architecture: See [`CODE_GUIDELINES.md`](../CODE_GUIDELINES.md) - Database Schema: See [`database-schema-readme.md`](database-schema-readme.md)